Danger
This is a “Hazardous Materials” module. You should ONLY use it if you’re 100% absolutely sure that you know what you’re doing because this module is full of land mines, dragons, and dinosaurs with laser guns.
Ed25519 signing¶
Ed25519 is an elliptic curve signing algorithm using EdDSA and Curve25519. If you do not have legacy interoperability concerns then you should strongly consider using this signature algorithm.
Signing & Verification¶
>>> from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
>>> private_key = Ed25519PrivateKey.generate()
>>> signature = private_key.sign(b"my authenticated message")
>>> public_key = private_key.public_key()
>>> # Raises InvalidSignature if verification fails
>>> public_key.verify(signature, b"my authenticated message")
Key interfaces¶
-
class
cryptography.hazmat.primitives.asymmetric.ed25519.
Ed25519PrivateKey
¶ New in version 2.6.
-
classmethod
generate
()¶ Generate an Ed25519 private key.
Returns: Ed25519PrivateKey
-
classmethod
from_private_bytes
(data)¶ Parameters: data (bytes-like) – 32 byte private key. Returns: Ed25519PrivateKey
>>> from cryptography.hazmat.primitives import serialization >>> from cryptography.hazmat.primitives.asymmetric import ed25519 >>> private_key = ed25519.Ed25519PrivateKey.generate() >>> private_bytes = private_key.private_bytes( ... encoding=serialization.Encoding.Raw, ... format=serialization.PrivateFormat.Raw, ... encryption_algorithm=serialization.NoEncryption() ... ) >>> loaded_private_key = ed25519.Ed25519PrivateKey.from_private_bytes(private_bytes)
-
public_key
()¶ Returns: Ed25519PublicKey
-
private_bytes
(encoding, format, encryption_algorithm)¶ Allows serialization of the key to bytes. Encoding (
PEM
,DER
, orRaw
) and format (PKCS8
,OpenSSH
orRaw
) are chosen to define the exact serialization.Parameters: - encoding – A value from the
Encoding
enum. - format – A value from the
PrivateFormat
enum. If theencoding
isRaw
thenformat
must beRaw
, otherwise it must bePKCS8
orOpenSSH
. - encryption_algorithm – An instance of an object conforming to the
KeySerializationEncryption
interface.
Return bytes: Serialized key.
- encoding – A value from the
-
classmethod
-
class
cryptography.hazmat.primitives.asymmetric.ed25519.
Ed25519PublicKey
¶ New in version 2.6.
-
classmethod
from_public_bytes
(data)¶ Parameters: data (bytes) – 32 byte public key. Returns: Ed25519PublicKey
>>> from cryptography.hazmat.primitives import serialization >>> from cryptography.hazmat.primitives.asymmetric import ed25519 >>> private_key = ed25519.Ed25519PrivateKey.generate() >>> public_key = private_key.public_key() >>> public_bytes = public_key.public_bytes( ... encoding=serialization.Encoding.Raw, ... format=serialization.PublicFormat.Raw ... ) >>> loaded_public_key = ed25519.Ed25519PublicKey.from_public_bytes(public_bytes)
-
public_bytes
(encoding, format)¶ Allows serialization of the key to bytes. Encoding (
PEM
,DER
,OpenSSH
, orRaw
) and format (SubjectPublicKeyInfo
,OpenSSH
, orRaw
) are chosen to define the exact serialization.Parameters: - encoding – A value from the
Encoding
enum. - format – A value from the
PublicFormat
enum. If theencoding
isRaw
thenformat
must beRaw
. Ifencoding
isOpenSSH
thenformat
must beOpenSSH
. In all other casesformat
must beSubjectPublicKeyInfo
.
Returns bytes: The public key bytes.
- encoding – A value from the
-
verify
(signature, data)¶ Parameters: Raises: cryptography.exceptions.InvalidSignature – Raised when the signature cannot be verified.
-
classmethod