Replies: 2 comments
-
|
If the seed is not reused for other applications, you can use it directly, as private key. It needs to be 32 bytes, that's mostly it. Otherwise, a suggested method to convert seed to a private key could look like this: import { hkdf } from '@noble/hashes/hkdf';
import { sha256 } from '@noble/hashes/sha256';
let seed = ...; // uint8array
const edKey = hkdf(sha256, seed, undefined, 'my-app-name', 32);ed25519-keygen package also provides bip32 hierarchical wallets built on top of seed: https://github.com/paulmillr/ed25519-keygen?tab=readme-ov-file#hdkey |
Beta Was this translation helpful? Give feedback.
-
|
Thank you. I was seeking to replicate the behavior from Sodium, generating a seeded ed25519 keypair with its int
crypto_sign_ed25519_seed_keypair(unsigned char *pk, unsigned char *sk,
const unsigned char *seed)
{
ge25519_p3 A;
crypto_hash_sha512(sk, seed, 32);
sk[0] &= 248;
sk[31] &= 127;
sk[31] |= 64;
ge25519_scalarmult_base(&A, sk);
ge25519_p3_tobytes(pk, &A);
memmove(sk, seed, 32);
memmove(sk + 32, pk, 32);
return 0;
}I'm rusty on my C skills (to fully understand that code), but I think I understand most of it, except the operations in the call to void
ge25519_p3_tobytes(unsigned char *s, const ge25519_p3 *h)
{
fe25519 recip;
fe25519 x;
fe25519 y;
fe25519_invert(recip, h->Z);
fe25519_mul(x, h->X, recip);
fe25519_mul(y, h->Y, recip);
fe25519_tobytes(s, y);
s[31] ^= fe25519_isnegative(x) << 7;
}Those I'm not sure what utilities I might use from Noble to do the equivalent of these operations? Are there any available, or another compatible set of steps? Do you have any tips/thoughts? That question aside, though, IIUC, I believe I could do the rest of it this way with Noble (Hashes + Curves): import { sha512 } from '@noble/hashes/sha512';
import { x25519 } from '@noble/curves/x25519';
function generateSeed() {
let seed = new Uint8Array(32);
crypto.getRandomValues(seed);
return seed;
}
function ge25519_p3_tobytes(h) {
// ???
}
function ed25519Keygen(seed = generateSeed()) {
let sk = new Uint8Array(64);
sk.set(sha512(seed),0);
sk[0] &= 248;
sk[31] &= 127;
sk[31] |= 64;
let A = x25519.scalarMultBase(sk);
let pk = ge25519_p3_tobytes(A);
sk.set(seed,0);
sk.set(pk,32);
return { sk, pk };
}Does that And just for posterity, generating a seeded x25519 keypair with Sodium's int
crypto_box_curve25519xsalsa20poly1305_seed_keypair(unsigned char *pk,
unsigned char *sk,
const unsigned char *seed)
{
unsigned char hash[64];
crypto_hash_sha512(hash, seed, 32);
memcpy(sk, hash, 32);
sodium_memzero(hash, sizeof hash);
return crypto_scalarmult_curve25519_base(pk, sk);
}...with Noble (Hashes + Curves): import { sha512 } from '@noble/hashes/sha512';
import { x25519 } from '@noble/curves/x25519';
function generateSeed() {
let seed = new Uint8Array(32);
crypto.getRandomValues(seed);
return seed;
}
function x25519Keygen(seed = generateSeed()) {
let sk = sha512(seed);
let pk = x25519.scalarMultBase(sk);
return { sk, pk };
} |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
Uh oh!
There was an error while loading. Please reload this page.
-
I'm looking to generate/compute an ed25519 private key from a known seed/iv. I don't see a method for that on the
ed25519API. Is there a way to do this, perhaps with the abstract API or the utils? I don't fully understand the underlying math involved, so without a dedicated API method for this I couldn't work out how to do it. Thank you.Beta Was this translation helpful? Give feedback.
All reactions