Merge pull request #331 from fmoessbauer/master

document scalar clamping of curve25519 keys
2026-06-12 07:25:03 -04:00 · 2024-11-09 20:25:38 -05:00
parent 6138d9f8c8 79c5638e10
commit 443c7fcd48
1 changed files with 2 additions and 0 deletions
--- a/src/core/utils/x25519.ts
+++ b/src/core/utils/x25519.ts
@@ -3,6 +3,8 @@ import { x25519 } from "@noble/curves/ed25519";
 export function getX25519PrivateKey(): Uint8Array {
  const key = x25519.utils.randomPrivateKey();

+  // scalar clamping for curve25519, according to
+  // https://www.rfc-editor.org/rfc/rfc7748#section-5
  key[0] &= 248;
  key[31] &= 127;
  key[31] |= 64;