Crate ed25519_dalek[−][src]
A Rust implementation of ed25519 key generation, signing, and verification.
Example
Creating an ed25519 signature on a message is simple.
First, we need to generate a Keypair, which includes both public and
secret halves of an asymmetric key. To do so, we need a cryptographically
secure pseudorandom number generator (CSPRNG). For this example, we’ll use
the operating system’s builtin PRNG:
extern crate rand; extern crate ed25519_dalek; use rand::rngs::OsRng; use ed25519_dalek::Keypair; use ed25519_dalek::Signature; let mut csprng = OsRng{}; let keypair: Keypair = Keypair::generate(&mut csprng);
We can now use this keypair to sign a message:
use ed25519_dalek::{Signature, Signer}; let message: &[u8] = b"This is a test of the tsunami alert system."; let signature: Signature = keypair.sign(message);
As well as to verify that this is, indeed, a valid signature on
that message:
use ed25519_dalek::Verifier; assert!(keypair.verify(message, &signature).is_ok());
Anyone else, given the public half of the keypair can also easily
verify this signature:
use ed25519_dalek::{PublicKey, Verifier}; let public_key: PublicKey = keypair.public; assert!(public_key.verify(message, &signature).is_ok());
Serialisation
PublicKeys, SecretKeys, Keypairs, and Signatures can be serialised
into byte-arrays by calling .to_bytes(). It’s perfectly acceptible and
safe to transfer and/or store those bytes. (Of course, never transfer your
secret key to anyone else, since they will only need the public key to
verify your signatures!)
use ed25519_dalek::{PUBLIC_KEY_LENGTH, SECRET_KEY_LENGTH, KEYPAIR_LENGTH, SIGNATURE_LENGTH}; let public_key_bytes: [u8; PUBLIC_KEY_LENGTH] = public_key.to_bytes(); let secret_key_bytes: [u8; SECRET_KEY_LENGTH] = keypair.secret.to_bytes(); let keypair_bytes: [u8; KEYPAIR_LENGTH] = keypair.to_bytes(); let signature_bytes: [u8; SIGNATURE_LENGTH] = signature.to_bytes();
And similarly, decoded from bytes with ::from_bytes():
let public_key: PublicKey = PublicKey::from_bytes(&public_key_bytes)?; let secret_key: SecretKey = SecretKey::from_bytes(&secret_key_bytes)?; let keypair: Keypair = Keypair::from_bytes(&keypair_bytes)?; let signature: Signature = Signature::try_from(&signature_bytes[..])?;
Using Serde
If you prefer the bytes to be wrapped in another serialisation format, all
types additionally come with built-in serde support by
building ed25519-dalek via:
$ cargo build --features="serde"
They can be then serialised into any of the wire formats which serde supports. For example, using bincode:
use bincode::serialize; let encoded_public_key: Vec<u8> = serialize(&public_key).unwrap(); let encoded_signature: Vec<u8> = serialize(&signature).unwrap();
After sending the encoded_public_key and encoded_signature, the
recipient may deserialise them and verify:
use bincode::deserialize; let message: &[u8] = b"This is a test of the tsunami alert system."; let decoded_public_key: PublicKey = deserialize(&encoded_public_key).unwrap(); let decoded_signature: Signature = deserialize(&encoded_signature).unwrap(); let verified: bool = decoded_public_key.verify(&message, &decoded_signature).is_ok(); assert!(verified);
Re-exports
pub extern crate ed25519; |
Structs
| ExpandedSecretKey | An “expanded” secret key. |
| Keypair | An ed25519 keypair. |
| PublicKey | An ed25519 public key. |
| SecretKey | An EdDSA secret key. |
| Sha512 | The SHA-512 hash algorithm with the SHA-512 initial hash value. |
| Signature | Ed25519 signature. |
Constants
| EXPANDED_SECRET_KEY_LENGTH | The length of an “expanded” ed25519 key, |
| KEYPAIR_LENGTH | The length of an ed25519 |
| PUBLIC_KEY_LENGTH | The length of an ed25519 |
| SECRET_KEY_LENGTH | The length of a ed25519 |
| SIGNATURE_LENGTH | The length of a ed25519 |
Traits
| Digest | The |
| Signer | Sign the provided message bytestring using |
| Verifier | Verify the provided message bytestring using |
Type Definitions
| SignatureError | Errors which may occur while processing signatures and keypairs. |