Monday, July 6, 2015

EC persona trickery

EC persona support has been added to opmsg.

The benefit is that generation of EC personas may be done
within milli seconds. So the threshold of throwing away
personas or to generate new ones for each contact has
almost lowered to zero. It all works transparently to
the user who just needs to use --newecp instead of --newp
when creating a new persona. Instead of DH Kex, opmsg
transparently uses ECDH Kex in that case. As all group
parameters are within the pubkey blob, this does not require
for DH parameters such as in the RSA case.

For the ECC algos, the Brainpool curves are used which
are standartized by RFC 5639 which explain how the group
parameters were selected, unlike for the potentially
backdoored NIST curves.