Ed25519 to X25519

Purpose

Ed25519 keys can be converted to X25519 keys. This should ONLY be done under either of the following circumstances:

  • When you are forced to use the same key pair for key exchange and signing due to resource constraints (unlikely if using this library but possible on embedded devices).

  • When you only have access to signing keys.

For example, you could retrieve someone's Ed25519 SSH public key from GitHub and use it as an X25519 public key for key exchange to encrypt a file for them.

It is bad practice to reuse the same key for different purposes. Please generate separate Ed25519 and X25519 key pairs unless your circumstances match the above.

Usage

GetX25519PublicKey

Fills a span with the X25519 public key for a given Ed25519 public key.

Ed25519.GetX25519PublicKey(Span<byte> x25519PublicKey, ReadOnlySpan<byte> ed25519PublicKey)

Exceptions

ArgumentOutOfRangeException

x25519PublicKey has a length not equal to X25519.PublicKeySize.

ArgumentOutOfRangeException

ed25519PublicKey has a length not equal to Ed25519.PublicKeySize.

CryptographicException

The X25519 public key could not be computed.

GetX25519PrivateKey

Fills a span with the X25519 private key for a given Ed25519 private key.

Ed25519.GetX25519PrivateKey(Span<byte> x25519PrivateKey, ReadOnlySpan<byte> ed25519PrivateKey)

Exceptions

ArgumentOutOfRangeException

x25519PrivateKey has a length not equal to X25519.PrivateKeySize.

ArgumentOutOfRangeException

ed25519PrivateKey has a length not equal to Ed25519.PrivateKeySize.

CryptographicException

The X25519 private key could not be computed.

Notes

There has not been much research on using the same key pair for X25519 and Ed25519. However, it should be fine for an X25519-based KEM. There is a nice summary of what a KEM is here.

Last updated