Closed wussler closed 7 months ago
@fluppe2
Option 2 will trigger some changes in implementations as it would change the specification of the secret key material packet.
This would probably make it less OpenPGP-like but definitely makes it easy to verify the keys against KOpenpgp attacks
Personally, I prefer option 1) since it seems like the "obvious approach". For 2) I feel like we need some justification. IMO KOpenpgp attacks should be mitigated on a different level: use authenticated encryption (which is introduced in the Crypto Refresh).
The
eccPublicKey
parameter is also used into the KDF, therefore required for the decaps