Danger
This is a “Hazardous Materials” module. You should ONLY use it if you’re 100% absolutely sure that you know what you’re doing because this module is full of land mines, dragons, and dinosaurs with laser guns.
Ed25519 signing¶
Ed25519 is an elliptic curve signing algorithm using EdDSA and Curve25519. If you do not have legacy interoperability concerns then you should strongly consider using this signature algorithm.
Signing & Verification¶
>>> from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
>>> private_key = Ed25519PrivateKey.generate()
>>> signature = private_key.sign(b"my authenticated message")
>>> public_key = private_key.public_key()
>>> # Raises InvalidSignature if verification fails
>>> public_key.verify(signature, b"my authenticated message")
Key interfaces¶
- class cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PrivateKey[source]¶
New in version 2.6.
- classmethod from_private_bytes(data)[source]¶
- Parameters:
data (bytes-like) – 32 byte private key.
- Returns:
- Raises:
ValueError – This is raised if the private key is not 32 bytes long.
cryptography.exceptions.UnsupportedAlgorithm – If Ed25519 is not supported by the OpenSSL version
cryptographyis using.
>>> from cryptography.hazmat.primitives import serialization >>> from cryptography.hazmat.primitives.asymmetric import ed25519 >>> private_key = ed25519.Ed25519PrivateKey.generate() >>> private_bytes = private_key.private_bytes( ... encoding=serialization.Encoding.Raw, ... format=serialization.PrivateFormat.Raw, ... encryption_algorithm=serialization.NoEncryption() ... ) >>> loaded_private_key = ed25519.Ed25519PrivateKey.from_private_bytes(private_bytes)
- sign(data)[source]¶
- Parameters:
data (bytes) – The data to sign.
- Returns bytes:
The 64 byte signature.
- private_bytes(encoding, format, encryption_algorithm)[source]¶
Allows serialization of the key to bytes. Encoding (
PEM,DER, orRaw) and format (PKCS8,OpenSSHorRaw) are chosen to define the exact serialization.- Parameters:
encoding – A value from the
Encodingenum.format – A value from the
PrivateFormatenum. If theencodingisRawthenformatmust beRaw, otherwise it must bePKCS8orOpenSSH.encryption_algorithm – An instance of an object conforming to the
KeySerializationEncryptioninterface.
- Return bytes:
Serialized key.
- class cryptography.hazmat.primitives.asymmetric.ed25519.Ed25519PublicKey[source]¶
New in version 2.6.
- classmethod from_public_bytes(data)[source]¶
- Parameters:
data (bytes) – 32 byte public key.
- Returns:
- Raises:
ValueError – This is raised if the public key is not 32 bytes long.
cryptography.exceptions.UnsupportedAlgorithm – If Ed25519 is not supported by the OpenSSL version
cryptographyis using.
>>> from cryptography.hazmat.primitives import serialization >>> from cryptography.hazmat.primitives.asymmetric import ed25519 >>> private_key = ed25519.Ed25519PrivateKey.generate() >>> public_key = private_key.public_key() >>> public_bytes = public_key.public_bytes( ... encoding=serialization.Encoding.Raw, ... format=serialization.PublicFormat.Raw ... ) >>> loaded_public_key = ed25519.Ed25519PublicKey.from_public_bytes(public_bytes)
- public_bytes(encoding, format)[source]¶
Allows serialization of the key to bytes. Encoding (
PEM,DER,OpenSSH, orRaw) and format (SubjectPublicKeyInfo,OpenSSH, orRaw) are chosen to define the exact serialization.- Parameters:
encoding – A value from the
Encodingenum.format – A value from the
PublicFormatenum. If theencodingisRawthenformatmust beRaw. IfencodingisOpenSSHthenformatmust beOpenSSH. In all other casesformatmust beSubjectPublicKeyInfo.
- Returns bytes:
The public key bytes.
- verify(signature, data)[source]¶
- Parameters:
- Raises:
cryptography.exceptions.InvalidSignature – Raised when the signature cannot be verified.