Replies: 2 comments
-
If the seed is not reused for other applications, you can use it directly, as private key. It needs to be 32 bytes, that's mostly it. Otherwise, a suggested method to convert seed to a private key could look like this: import { hkdf } from '@noble/hashes/hkdf';
import { sha256 } from '@noble/hashes/sha256';
let seed = ...; // uint8array
const edKey = hkdf(sha256, seed, undefined, 'my-app-name', 32); ed25519-keygen package also provides bip32 hierarchical wallets built on top of seed: https://github.com/paulmillr/ed25519-keygen?tab=readme-ov-file#hdkey |
Beta Was this translation helpful? Give feedback.
-
Thank you. I was seeking to replicate the behavior from Sodium, generating a seeded ed25519 keypair with its int
crypto_sign_ed25519_seed_keypair(unsigned char *pk, unsigned char *sk,
const unsigned char *seed)
{
ge25519_p3 A;
crypto_hash_sha512(sk, seed, 32);
sk[0] &= 248;
sk[31] &= 127;
sk[31] |= 64;
ge25519_scalarmult_base(&A, sk);
ge25519_p3_tobytes(pk, &A);
memmove(sk, seed, 32);
memmove(sk + 32, pk, 32);
return 0;
} I'm rusty on my C skills (to fully understand that code), but I think I understand most of it, except the operations in the call to void
ge25519_p3_tobytes(unsigned char *s, const ge25519_p3 *h)
{
fe25519 recip;
fe25519 x;
fe25519 y;
fe25519_invert(recip, h->Z);
fe25519_mul(x, h->X, recip);
fe25519_mul(y, h->Y, recip);
fe25519_tobytes(s, y);
s[31] ^= fe25519_isnegative(x) << 7;
} Those I'm not sure what utilities I might use from Noble to do the equivalent of these operations? Are there any available, or another compatible set of steps? Do you have any tips/thoughts? That question aside, though, IIUC, I believe I could do the rest of it this way with Noble (Hashes + Curves): import { sha512 } from '@noble/hashes/sha512';
import { x25519 } from '@noble/curves/x25519';
function generateSeed() {
let seed = new Uint8Array(32);
crypto.getRandomValues(seed);
return seed;
}
function ge25519_p3_tobytes(h) {
// ???
}
function ed25519Keygen(seed = generateSeed()) {
let sk = new Uint8Array(64);
sk.set(sha512(seed),0);
sk[0] &= 248;
sk[31] &= 127;
sk[31] |= 64;
let A = x25519.scalarMultBase(sk);
let pk = ge25519_p3_tobytes(A);
sk.set(seed,0);
sk.set(pk,32);
return { sk, pk };
} Does that And just for posterity, generating a seeded x25519 keypair with Sodium's int
crypto_box_curve25519xsalsa20poly1305_seed_keypair(unsigned char *pk,
unsigned char *sk,
const unsigned char *seed)
{
unsigned char hash[64];
crypto_hash_sha512(hash, seed, 32);
memcpy(sk, hash, 32);
sodium_memzero(hash, sizeof hash);
return crypto_scalarmult_curve25519_base(pk, sk);
} ...with Noble (Hashes + Curves): import { sha512 } from '@noble/hashes/sha512';
import { x25519 } from '@noble/curves/x25519';
function generateSeed() {
let seed = new Uint8Array(32);
crypto.getRandomValues(seed);
return seed;
}
function x25519Keygen(seed = generateSeed()) {
let sk = sha512(seed);
let pk = x25519.scalarMultBase(sk);
return { sk, pk };
} |
Beta Was this translation helpful? Give feedback.
-
I'm looking to generate/compute an ed25519 private key from a known seed/iv. I don't see a method for that on the
ed25519
API. Is there a way to do this, perhaps with the abstract API or the utils? I don't fully understand the underlying math involved, so without a dedicated API method for this I couldn't work out how to do it. Thank you.Beta Was this translation helpful? Give feedback.
All reactions