⚠️ Caution when using this library: The private keys are incompatible with other ed25519 implementations.

Question

⚠️ Caution when using this library: The private keys are incompatible with other ed25519 implementations.

Closed this issue 2 years ago · 2 comments

Used this library to sign software for my auto-updater. As long as you use this implementation stand-alone everything seems to be ok. Signing and verification works.

But: The private keys generated with this library are incompatible with other implementations (e.g. libsodium which is used by PHP).

See jedisct1/libsodium#1213 for more details.

Answer 1 · 2022-10-02T22:51:10.000Z

My library is older than libsodium, and predates the Ed25519 RFC by 4 years. I chose this API because it means I don't have to re-hash the seed on every invocation without a further state struct. If you wish to be compatible with libsodium you have to keep the seed around separately. The combination of the seed plus public key is equivalent to the libsodium private key.

Answer 2 · 2022-10-02T23:07:22.000Z

As a courtesy against future confusion I added this note to the readme:

Note: this library stores private keys in a different format than some other libraries, notably libsodium. They tend to store the concatenation of the seed and public_key as their private key representation. If you wish to be compatible with these libraries you must keep the seed around.