eddsa: github.com/hlandau/eddsa Index | Files

package eddsa

import "github.com/hlandau/eddsa"

Package eddsa provides structures to represent EdDSA public and private keys.

Currently, this only supports Ed25519, but could in the future support other EdDSA algorithms such as Ed449.

Index

Package Files

ed25519.go eddsa.go

func Private25519 Uses

func Private25519(priv *PrivateKey) *[64]byte

Returns the private key in the form preferred by agl/ed25519. If the key is not an Ed25519 key, returns nil.

This is a reference to the array underlying D; changing the returned value will change D.

(Note that the first 32 bytes of Ed25519 private keys are actually the public key. This can be rederived from the private key, so private keys are actually compressible to 32 bytes if desired.)

func Public25519 Uses

func Public25519(pub *PublicKey) *[32]byte

Returns the public key in the form preferred by agl/ed25519. If the key is not an Ed25519 key, returns nil.

This is a reference to the array underlying X; changing the returned value will change X.

type Curve Uses

type Curve interface {
    // Generate a new keypair using the given entropy source.
    GenerateKey(rand io.Reader) (*PrivateKey, error)

    // Generate a signature. Unlike for crypto/ecdsa, there is no particular
    // requirement that the data you pass be the output of a hash function,
    // or that it be small. The only requirement is that you pass the data as
    // a slice. In other words, it must be practical to load the data contiguously
    // into memory.
    //
    // If you do not wish to pass the data itself, or it is not practical to
    // pass the data as a single contiguous memory block for signature generation,
    // you can instead pass a hash of the data. The IETF CFRG EdDSA specifications
    // specify how to construct a prehashed variant of EdX (for some value of X)
    // from EdX, in particular what hash function should be used. For example,
    // Ed25519 and Ed449 require the use of SHA512, and the 64-byte binary output
    // of SHA512 is then passed as the data to be signed. This construction is called
    // Ed25519ph/Ed449ph. You can use the PreferredPrehash method to get information
    // on the recommended prehash function to use.
    //
    // You should note that by doing this, you lose the collision resistance
    // property of EdDSA. Thus you are rendered more vulnerable to any vulnerability
    // in the prehash function to collisions. This is a rather academic concern.
    Sign(priv *PrivateKey, data []byte) ([]byte, error)

    // Verify a signature. Returns true if the signature is valid. If the signature
    // is invalid, or the wrong length, or the key given is for a different curve,
    // returns false.
    Verify(pub *PublicKey, data, sig []byte) bool

    // Returns the algorithm name, e.g. "Ed25519".
    Name() string

    // Returns the public key, private key and signature sizes in bytes.
    KeySize() (publicKeySize, privateKeySize, signatureSize int)

    // Provides information on the preferred prehash function.
    // You can use this to construct EdXph (for some supported X) from EdX.
    // If preferred prehash is unknown, returns zero values.
    PreferredPrehash() (prehash crypto.Hash, prehashName string) // e.g. "SHA512"
}

An EdDSA curve implementation.

func Ed25519 Uses

func Ed25519() Curve

Ed25519 signature scheme.

Public key size:   32 bytes
Private key size:  64 bytes
Signature size:    64 bytes
Security level:    ~128 bits
Preferred prehash: SHA512

type PrivateKey Uses

type PrivateKey struct {
    PublicKey
    D   []byte // Fixed-length private key, suitable for marshalling as-is.
}

PrivateKey represents an EdDSA private key.

The public key always appears at the end of D. That is, D[len(D)-len(X):] is equal to X for all EdDSA keypairs. That the public key is duplicated as the X field in the PublicKey field of the PrivateKey is a matter of convenience for the purposes of defining a reasonable interface.

It is possible to recover the public key from the private key. Thus, a private key can be compressed to its first part.

func (*PrivateKey) Public Uses

func (priv *PrivateKey) Public() crypto.PublicKey

Public returns the public key corresponding to priv.

func (*PrivateKey) Sign Uses

func (priv *PrivateKey) Sign(data []byte) ([]byte, error)

See Curve.Sign.

type PublicKey Uses

type PublicKey struct {
    Curve
    X   []byte // Fixed-length public key, suitable for marshalling as-is.
}

PublicKey represents an EdDSA public key.

func (*PublicKey) Verify Uses

func (pub *PublicKey) Verify(data, sig []byte) bool

See Curve.Verify.

Package eddsa imports 6 packages (graph) and is imported by 1 packages. Updated 2016-07-19. Refresh now. Tools for package owners.