ronaldtse
commented
7 years ago Thanks @randombit , let me merge this first and will clarify some points in a next PR. Great find on KDF2 -- it is indeed what you mentioned even though the last step looked different.
We don't have any variable length encoding after SM2 keys currently, format is instead identical to ECDSA. The main point of that seems to be to describe which hash to use for signatures/encryption. But that already exists as the "Preferred Hash Algorithms" list on the key, so I don't see why we'd need to repeat it as part of the key itself.
I changed RNP to include a hash id in the ciphertext in https://github.com/riboseinc/rnp/pull/446 instead of hardcoding SM3 there.