No, I don't think there was any confusion in that second point. I read the function in your library, then I went looking for secp256k1.GenerateShared Secret that you use, there.
I don't think there's any issue apart from the one you mention about how the private key is generated, i.e. what they warn about in your original comment. (and this is always a big concern to address, whether doing ECDH or anything else).
And as for pubkeys, which are the only source of a "twist attack" type concern, The secp256k1.PubKey object is almost always going to be generated from ParsePubKey right? The only other way is via a constructor, and there is no concern there anyway.
No, I don't think there was any confusion in that second point. I read the function in your library, then I went looking for
secp256k1.GenerateShared Secretthat you use, there.I don't think there's any issue apart from the one you mention about how the private key is generated, i.e. what they warn about in your original comment. (and this is always a big concern to address, whether doing ECDH or anything else).
And as for pubkeys, which are the only source of a "twist attack" type concern, The
secp256k1.PubKeyobject is almost always going to be generated fromParsePubKeyright? The only other way is via a constructor, and there is no concern there anyway.