On 09/04/2026 18:23, Niels Möller wrote:
Ron Frederick ronf@timeheart.net writes:
When generating a new keypair, I think you’ll want the API to return both the private key and public key.
Agreed, and that's how key generation in Nettle works generally (with some exceptions, e.g., for ed25519 where private key is an arbitrary random octet string without any structure, there's only a function to compute corresponding public key).
In this case, what's a bit weird is that the private key includes a literal copy of the public key. And it's not so nice to force applications to allocate space for it twice.
Perhapse on generation, do not require the public key to be allocated, and set it to reference the copy inside the private key on return.
Or is there are security issue with the private key being discoverable from that public key pointer?
/2c AYJ