From f23fc367e6aded2d2aaea37583695ab7c8ddd878 Mon Sep 17 00:00:00 2001 From: Paul Schaub Date: Tue, 21 May 2024 15:02:47 +0200 Subject: [PATCH] Document reversed MPI encoding / little-endian native encoding --- pg/src/main/java/org/bouncycastle/bcpg/ECSecretBCPGKey.java | 5 +++++ .../main/java/org/bouncycastle/bcpg/X25519SecretBCPGKey.java | 2 ++ 2 files changed, 7 insertions(+) diff --git a/pg/src/main/java/org/bouncycastle/bcpg/ECSecretBCPGKey.java b/pg/src/main/java/org/bouncycastle/bcpg/ECSecretBCPGKey.java index dd70dab1d7..a5b498f985 100644 --- a/pg/src/main/java/org/bouncycastle/bcpg/ECSecretBCPGKey.java +++ b/pg/src/main/java/org/bouncycastle/bcpg/ECSecretBCPGKey.java @@ -8,6 +8,9 @@ * This type is for use with {@link PublicKeyAlgorithmTags#ECDH} or {@link PublicKeyAlgorithmTags#ECDSA}. * The specific curve is identified by providing an OID. * Regarding X25519, X448, consider the following: + * ECDH keys using curve448 are unspecified. + * ECDH secret keys using curve25519 use big-endian MPI encoding, contrary to {@link X25519SecretBCPGKey} which uses + * native encoding. * Modern implementations use dedicated key types {@link X25519SecretBCPGKey}, {@link X448SecretBCPGKey} along with * dedicated algorithm tags {@link PublicKeyAlgorithmTags#X25519}, {@link PublicKeyAlgorithmTags#X448}. * If you want to be compatible with legacy applications however, you should use this class instead. @@ -17,6 +20,8 @@ * Crypto-Refresh - Algorithm-Specific Parts for ECDH Keys * @see * Crypto-Refresh - Algorithm-Specific Parts for ECDSA Keys + * @see + * Crypto-Refresh - Curve25519Legacy ECDH Secret Key Material (deprecated) */ public class ECSecretBCPGKey extends BCPGObject diff --git a/pg/src/main/java/org/bouncycastle/bcpg/X25519SecretBCPGKey.java b/pg/src/main/java/org/bouncycastle/bcpg/X25519SecretBCPGKey.java index c023d7abbc..0840663fb1 100644 --- a/pg/src/main/java/org/bouncycastle/bcpg/X25519SecretBCPGKey.java +++ b/pg/src/main/java/org/bouncycastle/bcpg/X25519SecretBCPGKey.java @@ -8,6 +8,8 @@ * Note however, that legacy implementations might not understand this key type yet. * For a key type compatible with legacy v4 implementations, see {@link ECDHPublicBCPGKey} with * {@link PublicKeyAlgorithmTags#ECDH}. + * Note: Contrary to {@link ECSecretBCPGKey} using {@link PublicKeyAlgorithmTags#ECDH}, which uses big-endian + * MPI encoding to encode the secret key material, {@link X25519SecretBCPGKey} uses native little-endian encoding. * * @see * Crypto-Refresh - Algorithm-Specific Part for X25519 Keys