ed25519
packagestandard library
This package is not in the latest version of its module.
Details
Validgo.mod file
The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
- Redistributable license
Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
- Tagged version
Modules with tagged versions give importers more predictable builds.
- Stable version
When a project reaches major version v1 it is considered stable.
- Learn more about best practices
Repository
Links
Report a Vulnerability
Documentation¶
Overview¶
Package ed25519 implements the Ed25519 signature algorithm. Seehttps://ed25519.cr.yp.to/.
These functions are also compatible with the “Ed25519” function defined inRFC 8032. However, unlikeRFC 8032's formulation, this package's private keyrepresentation includes a public key suffix to make multiple signingoperations with the same key more efficient. This package refers to theRFC8032 private key as the “seed”.
Operations involving private keys are implemented using constant-timealgorithms.
Example (Ed25519ctx)¶
pub, priv, err := GenerateKey(nil)if err != nil {log.Fatal(err)}msg := []byte("The quick brown fox jumps over the lazy dog")sig, err := priv.Sign(nil, msg, &Options{Context: "Example_ed25519ctx",})if err != nil {log.Fatal(err)}if err := VerifyWithOptions(pub, msg, sig, &Options{Context: "Example_ed25519ctx",}); err != nil {log.Fatal("invalid signature")}Index¶
- Constants
- func GenerateKey(rand io.Reader) (PublicKey, PrivateKey, error)
- func Sign(privateKey PrivateKey, message []byte) []byte
- func Verify(publicKey PublicKey, message, sig []byte) bool
- func VerifyWithOptions(publicKey PublicKey, message, sig []byte, opts *Options) error
- type Options
- type PrivateKey
- type PublicKey
Examples¶
Constants¶
const (// PublicKeySize is the size, in bytes, of public keys as used in this package.PublicKeySize = 32// PrivateKeySize is the size, in bytes, of private keys as used in this package.PrivateKeySize = 64// SignatureSize is the size, in bytes, of signatures generated and verified by this package.SignatureSize = 64// SeedSize is the size, in bytes, of private key seeds. These are the private key representations used byRFC 8032.SeedSize = 32)
Variables¶
This section is empty.
Functions¶
funcGenerateKey¶
func GenerateKey(randio.Reader) (PublicKey,PrivateKey,error)
GenerateKey generates a public/private key pair using entropy from rand.If rand is nil,crypto/rand.Reader will be used.
The output of this function is deterministic, and equivalent to readingSeedSize bytes from rand, and passing them toNewKeyFromSeed.
funcSign¶
func Sign(privateKeyPrivateKey, message []byte) []byte
Sign signs the message with privateKey and returns a signature. It willpanic if len(privateKey) is notPrivateKeySize.
funcVerify¶
Verify reports whether sig is a valid signature of message by publicKey. Itwill panic if len(publicKey) is notPublicKeySize.
The inputs are not considered confidential, and may leak through timing sidechannels, or if an attacker has control of part of the inputs.
funcVerifyWithOptions¶added ingo1.20
VerifyWithOptions reports whether sig is a valid signature of message bypublicKey. A valid signature is indicated by returning a nil error. It willpanic if len(publicKey) is notPublicKeySize.
If opts.Hash iscrypto.SHA512, the pre-hashed variant Ed25519ph is used andmessage is expected to be a SHA-512 hash, otherwise opts.Hash must becrypto.Hash(0) and the message must not be hashed, as Ed25519 performs twopasses over messages to be signed.
The inputs are not considered confidential, and may leak through timing sidechannels, or if an attacker has control of part of the inputs.
Types¶
typeOptions¶added ingo1.20
type Options struct {// Hash can be zero for regular Ed25519, or crypto.SHA512 for Ed25519ph.Hashcrypto.Hash// Context, if not empty, selects Ed25519ctx or provides the context string// for Ed25519ph. It can be at most 255 bytes in length.Contextstring}Options can be used withPrivateKey.Sign orVerifyWithOptionsto select Ed25519 variants.
typePrivateKey¶
type PrivateKey []byte
PrivateKey is the type of Ed25519 private keys. It implementscrypto.Signer.
funcNewKeyFromSeed¶
func NewKeyFromSeed(seed []byte)PrivateKey
NewKeyFromSeed calculates a private key from a seed. It will panic iflen(seed) is notSeedSize. This function is provided for interoperabilitywithRFC 8032.RFC 8032's private keys correspond to seeds in thispackage.
func (PrivateKey)Equal¶added ingo1.15
func (privPrivateKey) Equal(xcrypto.PrivateKey)bool
Equal reports whether priv and x have the same value.
func (PrivateKey)Public¶
func (privPrivateKey) Public()crypto.PublicKey
Public returns thePublicKey corresponding to priv.
func (PrivateKey)Seed¶
func (privPrivateKey) Seed() []byte
Seed returns the private key seed corresponding to priv. It is provided forinteroperability withRFC 8032.RFC 8032's private keys correspond to seedsin this package.
func (PrivateKey)Sign¶
func (privPrivateKey) Sign(randio.Reader, message []byte, optscrypto.SignerOpts) (signature []byte, errerror)
Sign signs the given message with priv. rand is ignored and can be nil.
If opts.HashFunc() iscrypto.SHA512, the pre-hashed variant Ed25519ph is usedand message is expected to be a SHA-512 hash, otherwise opts.HashFunc() mustbecrypto.Hash(0) and the message must not be hashed, as Ed25519 performs twopasses over messages to be signed.
A value of typeOptions can be used as opts, or crypto.Hash(0) orcrypto.SHA512 directly to select plain Ed25519 or Ed25519ph, respectively.
Source Files