Documentation
¶
Overview ¶
Package b3ed25519 implements EdDSA over blake3 & curve25519.
All messages are prehashed with blake3, to prevent needing to read the message stream twice; an existing blake3 message hash can be provided for signing or verification.
This package also implements ECDH over edwards curve25519.
You shouldn't use this. Instead, use ed25519 for signatures and x25519 for DH. If you have a burning desire to use the same key for signing and key exchange, see filippo.io/edwards25519#Point.BytesMontgomery for converting an ed25519 public key to a x25519 public key. The private keys will be the same, though note the ed25519 private key as defined by the RFC is not used directly; it is first hashed with sha512, and then the first 32 bytes of that are clamped to produce the final key. See filippo.io/edwards25519#Scalar.SetBytesWithClamping for more info.
Example (KeyExchange) ¶
priv1 := NewPrivate() priv2 := NewPrivate() pub1 := priv1.Public() pub2 := priv2.Public() k1 := priv1.Shared(pub2) k2 := priv2.Shared(pub1) fmt.Println(bytes.Equal(k1[:], k2[:]))
Output: true
Example (Signing) ¶
priv := NewPrivate()
pub := priv.Public()
message := []byte("Hello, world!")
sig := priv.Sign(message)
valid := pub.Verify(message, sig)
invalid := pub.Verify([]byte("Hello, wrong!"), sig)
fmt.Println(valid)
fmt.Println(invalid)
Output: true false
Index ¶
Examples ¶
Constants ¶
const ( // KeySize is the size, in bytes, of public, private, and shared keys as used in this package. KeySize = 32 // SignatureSize is the size, in bytes, of signatures generated and verified by this package. SignatureSize = 64 )
Variables ¶
var ( // ErrBadKeyLength is returned if a key that is not 32 bytes in length is provided ErrBadKeyLength = errors.New("provided byte slice for key is not 32 bytes") // ErrBadHashLength is returned by one of the SignPrehashed or VerifyPrehashed if the digest provided is not 64 bytes. ErrBadHashLength = errors.New("provided byte slice for pre-hashed message is not 64 bytes") )
Functions ¶
This section is empty.
Types ¶
type PrivateKey ¶
type PrivateKey struct {
// contains filtered or unexported fields
}
PrivateKey is the type of a b3ed25519 private key.
func PrivateFromSeed ¶
func PrivateFromSeed(s []byte) (*PrivateKey, error)
PrivateFromSeed returns a PrivateKey loaded from the given seed.
func (*PrivateKey) Public ¶
func (k *PrivateKey) Public() *PublicKey
Public returns the public key for private key k.
func (*PrivateKey) Seed ¶
func (k *PrivateKey) Seed() []byte
Seed returns the seed for private key k.
func (*PrivateKey) Shared ¶
func (k *PrivateKey) Shared(p *PublicKey) [KeySize]byte
Shared uses ECDH to compute a shared key for k and p.
func (*PrivateKey) Sign ¶
func (k *PrivateKey) Sign(message []byte) []byte
Sign signs the given message with k and returns the signature.
func (*PrivateKey) SignPrehashed ¶
func (k *PrivateKey) SignPrehashed(digest []byte) []byte
SignPrehashed signs the given blake3 64-byte digest with k and returns the signature.
type PublicKey ¶
type PublicKey edwards25519.Point
PublicKey is the type of a b3ed25519 public key.
func Public ¶
Public returns a PublicKey for the given raw key bytes. It will error if the key is an invalid point on the curve.
func (*PublicKey) Verify ¶
Verify returns true if the given signature is valid for the given message & k, false otherwise.
func (*PublicKey) VerifyPrehashed ¶
Verify returns true if the given signature is valid for the given message blake3 digest & k, false otherwise.
Source Files