Danger

This is a “Hazardous Materials” module. You should ONLY use it if you’re 100% absolutely sure that you know what you’re doing because this module is full of land mines, dragons, and dinosaurs with laser guns.

Ed25519 signing

Ed25519 is an elliptic curve signing algorithm using EdDSA and Curve25519. If you do not have legacy interoperability concerns then you should strongly consider using this signature algorithm.

Signing & Verification

>>> from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
>>> private_key = Ed25519PrivateKey.generate()
>>> signature = private_key.sign(b"my authenticated message")
>>> public_key = private_key.public_key()
>>> # Raises InvalidSignature if verification fails
>>> public_key.verify(signature, b"my authenticated message")

Key interfaces

class cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey

Added in version 2.6.

classmethod generate()

Generate an Ed25519 private key.

Returns:

Ed25519PrivateKey

classmethod from_private_bytes(data)
Parameters:

data (bytes-like) – 32 byte private key.

Returns:

Ed25519PrivateKey

Raises:
>>> from cryptography.hazmat.primitives import serialization
>>> from cryptography.hazmat.primitives.asymmetric import ed25519
>>> private_key = ed25519.Ed25519PrivateKey.generate()
>>> private_bytes = private_key.private_bytes(
...     encoding=serialization.Encoding.Raw,
...     format=serialization.PrivateFormat.Raw,
...     encryption_algorithm=serialization.NoEncryption()
... )
>>> loaded_private_key = ed25519.Ed25519PrivateKey.from_private_bytes(private_bytes)
public_key()
Returns:

Ed25519PublicKey

sign(data)
Parameters:

data (bytes-like) – The data to sign.

Returns bytes:

The 64 byte signature.

private_bytes(encoding, format, encryption_algorithm)

Allows serialization of the key to bytes. Encoding ( PEM, DER, or Raw) and format ( PKCS8, OpenSSH or Raw ) are chosen to define the exact serialization.

Parameters:
Return bytes:

Serialized key.

private_bytes_raw()

Added in version 40.

Allows serialization of the key to raw bytes. This method is a convenience shortcut for calling private_bytes() with Raw encoding, Raw format, and NoEncryption.

Return bytes:

Raw key.

class cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey

Added in version 2.6.

classmethod from_public_bytes(data)
Parameters:

data (bytes) – 32 byte public key.

Returns:

Ed25519PublicKey

Raises:
>>> from cryptography.hazmat.primitives import serialization
>>> from cryptography.hazmat.primitives.asymmetric import ed25519
>>> private_key = ed25519.Ed25519PrivateKey.generate()
>>> public_key = private_key.public_key()
>>> public_bytes = public_key.public_bytes(
...     encoding=serialization.Encoding.Raw,
...     format=serialization.PublicFormat.Raw
... )
>>> loaded_public_key = ed25519.Ed25519PublicKey.from_public_bytes(public_bytes)
public_bytes(encoding, format)

Allows serialization of the key to bytes. Encoding ( PEM, DER, OpenSSH, or Raw) and format ( SubjectPublicKeyInfo, OpenSSH , or Raw ) are chosen to define the exact serialization.

Parameters:
Returns bytes:

The public key bytes.

public_bytes_raw()

Added in version 40.

Allows serialization of the key to raw bytes. This method is a convenience shortcut for calling public_bytes() with Raw encoding and Raw format.

Return bytes:

Raw key.

verify(signature, data)
Parameters:
Returns:

None

Raises:

cryptography.exceptions.InvalidSignature – Raised when the signature cannot be verified.