Previous: DSA key parameters, Up: Used S-expressions [Contents][Index]

An ECC private key is described by this S-expression:

(private-key (ecc (pp-mpi) (aa-mpi) (bb-mpi) (gg-point) (nn-mpi) (qq-point) (dd-mpi)))

`p-mpi`Prime specifying the field

*GF(p)*.`a-mpi``b-mpi`The two coefficients of the Weierstrass equation

*y^2 = x^3 + ax + b*`g-point`Base point

*g*.`n-mpi`Order of

*g*`q-point`The point representing the public key

*Q = dG*.`d-mpi`The private key

*d*

All point values are encoded in standard format; Libgcrypt does in
general only support uncompressed points, thus the first byte needs to
be `0x04`

. However “EdDSA” describes its own compression
scheme which is used by default; the non-standard first byte
`0x40`

may optionally be used to explicit flag the use of the
algorithmâs native compression method.

The public key is similar with "private-key" replaced by "public-key"
and no `d-mpi`.

If the domain parameters are well-known, the name of this curve may be used. For example

(private-key (ecc (curve "NIST P-192") (qq-point) (dd-mpi)))

Note that `q-point` is optional for a private key. The
`curve`

parameter may be given in any case and is used to replace
missing parameters.

Currently implemented curves are:

`NIST P-192`

`1.2.840.10045.3.1.1`

`prime192v1`

`secp192r1`

The NIST 192 bit curve, its OID, X9.62 and SECP aliases.

`NIST P-224`

`secp224r1`

The NIST 224 bit curve and its SECP alias.

`NIST P-256`

`1.2.840.10045.3.1.7`

`prime256v1`

`secp256r1`

The NIST 256 bit curve, its OID, X9.62 and SECP aliases.

`NIST P-384`

`secp384r1`

The NIST 384 bit curve and its SECP alias.

`NIST P-521`

`secp521r1`

The NIST 521 bit curve and its SECP alias.

As usual the OIDs may optionally be prefixed with the string `OID.`

or `oid.`

.

Previous: DSA key parameters, Up: Used S-expressions [Contents][Index]