Crate ed25519_dalek
source · [−]Expand description
A Rust implementation of ed25519 key generation, signing, and verification.
Example
Creating an ed25519 signature on a message is simple.
First, we need to generate a Keypair, which includes both public and
secret halves of an asymmetric key. To do so, we need a cryptographically
secure pseudorandom number generator (CSPRNG). For this example, we’ll use
the operating system’s builtin PRNG:
extern crate rand;
extern crate ed25519_dalek;
use rand::rngs::OsRng;
use ed25519_dalek::Keypair;
use ed25519_dalek::Signature;
let mut csprng = OsRng{};
let keypair: Keypair = Keypair::generate(&mut csprng);We can now use this keypair to sign a message:
use ed25519_dalek::{Signature, Signer};
let message: &[u8] = b"This is a test of the tsunami alert system.";
let signature: Signature = keypair.sign(message);As well as to verify that this is, indeed, a valid signature on
that message:
use ed25519_dalek::Verifier;
assert!(keypair.verify(message, &signature).is_ok());Anyone else, given the public half of the keypair can also easily
verify this signature:
use ed25519_dalek::{PublicKey, Verifier};
let public_key: PublicKey = keypair.public;
assert!(public_key.verify(message, &signature).is_ok());Serialisation
PublicKeys, SecretKeys, Keypairs, and Signatures can be serialised
into byte-arrays by calling .to_bytes(). It’s perfectly acceptible and
safe to transfer and/or store those bytes. (Of course, never transfer your
secret key to anyone else, since they will only need the public key to
verify your signatures!)
use ed25519_dalek::{PUBLIC_KEY_LENGTH, SECRET_KEY_LENGTH, KEYPAIR_LENGTH, SIGNATURE_LENGTH};
let public_key_bytes: [u8; PUBLIC_KEY_LENGTH] = public_key.to_bytes();
let secret_key_bytes: [u8; SECRET_KEY_LENGTH] = keypair.secret.to_bytes();
let keypair_bytes: [u8; KEYPAIR_LENGTH] = keypair.to_bytes();
let signature_bytes: [u8; SIGNATURE_LENGTH] = signature.to_bytes();And similarly, decoded from bytes with ::from_bytes():
let public_key: PublicKey = PublicKey::from_bytes(&public_key_bytes)?;
let secret_key: SecretKey = SecretKey::from_bytes(&secret_key_bytes)?;
let keypair: Keypair = Keypair::from_bytes(&keypair_bytes)?;
let signature: Signature = Signature::try_from(&signature_bytes[..])?;Using Serde
If you prefer the bytes to be wrapped in another serialisation format, all
types additionally come with built-in serde support by
building ed25519-dalek via:
$ cargo build --features="serde"They can be then serialised into any of the wire formats which serde supports. For example, using bincode:
use bincode::serialize;
let encoded_public_key: Vec<u8> = serialize(&public_key).unwrap();
let encoded_signature: Vec<u8> = serialize(&signature).unwrap();After sending the encoded_public_key and encoded_signature, the
recipient may deserialise them and verify:
use bincode::deserialize;
let message: &[u8] = b"This is a test of the tsunami alert system.";
let decoded_public_key: PublicKey = deserialize(&encoded_public_key).unwrap();
let decoded_signature: Signature = deserialize(&encoded_signature).unwrap();
let verified: bool = decoded_public_key.verify(&message, &decoded_signature).is_ok();
assert!(verified);Re-exports
pub extern crate ed25519;Structs
An “expanded” secret key.
An ed25519 keypair.
An ed25519 public key.
An EdDSA secret key.
The SHA-512 hash algorithm with the SHA-512 initial hash value.
Ed25519 signature.
Constants
The length of an “expanded” ed25519 key, ExpandedSecretKey, in bytes.
The length of an ed25519 Keypair, in bytes.
The length of an ed25519 PublicKey, in bytes.
The length of a ed25519 SecretKey, in bytes.
The length of a ed25519 Signature, in bytes.
Traits
The Digest trait specifies an interface common for digest functions.
Sign the provided message bytestring using Self (e.g. a cryptographic key
or connection to an HSM), returning a digital signature.
Verify the provided message bytestring using Self (e.g. a public key)
Type Definitions
Errors which may occur while processing signatures and keypairs.