First I created an Alice ECDH key on my Nitrokey Start based on NIST P256.
----BEGIN PUBLIC KEY-----
MFEwCwYHKoZIzj0CAQUAA0IABN3b/Y2xmcD8DGu3no5/FdQlRKRv/3WDo3bnHxt2
guxWAvjY9ugrvdJe2RyDpuizcPvCb83UjuoXfetYXjodkL0=
-----END PUBLIC KEY-----
Bob computed a random value 0x3E50B1DCCF6A7BF43BD02FA8019753D5B62BDE85DDEDF16ABC28F308EDF15384
Perhaps Nitrokey Start’s implementation is a bit different than described in OpenPGP v3.4 standard (I would guess it was written after initial v3.0/v3.1). I am not aware of any direct differences, but each device has its own driver in GnuPG/OpenSC implementation, where they could be investigated.
You could try to look into another OpenPGP v3.4 implementation, like:
I haven’t resolved the problem yet, but I believe i should be able to do it with your previous answers.
Regarding point 5 : I see that the return is really the point on the curve. So I have correctly set the command.
So in order to retrieve the share secret, I should only consider the r.x response for my result. Unfortunately, it isn’t equal to my Bob random, then I need to dig a little bit more.
I thought that my “Bob computation” was ok, but I will check again.
Regarding point 2 : Could you check the fixture, because AFAIU it only covers RSA decryption.
And very cosmetic point, I was not aware of Freshen, but since it is no more maintained I understand why. Have you already considered Aloe ? I moved from Lettuce to Aloe without noticeable troubles and you can export your results to xunit format.
Aren’t you stuck with python 2.x with freshen ?
Obviously everything is fine, and I should go back to my studies
It’s obvious that I won’t receive Bob random value !! That’s the Bob’s private key !!
Well in this example, I forgot to compute the Bob’s result using the Alice’s public key.
And obviously I get the same point
Bob secret point : X: 0xa27b2ede431c7f6678a873936615049f28ece6f85eb6875ddc909cd242cc0c71
Y: 0x7e36d16abc01b4cea40455021ed3d9137ae4c1e78823835ac9f374b424c1aec1
Afterward, I just have to get the Rx part to enter my favorites hash function and kdf.
We can obviously close this ticket, and I just have to found the nearest mouse hole.