Danger

This is a “Hazardous Materials” module. You should ONLY use it if you’re 100% absolutely sure that you know what you’re doing because this module is full of land mines, dragons, and dinosaurs with laser guns.

Ed25519 signing

Ed25519 is an elliptic curve signing algorithm using EdDSA and Curve25519. If you do not have legacy interoperability concerns then you should strongly consider using this signature algorithm.

Signing & Verification

>>> from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
>>> private_key = Ed25519PrivateKey.generate()
>>> signature = private_key.sign(b"my authenticated message")
>>> public_key = private_key.public_key()
>>> # Raises InvalidSignature if verification fails
>>> public_key.verify(signature, b"my authenticated message")

Key interfaces

class cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey

New in version 2.6.

classmethod generate()

Generate an Ed25519 private key.

Returns

Ed25519PrivateKey

classmethod from_private_bytes(data)
Parameters

data (bytes-like) – 32 byte private key.

Returns

Ed25519PrivateKey

>>> from cryptography.hazmat.primitives import serialization
>>> from cryptography.hazmat.primitives.asymmetric import ed25519
>>> private_key = ed25519.Ed25519PrivateKey.generate()
>>> private_bytes = private_key.private_bytes(
...     encoding=serialization.Encoding.Raw,
...     format=serialization.PrivateFormat.Raw,
...     encryption_algorithm=serialization.NoEncryption()
... )
>>> loaded_private_key = ed25519.Ed25519PrivateKey.from_private_bytes(private_bytes)
public_key()
Returns

Ed25519PublicKey

sign(data)
Parameters

data (bytes) – The data to sign.

Returns bytes

The 64 byte signature.

private_bytes(encoding, format, encryption_algorithm)

Allows serialization of the key to bytes. Encoding ( PEM, DER, or Raw) and format ( PKCS8, OpenSSH or Raw ) are chosen to define the exact serialization.

Parameters
Return bytes

Serialized key.

class cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey

New in version 2.6.

classmethod from_public_bytes(data)
Parameters

data (bytes) – 32 byte public key.

Returns

Ed25519PublicKey

>>> from cryptography.hazmat.primitives import serialization
>>> from cryptography.hazmat.primitives.asymmetric import ed25519
>>> private_key = ed25519.Ed25519PrivateKey.generate()
>>> public_key = private_key.public_key()
>>> public_bytes = public_key.public_bytes(
...     encoding=serialization.Encoding.Raw,
...     format=serialization.PublicFormat.Raw
... )
>>> loaded_public_key = ed25519.Ed25519PublicKey.from_public_bytes(public_bytes)
public_bytes(encoding, format)

Allows serialization of the key to bytes. Encoding ( PEM, DER, OpenSSH, or Raw) and format ( SubjectPublicKeyInfo, OpenSSH , or Raw ) are chosen to define the exact serialization.

Parameters
Returns bytes

The public key bytes.

verify(signature, data)
Parameters
  • signature (bytes) – The signature to verify.

  • data (bytes) – The data to verify.

Raises

cryptography.exceptions.InvalidSignature – Raised when the signature cannot be verified.