Comments (3)
There are different ways to store a Ed25519 private key. The seed gets hashed to get the private key, and then the private key gets multiplied by the Ed25519 curve basepoint to get the public key. You can store the seed and hash it everytime you need the private key, or just store the result of the hash. My library does the latter, as this saves a bit of performance on every operation. This means that it's impossible to get the seed back from the private or public key.
Also interesting is that Ed25519 also requires the public key while signing. Some libraries hide this by concatenating the public key and the private key/seed and calling that result the private key. I don't, and require you to pass both the public key and private key to the sign operation.
So to answer your issue:
It's impossible to get the seed from the private key. To turn a private key (which is the hashed seed) into a public key, look into ed25519_create_keypair
and remove the hashing code.
#include "ge.h"
void ed25519_get_pubkey(unsigned char *public_key, const unsigned char *private_key) {
ge_p3 A;
ge_scalarmult_base(&A, private_key);
ge_p3_tobytes(public_key, &A);
}
from ed25519.
Here are two examples how this is done by @floodyberry and @jedisct1
https://github.com/floodyberry/ed25519-donna/blob/master/ed25519.c#L45
https://github.com/jedisct1/libsodium/blob/master/src/libsodium/crypto_sign/ed25519/sign_ed25519_api.c#L34
And heres more informations about this:
http://blog.mozilla.org/warner/2011/11/29/ed25519-keys/
http://crypto.stackexchange.com/questions/9410/ed25519-choice-of-private-key-implementation
from ed25519.
Hi @nightcracker !
Thanks a lot 😄 That was exactly what I was looking for.
from ed25519.
Related Issues (16)
- ed25519_sign() is significantly different from current libsodium/SUPERCOP ref10 implementations (and generates incompatible output) HOT 5
- Possible issues regarding signed to unsigned conversions. HOT 3
- Some patches before deletion of fork branches
- Secret key generation HOT 1
- Multisig HOT 1
- Why private_key 64 bits? HOT 1
- key recovery from protocols using ed25519_add_scalar HOT 6
- ed25519 decode / decompress
- ed25519_add_scalar and DH key exchange
- why private_key + 32 in sign.c HOT 1
- ed25519 private key should be 32 bytes long. HOT 2
- ⚠️ Caution when using this library: The private keys are incompatible with other ed25519 implementations. HOT 2
- ge_madd and ge_add difference HOT 1
- Inconsistent signature results HOT 1
- vcpkg release ; request to use `#include <ed25519/`
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ed25519.