package module
v0.1.3 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Jan 10, 2022 License: MIT Imports: 5 Imported by: 0



Package b3ed25519 implements EdDSA over blake3 & curve25519.

All messages are prehashed with blake3, to prevent needing to read the message stream twice; an existing blake3 message hash can be provided for signing or verification.

This package also implements ECDH over edwards curve25519.

You shouldn't use this. Instead, use ed25519 for signatures and x25519 for DH. If you have a burning desire to use the same key for signing and key exchange, see filippo.io/edwards25519#Point.BytesMontgomery for converting an ed25519 public key to a x25519 public key. The private keys will be the same, though note the ed25519 private key as defined by the RFC is not used directly; it is first hashed with sha512, and then the first 32 bytes of that are clamped to produce the final key. See filippo.io/edwards25519#Scalar.SetBytesWithClamping for more info.

Example (KeyExchange)
priv1 := NewPrivate()
priv2 := NewPrivate()
pub1 := priv1.Public()
pub2 := priv2.Public()

k1 := priv1.Shared(pub2)
k2 := priv2.Shared(pub1)
fmt.Println(bytes.Equal(k1[:], k2[:]))

Example (Signing)
priv := NewPrivate()
pub := priv.Public()

message := []byte("Hello, world!")
sig := priv.Sign(message)

valid := pub.Verify(message, sig)
invalid := pub.Verify([]byte("Hello, wrong!"), sig)





View Source
const (
	// KeySize is the size, in bytes, of public, private, and shared keys as used in this package.
	KeySize = 32

	// SignatureSize is the size, in bytes, of signatures generated and verified by this package.
	SignatureSize = 64


View Source
var (
	// ErrBadKeyLength is returned if a key that is not 32 bytes in length is provided
	ErrBadKeyLength = errors.New("provided byte slice for key is not 32 bytes")

	// ErrBadHashLength is returned by one of the SignPrehashed or VerifyPrehashed if the digest provided is not 64 bytes.
	ErrBadHashLength = errors.New("provided byte slice for pre-hashed message is not 64 bytes")


This section is empty.


type PrivateKey

type PrivateKey struct {
	// contains filtered or unexported fields

PrivateKey is the type of a b3ed25519 private key.

func NewPrivate

func NewPrivate() (k *PrivateKey)

NewPrivate returns a new random PrivateKey.

func PrivateFromSeed

func PrivateFromSeed(s []byte) (*PrivateKey, error)

PrivateFromSeed returns a PrivateKey loaded from the given seed.

func (*PrivateKey) Public

func (k *PrivateKey) Public() *PublicKey

Public returns the public key for private key k.

func (*PrivateKey) Seed

func (k *PrivateKey) Seed() []byte

Seed returns the seed for private key k.

func (*PrivateKey) Shared

func (k *PrivateKey) Shared(p *PublicKey) [KeySize]byte

Shared uses ECDH to compute a shared key for k and p.

func (*PrivateKey) Sign

func (k *PrivateKey) Sign(message []byte) []byte

Sign signs the given message with k and returns the signature.

func (*PrivateKey) SignPrehashed

func (k *PrivateKey) SignPrehashed(digest []byte) []byte

SignPrehashed signs the given blake3 64-byte digest with k and returns the signature.

type PublicKey

type PublicKey edwards25519.Point

PublicKey is the type of a b3ed25519 public key.

func Public

func Public(k []byte) (*PublicKey, error)

Public returns a PublicKey for the given raw key bytes. It will error if the key is an invalid point on the curve.

func (*PublicKey) Key

func (k *PublicKey) Key() []byte

Key returns the raw bytes of k.

func (*PublicKey) Verify

func (k *PublicKey) Verify(message, sig []byte) bool

Verify returns true if the given signature is valid for the given message & k, false otherwise.

func (*PublicKey) VerifyPrehashed

func (k *PublicKey) VerifyPrehashed(digest, sig []byte) bool

Verify returns true if the given signature is valid for the given message blake3 digest & k, false otherwise.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL