Comment on page

# Ed25519 to X25519

- When you are forced to use the same key pair for key exchange and signing due to resource constraints (unlikely if using this library but possible on embedded devices).
- When you only have access to signing keys.

For example, you could retrieve someone's Ed25519 SSH public key from GitHub and use it as an X25519 public key for key exchange to encrypt a file for them.

**It is bad practice to reuse the same key for different purposes**. Please generate separate Ed25519 and X25519 key pairs unless your circumstances match the above.

Fills a span with the X25519 public key for a given Ed25519 public key.

Ed25519.GetX25519PublicKey(Span<byte> x25519PublicKey, ReadOnlySpan<byte> ed25519PublicKey)

`x25519PublicKey`

has a length not equal to `X25519.PublicKeySize`

.`ed25519PublicKey`

has a length not equal to `Ed25519.PublicKeySize`

.The X25519 public key could not be computed.

Fills a span with the X25519 private key for a given Ed25519 private key.

Ed25519.GetX25519PrivateKey(Span<byte> x25519PrivateKey, ReadOnlySpan<byte> ed25519PrivateKey)

`x25519PrivateKey`

has a length not equal to `X25519.PrivateKeySize`

.`ed25519PrivateKey`

has a length not equal to `Ed25519.PrivateKeySize`

.The X25519 private key could not be computed.

There has not been much research on using the same key pair for X25519 and Ed25519. However, it should be fine for an X25519-based KEM. There is a nice summary of what a KEM is here.

Last modified 6mo ago