[−][src]Struct tmp_ed25519::Keypair
An ed25519 keypair.
Fields
secret: SecretKey
The secret half of this keypair.
public: PublicKey
The public half of this keypair.
Methods
impl Keypair
[src]
pub fn to_bytes(&self) -> [u8; 64]
[src]
Convert this keypair to bytes.
Returns
An array of bytes, [u8; KEYPAIR_LENGTH]
. The first
SECRET_KEY_LENGTH
of bytes is the SecretKey
, and the next
PUBLIC_KEY_LENGTH
bytes is the PublicKey
(the same as other
libraries, such as Adam Langley's ed25519 Golang
implementation).
pub fn from_bytes<'a>(bytes: &'a [u8]) -> Result<Keypair, SignatureError>
[src]
Construct a Keypair
from the bytes of a PublicKey
and SecretKey
.
Inputs
bytes
: an&[u8]
representing the scalar for the secret key, and a compressed Edwards-Y coordinate of a point on curve25519, both as bytes. (As obtained fromKeypair::to_bytes()
.)
Warning
Absolutely no validation is done on the key. If you give this function
bytes which do not represent a valid point, or which do not represent
corresponding parts of the key, then your Keypair
will be broken and
it will be your fault.
Returns
A Result
whose okay value is an EdDSA Keypair
or whose error value
is an SignatureError
describing the error that occurred.
pub fn generate<R>(csprng: &mut R) -> Keypair where
R: CryptoRng + Rng,
[src]
R: CryptoRng + Rng,
Generate an ed25519 keypair.
Example
extern crate rand; extern crate ed25519_dalek; use rand::Rng; use rand::rngs::OsRng; use ed25519_dalek::Keypair; use ed25519_dalek::Signature; let mut csprng: OsRng = OsRng::new().unwrap(); let keypair: Keypair = Keypair::generate(&mut csprng);
Input
A CSPRNG with a fill_bytes()
method, e.g. rand_chacha::ChaChaRng
.
The caller must also supply a hash function which implements the
Digest
and Default
traits, and which returns 512 bits of output.
The standard hash function used for most ed25519 libraries is SHA-512,
which is available with use sha2::Sha512
as in the example above.
Other suitable hash functions include Keccak-512 and Blake2b-512.
pub fn sign(&self, message: &[u8]) -> Signature
[src]
Sign a message with this keypair's secret key.
pub fn sign_prehashed<D>(
&self,
prehashed_message: D,
context: Option<&'static [u8]>
) -> Signature where
D: Digest<OutputSize = U64>,
[src]
&self,
prehashed_message: D,
context: Option<&'static [u8]>
) -> Signature where
D: Digest<OutputSize = U64>,
Sign a prehashed_message
with this Keypair
using the
Ed25519ph algorithm defined in RFC8032 §5.1.
Inputs
prehashed_message
is an instantiated hash digest with 512-bits of output which has had the message to be signed previously fed into its state.context
is an optional context string, up to 255 bytes inclusive, which may be used to provide additional domain separation. If not set, this will default to an empty string.
Returns
An Ed25519ph Signature
on the prehashed_message
.
Examples
extern crate ed25519_dalek; extern crate rand; use ed25519_dalek::Digest; use ed25519_dalek::Keypair; use ed25519_dalek::Sha512; use ed25519_dalek::Signature; use rand::thread_rng; let mut csprng = thread_rng(); let keypair: Keypair = Keypair::generate(&mut csprng); let message: &[u8] = b"All I want is to pet all of the dogs."; // Create a hash digest object which we'll feed the message into: let mut prehashed: Sha512 = Sha512::new(); prehashed.input(message);
If you want, you can optionally pass a "context". It is generally a good idea to choose a context and try to make it unique to your project and this specific usage of signatures.
For example, without this, if you were to convert your OpenPGP key to a Bitcoin key (just as an example, and also Don't Ever Do That) and someone tricked you into signing an "email" which was actually a Bitcoin transaction moving all your magic internet money to their address, it'd be a valid transaction.
By adding a context, this trick becomes impossible, because the context is concatenated into the hash, which is then signed. So, going with the previous example, if your bitcoin wallet used a context of "BitcoinWalletAppTxnSigning" and OpenPGP used a context (this is likely the least of their safety problems) of "GPGsCryptoIsntConstantTimeLol", then the signatures produced by both could never match the other, even if they signed the exact same message with the same key.
Let's add a context for good measure (remember, you'll want to choose your own!):
let context: &[u8] = b"Ed25519DalekSignPrehashedDoctest"; let sig: Signature = keypair.sign_prehashed(prehashed, Some(context));
pub fn verify(
&self,
message: &[u8],
signature: &Signature
) -> Result<(), SignatureError>
[src]
&self,
message: &[u8],
signature: &Signature
) -> Result<(), SignatureError>
Verify a signature on a message with this keypair's public key.
pub fn verify_prehashed<D>(
&self,
prehashed_message: D,
context: Option<&[u8]>,
signature: &Signature
) -> Result<(), SignatureError> where
D: Digest<OutputSize = U64>,
[src]
&self,
prehashed_message: D,
context: Option<&[u8]>,
signature: &Signature
) -> Result<(), SignatureError> where
D: Digest<OutputSize = U64>,
Verify a signature
on a prehashed_message
using the Ed25519ph algorithm.
Inputs
prehashed_message
is an instantiated hash digest with 512-bits of output which has had the message to be signed previously fed into its state.context
is an optional context string, up to 255 bytes inclusive, which may be used to provide additional domain separation. If not set, this will default to an empty string.signature
is a purported Ed25519phSignature
on theprehashed_message
.
Returns
Returns true
if the signature
was a valid signature created by this
Keypair
on the prehashed_message
.
Examples
extern crate ed25519_dalek; extern crate rand; use ed25519_dalek::Digest; use ed25519_dalek::Keypair; use ed25519_dalek::Signature; use ed25519_dalek::Sha512; use rand::thread_rng; let mut csprng = thread_rng(); let keypair: Keypair = Keypair::generate(&mut csprng); let message: &[u8] = b"All I want is to pet all of the dogs."; let mut prehashed: Sha512 = Sha512::default(); prehashed.input(message); let context: &[u8] = b"Ed25519DalekSignPrehashedDoctest"; let sig: Signature = keypair.sign_prehashed(prehashed, Some(context)); // The sha2::Sha512 struct doesn't implement Copy, so we'll have to create a new one: let mut prehashed_again: Sha512 = Sha512::default(); prehashed_again.input(message); let verified = keypair.public.verify_prehashed(prehashed_again, Some(context), &sig); assert!(verified.is_ok());
Trait Implementations
Auto Trait Implementations
impl Unpin for Keypair
impl Sync for Keypair
impl Send for Keypair
impl UnwindSafe for Keypair
impl RefUnwindSafe for Keypair
Blanket Implementations
impl<T, U> TryFrom<U> for T where
U: Into<T>,
[src]
U: Into<T>,
type Error = Infallible
The type returned in the event of a conversion error.
fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>
[src]
impl<T, U> Into<U> for T where
U: From<T>,
[src]
U: From<T>,
impl<T> From<T> for T
[src]
impl<T, U> TryInto<U> for T where
U: TryFrom<T>,
[src]
U: TryFrom<T>,
type Error = <U as TryFrom<T>>::Error
The type returned in the event of a conversion error.
fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>
[src]
impl<T> Borrow<T> for T where
T: ?Sized,
[src]
T: ?Sized,
impl<T> BorrowMut<T> for T where
T: ?Sized,
[src]
T: ?Sized,
fn borrow_mut(&mut self) -> &mut T
[src]
impl<T> Any for T where
T: 'static + ?Sized,
[src]
T: 'static + ?Sized,
impl<T> Clear for T where
T: InitializableFromZeroed + ?Sized,
[src]
T: InitializableFromZeroed + ?Sized,
impl<T> InitializableFromZeroed for T where
T: Default,
[src]
T: Default,
unsafe fn initialize(place: *mut T)
[src]
impl<T> Same<T> for T
type Output = T
Should always be Self