[][src]Struct ed25519_dalek::Keypair

pub struct Keypair {
    pub secret: SecretKey,
    pub public: PublicKey,
}

An ed25519 keypair.

Fields

secret: SecretKey

The secret half of this keypair.

public: PublicKey

The public half of this keypair.

Methods

impl Keypair[src]

pub fn to_bytes(&self) -> [u8; 64][src]

Convert this keypair to bytes.

Returns

An array of bytes, [u8; KEYPAIR_LENGTH]. The first SECRET_KEY_LENGTH of bytes is the SecretKey, and the next PUBLIC_KEY_LENGTH bytes is the PublicKey (the same as other libraries, such as Adam Langley's ed25519 Golang implementation).

pub fn from_bytes<'a>(bytes: &'a [u8]) -> Result<Keypair, SignatureError>[src]

Construct a Keypair from the bytes of a PublicKey and SecretKey.

Inputs

  • bytes: an &[u8] representing the scalar for the secret key, and a compressed Edwards-Y coordinate of a point on curve25519, both as bytes. (As obtained from Keypair::to_bytes().)

Warning

Absolutely no validation is done on the key. If you give this function bytes which do not represent a valid point, or which do not represent corresponding parts of the key, then your Keypair will be broken and it will be your fault.

Returns

A Result whose okay value is an EdDSA Keypair or whose error value is an SignatureError describing the error that occurred.

pub fn generate<R>(csprng: &mut R) -> Keypair where
    R: CryptoRng + RngCore
[src]

Generate an ed25519 keypair.

Example

extern crate rand_core;
extern crate rand_os;
extern crate ed25519_dalek;


use rand_core::{CryptoRng, RngCore};
use rand_os::OsRng;
use ed25519_dalek::Keypair;
use ed25519_dalek::Signature;

let mut csprng: OsRng = OsRng::new().unwrap();
let keypair: Keypair = Keypair::generate(&mut csprng);

Input

A CSPRNG with a fill_bytes() method, e.g. rand_os::OsRng.

The caller must also supply a hash function which implements the Digest and Default traits, and which returns 512 bits of output. The standard hash function used for most ed25519 libraries is SHA-512, which is available with use sha2::Sha512 as in the example above. Other suitable hash functions include Keccak-512 and Blake2b-512.

pub fn sign(&self, message: &[u8]) -> Signature[src]

Sign a message with this keypair's secret key.

pub fn sign_prehashed<D>(
    &self,
    prehashed_message: D,
    context: Option<&'static [u8]>
) -> Signature where
    D: Digest<OutputSize = U64>, 
[src]

Sign a prehashed_message with this Keypair using the Ed25519ph algorithm defined in RFC8032 §5.1.

Inputs

  • prehashed_message is an instantiated hash digest with 512-bits of output which has had the message to be signed previously fed into its state.
  • context is an optional context string, up to 255 bytes inclusive, which may be used to provide additional domain separation. If not set, this will default to an empty string.

Returns

An Ed25519ph Signature on the prehashed_message.

Examples

extern crate ed25519_dalek;
extern crate rand_os;

use ed25519_dalek::Digest;
use ed25519_dalek::Keypair;
use ed25519_dalek::Sha512;
use ed25519_dalek::Signature;
use rand_os::OsRng;

let mut csprng = OsRng::new().unwrap();
let keypair: Keypair = Keypair::generate(&mut csprng);
let message: &[u8] = b"All I want is to pet all of the dogs.";

// Create a hash digest object which we'll feed the message into:
let mut prehashed: Sha512 = Sha512::new();

prehashed.input(message);

If you want, you can optionally pass a "context". It is generally a good idea to choose a context and try to make it unique to your project and this specific usage of signatures.

For example, without this, if you were to convert your OpenPGP key to a Bitcoin key (just as an example, and also Don't Ever Do That) and someone tricked you into signing an "email" which was actually a Bitcoin transaction moving all your magic internet money to their address, it'd be a valid transaction.

By adding a context, this trick becomes impossible, because the context is concatenated into the hash, which is then signed. So, going with the previous example, if your bitcoin wallet used a context of "BitcoinWalletAppTxnSigning" and OpenPGP used a context (this is likely the least of their safety problems) of "GPGsCryptoIsntConstantTimeLol", then the signatures produced by both could never match the other, even if they signed the exact same message with the same key.

Let's add a context for good measure (remember, you'll want to choose your own!):

let context: &[u8] = b"Ed25519DalekSignPrehashedDoctest";

let sig: Signature = keypair.sign_prehashed(prehashed, Some(context));

pub fn verify(
    &self,
    message: &[u8],
    signature: &Signature
) -> Result<(), SignatureError>
[src]

Verify a signature on a message with this keypair's public key.

pub fn verify_prehashed<D>(
    &self,
    prehashed_message: D,
    context: Option<&[u8]>,
    signature: &Signature
) -> Result<(), SignatureError> where
    D: Digest<OutputSize = U64>, 
[src]

Verify a signature on a prehashed_message using the Ed25519ph algorithm.

Inputs

  • prehashed_message is an instantiated hash digest with 512-bits of output which has had the message to be signed previously fed into its state.
  • context is an optional context string, up to 255 bytes inclusive, which may be used to provide additional domain separation. If not set, this will default to an empty string.
  • signature is a purported Ed25519ph Signature on the prehashed_message.

Returns

Returns true if the signature was a valid signature created by this Keypair on the prehashed_message.

Examples

extern crate ed25519_dalek;
extern crate rand_os;

use ed25519_dalek::Digest;
use ed25519_dalek::Keypair;
use ed25519_dalek::Signature;
use ed25519_dalek::Sha512;
use rand_os::OsRng;

let mut csprng: OsRng = OsRng::new().unwrap();
let keypair: Keypair = Keypair::generate(&mut csprng);
let message: &[u8] = b"All I want is to pet all of the dogs.";

let mut prehashed: Sha512 = Sha512::new();
prehashed.input(message);

let context: &[u8] = b"Ed25519DalekSignPrehashedDoctest";

let sig: Signature = keypair.sign_prehashed(prehashed, Some(context));

// The sha2::Sha512 struct doesn't implement Copy, so we'll have to create a new one:
let mut prehashed_again: Sha512 = Sha512::default();
prehashed_again.input(message);

let verified = keypair.public.verify_prehashed(prehashed_again, Some(context), &sig);

assert!(verified.is_ok());

Trait Implementations

impl Debug for Keypair[src]

impl Default for Keypair[src]

Auto Trait Implementations

impl Unpin for Keypair

impl Send for Keypair

impl Sync for Keypair

impl RefUnwindSafe for Keypair

impl UnwindSafe for Keypair

Blanket Implementations

impl<T, U> TryFrom<U> for T where
    U: Into<T>, 
[src]

type Error = Infallible

The type returned in the event of a conversion error.

impl<T, U> Into<U> for T where
    U: From<T>, 
[src]

impl<T> From<T> for T[src]

impl<T, U> TryInto<U> for T where
    U: TryFrom<T>, 
[src]

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.

impl<T> Borrow<T> for T where
    T: ?Sized
[src]

impl<T> BorrowMut<T> for T where
    T: ?Sized
[src]

impl<T> Any for T where
    T: 'static + ?Sized
[src]

impl<T> Clear for T where
    T: InitializableFromZeroed + ?Sized
[src]

impl<T> InitializableFromZeroed for T where
    T: Default
[src]

impl<T> Same<T> for T

type Output = T

Should always be Self