sonder-joker
commented
2 years ago I have read rust version implementation, seem not support?
Closed sonder-joker closed 2 years ago
sonder-joker
commented
2 years ago I have read rust version implementation, seem not support?
jedisct1
commented
2 years ago The uncompressed form is most common for these curves.
But maybe we should support both. How would you suggest doing so? Define new PKCS8Compresed and PEMCompressed values for the encoding?
sonder-joker
commented
2 years ago The uncompressed form is most common for these curves.
But maybe we should support both. How would you suggest doing so? Define new
PKCS8CompresedandPEMCompressedvalues for the encoding?
I'm not sure. But from my view, it's a good choice to support both encodings - add them in public key encoding. Openssl command line have such features. Offtopic, secret key encoding seem to contain two unnecessary encodings: sec and compressed sec. I found they are just use for public key?
tarcieri
commented
2 years ago PKCS#8 is a standard for private key storage. ECC private keys are scalars, not curve points, and thus there is no compressed/uncompressed distinction there.
For public keys, there are two (well really three) forms: SEC1-encoded public keys and X.509 SPKI (I believe there's a third SEC1 DER public key encoding which isn't currently supported) .
See here for the relevant info on SPKI:
The built-in SPKI decoder always used an uncompressed curve point. The sec1::EncodePoint takes a trait, however:
https://docs.rs/elliptic-curve/latest/elliptic_curve/sec1/trait.ToEncodedPoint.html
So far there haven't been any requests for SPKI with compressed points, nor have I seen it in the wild. Generally anyone concerned with the extra overhead is using the raw SEC1 encoding instead. But the SPKI encoding is just a wrapper around the SEC1 encoding anyway, and it wouldn't be too difficult to add a method that accepted a boolean toggle for point compression.
jedisct1
commented
2 years ago Right, SEC-1, PKCS8 and PEM have just one form for secret keys. So, let's remove $compressed_sec from $secretkey_encoding.
And add $pkcs8_compressed and $pem_compressed to $publickey_encoding. For RSA, these can be equivalent to their non-compressed versions.
It say p256 and secp256k1 need pem/pkcs8 form. But which version public key shuold be used to export pem/pkcs8? compressed or uncompressed? or not support?