I am designing a general purpose software security module.

One of my requirements is to "describe" a stored key, including a "check" value. The purpose of this "check" value is not attestation but simply to be a quick, key type agnostic, way of testing if two keys are (not) the same. I am free to specify this "check" value, as long as it is a stable value, always the same value for the same key.

For, say, AES or RSA keys, I have designed the "check" value to be some bytes of the resulting of encrypting a predefined block, as it seems to be customary. For EC keys, because standard ECDSA is nondeterministic, I am evaluating either using nonstandard deterministic ECDSA or ECDH.

For the ECDH case, I am considering desiging the "check" value to be some bytes of the resulting secret of doing ECDH against the public key for private key 1. I am assuming that ECDH assures no bit of the private key would leak from doing this.

Are my assumptions correct? am I missing something?

I am designing a general purpose software security module.

One of my requirements is to "describe" a stored key, including a "check" value. The purpose of this "check" value is not attestation but simply to be a quick, key type agnostic, way of testing if two keys are (not) the same. I am free to specify this "check" value, as long as it is a stable value, always the same value for the same key.

For, say, AES keys, I have designed the "check" value to be some bytes of the resulting of encrypting a predefined block, as it seems to be customary. For EC keys, because standard ECDSA is nondeterministic, I am evaluating either using nonstandard deterministic ECDSA or ECDH.

For the ECDH case, I am considering desiging the "check" value to be some bytes of the resulting secret of doing ECDH against the public key for private key 1. I am assuming that ECDH assures no bit of the private key would leak from doing this.

Are my assumptions correct? am I missing something?