Ed25519 to X25519
Purpose
Ed25519 keys can be converted to X25519 keys. This should ONLY be done under either of the following circumstances:
When you are forced to use the same key pair for key exchange and signing due to resource constraints (unlikely if using this library but possible on embedded devices).
When you only have access to signing keys.
For example, you could retrieve someone's Ed25519 SSH public key from GitHub and use it as an X25519 public key for key exchange to encrypt a file for them.
It is bad practice to reuse the same key for different purposes. Please generate separate Ed25519 and X25519 key pairs unless your circumstances match the above.
Usage
ComputeX25519PublicKey
Fills a span with the X25519 public key for a given Ed25519 public key.
Ed25519.ComputeX25519PublicKey(Span<byte> x25519PublicKey, ReadOnlySpan<byte> ed25519PublicKey)Exceptions
x25519PublicKey has a length not equal to X25519.PublicKeySize.
ed25519PublicKey has a length not equal to Ed25519.PublicKeySize.
Error computing X25519 public key.
ComputeX25519PrivateKey
Fills a span with the X25519 private key for a given Ed25519 private key.
Exceptions
x25519PrivateKey has a length not equal to X25519.PrivateKeySize.
ed25519PrivateKey has a length not equal to Ed25519.PrivateKeySize.
Error computing X25519 private key.
Notes
There has not been much research on using the same key pair for X25519 and Ed25519. However, it should be fine for an X25519-based KEM. There is a nice summary of what a KEM is here.
Last updated