crypto_sign_keypair()
function randomly generates a secret key and a corresponding public key. The public key is put into pk
(crypto_sign_PUBLICKEYBYTES
bytes) and the secret key into sk
(crypto_sign_SECRETKEYBYTES
bytes).crypto_sign_seed_keypair()
, the key pair can also be deterministically derived from a single key seed
(crypto_sign_SEEDBYTES
bytes).crypto_sign()
function prepends a signature to a message m
, whose length is mlen
bytes, using the secret key sk
.sm
and is crypto_sign_BYTES + mlen
bytes long.smlen
is not a NULL
pointer, then the actual length of the signed message is stored in smlen
.crypto_sign_open()
function checks that the signed message sm
, whose length is smlen
bytes, has a valid signature for the public key pk
.-1
.m
, stores its length in mlen
if mlen
is not a NULL
pointer, and returns 0
.crypto_sign_detached()
function signs the message m
, whose length is mlen
bytes, using the secret key sk
and puts the signature into sig
, which can be up to crypto_sign_BYTES
bytes long.siglen
if siglen
is not NULL
.siglen
and always consider a signature as crypto_sign_BYTES
bytes long; shorter signatures will be transparently padded with zeros if necessary.crypto_sign_verify_detached()
function verifies that sig
is a valid signature for the message m
, whose length is mlen
bytes, using the signer's public key pk
.-1
if signature verification fails and 0
on success.Ed25519ph(m)
is intentionally not equivalent to Ed25519(SHA512(m))
.crypto_generichash_*()
APIs and sign the 512-bit output.crypto_sign_init()
function initializes the state state
. This function must be called before the first crypto_sign_update()
call.m
of length mlen
bytes to the message that will eventually be signed.crypto_sign_final_create()
function computes a signature for the previously supplied message using the secret key sk
and puts it into sig
.siglen_p
is not NULL
, then the length of the signature is stored at this address.siglen
and always consider a signature as crypto_sign_BYTES
bytes long; shorter signatures will be transparently padded with zeros if necessary.crypto_sign_final_verify()
function verifies that sig
is a valid signature using the public key pk
for the message whose content has been previously supplied using crypto_update()
.crypto_sign_seed_keypair()
) and public key.crypto_sign_ed25519_sk_to_seed()
function extracts the seed from the secret key sk
and copies it into seed
(crypto_sign_SEEDBYTES
bytes).crypto_sign_ed25519_sk_to_pk()
function extracts the public key from the secret key sk
and copies it into pk
(crypto_sign_PUBLICKEYBYTES
bytes).crypto_sign_state
, whose size can be retrieved using crypto_sign_statebytes()
crypto_sign_PUBLICKEYBYTES
crypto_sign_SECRETKEYBYTES
crypto_sign_BYTES
crypto_sign_SEEDBYTES
crypto_sign_verify()
and crypto_sign_verify_detached()
are only designed to verify signatures computed using crypto_sign()
and crypto_sign_detached()
.crypto_sign_open()
implementation overwrote 64 bytes after the message, whereas the libsodium implementation doesn't write past the end of the message.ED25519_NONDETERMINISTIC
macro defined.