You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I think since bouncycastle version 1.74 there is a bug concerning the curve25519 support.
With bouncy castle version 1.73 the following code works:
import java.security.Security;
import java.security.KeyFactory;
import java.security.interfaces.ECPrivateKey;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.crypto.ec.CustomNamedCurves;
import org.bouncycastle.asn1.x9.X9ECParameters;
import org.bouncycastle.jce.spec.ECParameterSpec;
import org.bouncycastle.jce.spec.ECPrivateKeySpec;
import org.bouncycastle.util.encoders.Hex;
import java.math.BigInteger;
public final class Test {
@Test
public void demo() throws InvalidKeySpecException, NoSuchAlgorithmException,
NoSuchProviderException {
Security.addProvider(new BouncyCastleProvider());
KeyFactory kf = KeyFactory.getInstance("EC", "BC");
X9ECParameters params = CustomNamedCurves.getByName("curve25519");
ECParameterSpec spec = new ECParameterSpec(params.getCurve(), params.getG(),
params.getN(), params.getH());
byte[] s = Hex.decode(
"36704190D0033DB4ABF4E5A10E692C08D4CC0FEA67EF0AAA63E0BEF440A8F0C5");
ECPrivateKey targetPrivateKey = (ECPrivateKey) kf
.generatePrivate(new ECPrivateKeySpec(new BigInteger(s), spec));
}
}
Since version 1.74, the code above fails with:
java.lang.IllegalArgumentException: Scalar is not in the interval [1, n - 1]
However, I do think that like for other 256 bit ec curves, every 32 bytes value should be a valid private key; or is my understanding of curve25519 incorrect and bouncy castle now behaves proper?
Thank you!
The text was updated successfully, but these errors were encountered:
Hello,
I think since bouncycastle version 1.74 there is a bug concerning the curve25519 support.
With bouncy castle version 1.73 the following code works:
Since version 1.74, the code above fails with:
However, I do think that like for other 256 bit ec curves, every 32 bytes value should be a valid private key; or is my understanding of curve25519 incorrect and bouncy castle now behaves proper?
Thank you!
The text was updated successfully, but these errors were encountered: