Digital signatures

Purpose

A digital signature verifies the authenticity of a message and provides non-repudiation. This means any change to the message causes signature verification to fail, you know who signed the message, and someone cannot deny having signed a message.

Signing is done using a private key. The associated public key can then be publicly shared to allow others to verify signatures.

Usage

GenerateKeyPair

Fills a span with a randomly generated private key and another span with the associated public key.

Ed25519.GenerateKeyPair(Span<byte> publicKey, Span<byte> privateKey)

Exceptions

ArgumentOutOfRangeException

publicKey has a length not equal to PublicKeySize.

ArgumentOutOfRangeException

privateKey has a length not equal to PrivateKeySize.

CryptographicException

Unable to generate key pair.

GenerateKeyPair

Fills a span with a private key generated using a random seed and another span with the associated public key.

Ed25519.GenerateKeyPair(Span<byte> publicKey, Span<byte> privateKey, ReadOnlySpan<byte> seed)

Exceptions

ArgumentOutOfRangeException

publicKey has a length not equal to PublicKeySize.

ArgumentOutOfRangeException

privateKey has a length not equal to PrivateKeySize.

ArgumentOutOfRangeException

seed has a length not equal to SeedSize.

CryptographicException

Unable to generate key pair from seed.

ComputePublicKey

Fills a span with the public key computed from a private key.

Ed25519.ComputePublicKey(Span<byte> publicKey, ReadOnlySpan<byte> privateKey)

Exceptions

ArgumentOutOfRangeException

publicKey has a length not equal to PublicKeySize.

ArgumentOutOfRangeException

privateKey has a length not equal to PrivateKeySize.

CryptographicException

Unable to compute public key from private key.

Sign

Fills a span with the signature for a message signed using a private key.

Ed25519.Sign(Span<byte> signature, ReadOnlySpan<byte> message, ReadOnlySpan<byte> privateKey)

Exceptions

ArgumentOutOfRangeException

signature has a length not equal to SignatureSize.

ArgumentOutOfRangeException

privateKey has a length not equal to PrivateKeySize.

CryptographicException

Unable to compute signature.

Verify

Determines if a signature is valid for a message and public key. It returns true if the signature is valid and false otherwise.

Ed25519.Verify(ReadOnlySpan<byte> signature, ReadOnlySpan<byte> message, ReadOnlySpan<byte> publicKey)

Exceptions

ArgumentOutOfRangeException

signature has a length not equal to SignatureSize.

ArgumentOutOfRangeException

publicKey has a length not equal to PublicKeySize.

IncrementalEd25519ph

Provides support for computing/verifying a signature from a sequence of messages using Ed25519ph.

IncrementalEd25519ph.Finalize() fills a span with the signature for a chunked message signed using a private key.

IncrementalEd25519ph.FinalizeAndVerify() determines if a signature is valid for a chunked message and public key. It returns true if the signature is valid and false otherwise.

using var ed25519ph = new IncrementalEd25519ph();
ed25519ph.Update(ReadOnlySpan<byte> message1);
ed25519ph.Update(ReadOnlySpan<byte> message2);
// Sign
ed25519ph.Finalize(Span<byte> signature, ReadOnlySpan<byte> privateKey);
// Or verify
bool valid = ed25519ph.FinalizeAndVerify(ReadOnlySpan<byte> signature, ReadOnlySpan<byte> publicKey)

// Avoid another using statement
ed25519ph.Reinitialize();
ed25519ph.Update(ReadOnlySpan<byte> message3);
ed25519ph.Finalize(Span<byte> signature, ReadOnlySpan<byte> privateKey);

Exceptions

ArgumentOutOfRangeException

signature has a length not equal to SignatureSize.

ArgumentOutOfRangeException

privateKey has a length not equal to PrivateKeySize.

ArgumentOutOfRangeException

publicKey has a length not equal to PublicKeySize.

CryptographicException

The signature could not be computed.

InvalidOperationException

Cannot update after finalizing or finalize twice (without reinitializing).

ObjectDisposedException

The object has been disposed.

Constants

These are used for validation and/or save you defining your own constants.

public const int PublicKeySize = 32;
public const int PrivateKeySize = 64;
public const int SignatureSize = 64;
public const int SeedSize = 32;

Notes

If you want to use BLAKE2b for prehashing instead of Ed25519ph, which uses SHA-512 internally, you can hash a domain separation constant (e.g. the protocol name) concatenated with the message and sign the 512-bit hash.

Last updated