Expand description

A Rust implementation of ed25519 key generation, signing, and verification.


Creating an ed25519 signature on a message is simple.

First, we need to generate a Keypair, which includes both public and secret halves of an asymmetric key. To do so, we need a cryptographically secure pseudorandom number generator (CSPRNG). For this example, we’ll use the operating system’s builtin PRNG:

extern crate rand;
extern crate ed25519_dalek;

use rand::rngs::OsRng;
use ed25519_dalek::Keypair;
use ed25519_dalek::Signature;

let mut csprng = OsRng{};
let keypair: Keypair = Keypair::generate(&mut csprng);

We can now use this keypair to sign a message:

use ed25519_dalek::{Signature, Signer};
let message: &[u8] = b"This is a test of the tsunami alert system.";
let signature: Signature = keypair.sign(message);

As well as to verify that this is, indeed, a valid signature on that message:

use ed25519_dalek::Verifier;
assert!(keypair.verify(message, &signature).is_ok());

Anyone else, given the public half of the keypair can also easily verify this signature:

use ed25519_dalek::{PublicKey, Verifier};

let public_key: PublicKey = keypair.public;
assert!(public_key.verify(message, &signature).is_ok());


PublicKeys, SecretKeys, Keypairs, and Signatures can be serialised into byte-arrays by calling .to_bytes(). It’s perfectly acceptible and safe to transfer and/or store those bytes. (Of course, never transfer your secret key to anyone else, since they will only need the public key to verify your signatures!)


let public_key_bytes: [u8; PUBLIC_KEY_LENGTH] = public_key.to_bytes();
let secret_key_bytes: [u8; SECRET_KEY_LENGTH] = keypair.secret.to_bytes();
let keypair_bytes:    [u8; KEYPAIR_LENGTH]    = keypair.to_bytes();
let signature_bytes:  [u8; SIGNATURE_LENGTH]  = signature.to_bytes();

And similarly, decoded from bytes with ::from_bytes():

let public_key: PublicKey = PublicKey::from_bytes(&public_key_bytes)?;
let secret_key: SecretKey = SecretKey::from_bytes(&secret_key_bytes)?;
let keypair:    Keypair   = Keypair::from_bytes(&keypair_bytes)?;
let signature:  Signature = Signature::try_from(&signature_bytes[..])?;

Using Serde

If you prefer the bytes to be wrapped in another serialisation format, all types additionally come with built-in serde support by building ed25519-dalek via:

$ cargo build --features="serde"

They can be then serialised into any of the wire formats which serde supports. For example, using bincode:

use bincode::serialize;

let encoded_public_key: Vec<u8> = serialize(&public_key).unwrap();
let encoded_signature: Vec<u8> = serialize(&signature).unwrap();

After sending the encoded_public_key and encoded_signature, the recipient may deserialise them and verify:

use bincode::deserialize;

let message: &[u8] = b"This is a test of the tsunami alert system.";
let decoded_public_key: PublicKey = deserialize(&encoded_public_key).unwrap();
let decoded_signature: Signature = deserialize(&encoded_signature).unwrap();

let verified: bool = decoded_public_key.verify(&message, &decoded_signature).is_ok();



pub extern crate ed25519;


An “expanded” secret key.

An ed25519 keypair.

An ed25519 public key.

An EdDSA secret key.

The SHA-512 hash algorithm with the SHA-512 initial hash value.

Ed25519 signature.


The length of an “expanded” ed25519 key, ExpandedSecretKey, in bytes.

The length of an ed25519 Keypair, in bytes.

The length of an ed25519 PublicKey, in bytes.

The length of a ed25519 SecretKey, in bytes.

The length of a ed25519 Signature, in bytes.


The Digest trait specifies an interface common for digest functions.

Sign the provided message bytestring using Self (e.g. a cryptographic key or connection to an HSM), returning a digital signature.

Verify the provided message bytestring using Self (e.g. a public key)

Type Definitions

Errors which may occur while processing signatures and keypairs.