| … | |
… | |
| 36 | # verify message |
36 | # verify message |
| 37 | $valid = Crypt::Ed25519::eddsa_verify $message, $pubkey, $signature; |
37 | $valid = Crypt::Ed25519::eddsa_verify $message, $pubkey, $signature; |
| 38 | |
38 | |
| 39 | # verify, but croak on failure |
39 | # verify, but croak on failure |
| 40 | Crypt::Ed25519:eddsa_verify_croak $message, $pubkey, $signature; |
40 | Crypt::Ed25519:eddsa_verify_croak $message, $pubkey, $signature; |
|
|
41 | |
|
|
42 | ############################################ |
|
|
43 | # Curve25519 key exchange |
|
|
44 | |
|
|
45 | # side A: |
|
|
46 | ($pubkey_a, $privkey_a) = Crypt::Ed25519::generate_keypair; |
|
|
47 | # send $pubkey to side B |
|
|
48 | |
|
|
49 | # side B: |
|
|
50 | ($pubkey_b, $privkey_b) = Crypt::Ed25519::generate_keypair; |
|
|
51 | # send $pubkey to side A |
|
|
52 | |
|
|
53 | # side A then calculates their shared secret: |
|
|
54 | $shared_secret = Crypt::Ed25519::key_exchange $pubkey_b, $privkey_a; |
|
|
55 | |
|
|
56 | # and side B does this: |
|
|
57 | $shared_secret = Crypt::Ed25519::key_exchange $pubkey_a, $privkey_b; |
|
|
58 | |
|
|
59 | # the generated $shared_secret will be the same - you cna now |
|
|
60 | # hash it with hkdf or something else to generate symmetric private keys |
| 41 | |
61 | |
| 42 | =head1 DESCRIPTION |
62 | =head1 DESCRIPTION |
| 43 | |
63 | |
| 44 | This module implements Ed25519 public key generation, message signing and |
64 | This module implements Ed25519 public key generation, message signing and |
| 45 | verification. It is a pretty bare-bones implementation that implements |
65 | verification. It is a pretty bare-bones implementation that implements |
| … | |
… | |
| 74 | =cut |
94 | =cut |
| 75 | |
95 | |
| 76 | package Crypt::Ed25519; |
96 | package Crypt::Ed25519; |
| 77 | |
97 | |
| 78 | BEGIN { |
98 | BEGIN { |
| 79 | $VERSION = 1.01; |
99 | $VERSION = 1.05; |
| 80 | |
100 | |
| 81 | require XSLoader; |
101 | require XSLoader; |
| 82 | XSLoader::load Crypt::Ed25519::, $VERSION; |
102 | XSLoader::load Crypt::Ed25519::, $VERSION; |
| 83 | } |
103 | } |
| 84 | |
104 | |
| … | |
… | |
| 141 | your secret key. |
161 | your secret key. |
| 142 | |
162 | |
| 143 | =item $public_key = Crypt::Ed25519::eddsa_public_key $secret_key |
163 | =item $public_key = Crypt::Ed25519::eddsa_public_key $secret_key |
| 144 | |
164 | |
| 145 | Takes a secret key generated by C<Crypt::Ed25519::eddsa_secret_key> |
165 | Takes a secret key generated by C<Crypt::Ed25519::eddsa_secret_key> |
| 146 | and returns the corresponding C<$public_key>. The derivation ios |
166 | and returns the corresponding C<$public_key>. The derivation is |
| 147 | deterministic, i.e. the C<$public_key> generated for a specific |
167 | deterministic, i.e. the C<$public_key> generated for a specific |
| 148 | C<$secret_key> is always the same. |
168 | C<$secret_key> is always the same. |
| 149 | |
169 | |
| 150 | This public key corresponds to the public key in the Ed25519 API above. |
170 | This public key corresponds to the public key in the Ed25519 API above. |
| 151 | |
171 | |
| … | |
… | |
| 186 | derive the public key as needed. On the other hand, signing using the |
206 | derive the public key as needed. On the other hand, signing using the |
| 187 | private key is faster than using the secret key, so converting the secret |
207 | private key is faster than using the secret key, so converting the secret |
| 188 | key to a public/private key pair allows you to sign a small message, or |
208 | key to a public/private key pair allows you to sign a small message, or |
| 189 | many messages, faster. |
209 | many messages, faster. |
| 190 | |
210 | |
|
|
211 | =head1 Curve25519 Key Exchange |
|
|
212 | |
|
|
213 | As an extension to Ed25519, this module implements a key exchange similar |
|
|
214 | to Curve25519, which should be compatible to other implementations of |
|
|
215 | Curv25519, depending on how the resulting shared secret is hashed. |
|
|
216 | |
|
|
217 | To do this, both sides generate a keypair and send their public key to the |
|
|
218 | other side. Then both sides can generate the same shared secret using this |
|
|
219 | function: |
|
|
220 | |
|
|
221 | =over |
|
|
222 | |
|
|
223 | =item $shared_secret = Crypt::Ed25519::key_exchange $other_public_key, $own_private_key |
|
|
224 | |
|
|
225 | Return the 32 octet shared secret generated from the given public and |
|
|
226 | private key. |
|
|
227 | |
|
|
228 | The resulting C<$shared_key> should be hashed before use (for example, by |
|
|
229 | using it in a KDF such as HKDF). |
|
|
230 | |
|
|
231 | See SYNOPSIS for an actual example. |
|
|
232 | |
|
|
233 | =back |
|
|
234 | |
|
|
235 | =head1 SUPPORT FOR THE PERL MULTICORE SPECIFICATION |
|
|
236 | |
|
|
237 | This module supports the perl multicore specification |
|
|
238 | (L<http://perlmulticore.schmorp.de/>) for all operations, although it |
|
|
239 | makes most sense to use it when signing or verifying longer messages. |
|
|
240 | |
| 191 | =head1 IMPLEMENTATIOIN |
241 | =head1 IMPLEMENTATION |
| 192 | |
242 | |
| 193 | This module currently uses "Nightcracker's Ed25519" implementation, which |
243 | This module currently uses "Nightcracker's Ed25519" implementation, which |
| 194 | is unmodified except for some portability fixes and static delcarations, |
244 | is unmodified except for some portability fixes and static delcarations, |
| 195 | but the interface is kept implementation-agnostic to allow usage of other |
245 | but the interface is kept implementation-agnostic to allow usage of other |
| 196 | implementations in the future. |
246 | implementations in the future. |
| 197 | |
247 | |
| 198 | =head1 AUTHOR |
248 | =head1 AUTHOR |
| 199 | |
249 | |
| 200 | Marc Lehmann <schmorp@schmorp.de> |
250 | Marc Lehmann <schmorp@schmorp.de> |
| 201 | http://sfotware.schmorp.de/pkg/Crypt-Ed25519.html |
251 | http://software.schmorp.de/pkg/Crypt-Ed25519.html |
| 202 | |
252 | |
| 203 | =cut |
253 | =cut |
| 204 | |
254 | |
| 205 | 1 |
255 | 1 |
| 206 | |
256 | |
