An ECC private key is described by this S-expression:
(private-key (ecc (p p-mpi) (a a-mpi) (b b-mpi) (g g-point) (n n-mpi) (q q-point) (d d-mpi)))
Prime specifying the field GF(p).
The two coefficients of the Weierstrass equation y^2 = x^3 + ax + b
Base point g.
Order of g
The point representing the public key Q = dG.
The private key d
All point values are encoded in standard format; Libgcrypt does in
general only support uncompressed points, thus the first byte needs to
0x04. However “EdDSA” describes its own compression
scheme which is used by default; the non-standard first byte
0x40 may optionally be used to explicit flag the use of the
algorithmâs native compression method.
The public key is similar with "private-key" replaced by "public-key" and no d-mpi.
If the domain parameters are well-known, the name of this curve may be used. For example
(private-key (ecc (curve "NIST P-192") (q q-point) (d d-mpi)))
Note that q-point is optional for a private key. The
curve parameter may be given in any case and is used to replace
Currently implemented curves are:
The NIST 192 bit curve, its OID, X9.62 and SECP aliases.
The NIST 224 bit curve and its SECP alias.
The NIST 256 bit curve, its OID, X9.62 and SECP aliases.
The NIST 384 bit curve and its SECP alias.
The NIST 521 bit curve and its SECP alias.
As usual the OIDs may optionally be prefixed with the string