GSP
Quick Navigator
Search Site

Unix VPS
A - Starter
B - Basic
C - Preferred
D - Commercial
MPS - Dedicated
Previous VPSs
* Sign Up! *

Support
Contact Us
Online Help
Handbooks
Domain Status
Man Pages

FAQ
Virtual Servers
Pricing
Billing
Technical

Network
Facilities
Connectivity
Topology Map

Miscellaneous
Server Agreement
Year 2038
Credits
 

USA Flag

 

 

Man Pages
CRYPTO_ED25519_SIGN(3MONOCYPHER) 3MONOCYPHER CRYPTO_ED25519_SIGN(3MONOCYPHER)

crypto_ed25519_sign, crypto_ed25519_check, crypto_ed25519_key_pair, crypto_ed25519_ph_sign, crypto_ed25519_ph_checkpublic key signatures

#include <monocypher-ed25519.h>

void
crypto_ed25519_sign(uint8_t signature[64], const uint8_t secret_key[64], const uint8_t *message, size_t message_size);

int
crypto_ed25519_check(const uint8_t signature[64], const uint8_t public_key[32], const uint8_t *message, size_t message_size);

void
crypto_ed25519_key_pair(uint8_t secret_key[64], uint8_t public_key[32], uint8_t seed[32]);

void
crypto_ed25519_ph_sign(uint8_t signature[64], const uint8_t secret_key[64], const uint8_t message_hash[64]);

int
crypto_ed25519_ph_check(const uint8_t signature[64], const uint8_t public_key[32], const uint8_t message_hash[64]);

The () and () functions provide Ed25519 public key signatures and verification with SHA-512 as the underlying hash function. They are interoperable with other Ed25519 implementations. If you have no interoperability requirements, prefer crypto_eddsa_sign(3monocypher).

The arguments and security considerations are the same as those described in crypto_eddsa_sign(3monocypher).

() and () implement Ed25519ph. To sign or check a message, first hash the message with crypto_sha512(3monocypher), then process the resulting message_hash.

crypto_ed25519_key_pair(), crypto_ed25519_sign(), and crypto_ed25519_ph_sign() return nothing.

crypto_ed25519_check() and crypto_ed25519_ph_check() returns 0 for legitimate messages and -1 for forgeries.

crypto_eddsa_sign(3monocypher), crypto_x25519(3monocypher), crypto_aead_lock(3monocypher), crypto_sha512(3monocypher), intro(3monocypher)

These functions implement Ed25519 as described in RFC 8032.

The crypto_ed25519_sign(), crypto_ed25519_check(), and crypto_ed25519_public_key() functions appeared in Monocypher 3.0.0. They replace recompilation of Monocypher with the ED25519_SHA512 preprocessor definition.

In Monocypher 4.0.0, the incremental and custom hash API removed. The main interface was also reworked to avoid misuse, and crypto_ed25519_key_pair() replaced crypto_ed25519_public_key().

Monocypher does not perform any input validation. Any deviation from the specified input and output length ranges results in . Make sure your inputs are correct.

Signature malleability is the ability of an attacker to produce a valid signature with knowledge of only an existing signature and the public key. Monocypher prevents that by checking the encoding of the signature, and guarantees that generating new signatures requires the private key.

On the other hand, EdDSA signatures are not unique like cryptographic hashes. The signing procedure is deterministic by specification and crypto_ed25519_sign() follows this specification. However, someone with the private key can generate arbitrarily many valid, canonical, and different signatures of the same message. Because of this, never assume that signatures are unique.

Fault injection (also known as glitching) and power analysis may be used to manipulate the resulting signature and recover the secret key in some cases. This requires hardware access. We can try to mitigate this attack by prefixing all hashes a random data block, in a construction similar to Ed25519ctx. Note that there may still be other power-related side channels (such as if the CPU leaks information when an operation overflows a register) that must be considered.

March 1, 2022 FreeBSD 14.3-RELEASE
Search for    or go to Top of page |  Section 3 |  Main Index

Powered by GSP Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.