Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

A problem I have run into with x25519 and ed25519 is that in Nacl, both use different public key 'formats'. While they are the same curve, you cannot use an x25519 for signing (ed25519 only) and you cannot use an ed25519 for encryption. PGP allows binding encryption and signing keys together in a profile. So far I have not been able to 'bind' an ed25519/x25519 key in a similar configuration.


It is not recommended to use any keys for more than one purpose any more, this can allow attacks. So this is by design.


Right, but how does one bind the keys if they do not mutually support encryption or signing


PGP never uses the same key for both either. A PGP "key" is a signing key and a decryption key bundled together and then signed by the signing key.


It's not by design. There are stuff like decaf, ristretto and qDSA which "fix" this


How hard is it to cat two keys together in a profile?


binding needs more than a simple cat. You want to wrap them together somehow


My point is that you need to roll your own cryptosystem, whereas PGP, for all its flaws, is a working, IND-CCA2 secure cryptosystem (provided you use the correct primitives). This whole blog is justification for removing PGP from Golang stdlib. I dont agree with Valsorda deprecating this.


Its never been part of the stdlib, its part of x/crypto. They also aren't going to remove it, just deprecate it.


My mistake, i thought x/crypto was part of the stdlib.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: