rubycrypto / ed25519 Goto Github PK

View Code? Open in Web Editor NEW

105.0 7.0 16.0 1.02 MB

Ed25519 high-performance public-key signature system as a RubyGem (MRI C extension and JRuby Java extension)

Home Page: https://ed25519.cr.yp.to/

License: MIT License

C 46.81% Ruby 3.06% Java 50.07% HTML 0.06%

ed25519 digital-signatures curve25519 elliptic-curves cryptography

ed25519's Introduction

ed25519.rb

A Ruby binding to the Ed25519 elliptic curve public-key signature system described in RFC 8032.

Two implementations are provided: a MRI C extension which uses the "ref10" implementation from the SUPERCOP benchmark suite, and a pure Java version based on str4d/ed25519-java.

Ed25519 is one of two notable algorithms implemented atop the Curve25519 elliptic curve. The x25519 gem is a related project of this one, and implements the X25519 Diffie-Hellman key exchange algorithm on the Montgomery form of Curve25519.

What is Ed25519?

Ed25519 is a modern implementation of a Schnorr signature system using elliptic curve groups.

Ed25519 provides a 128-bit security level, that is to say, all known attacks take at least 2^128 operations, providing the same security level as AES-128, NIST P-256, and RSA-3072.

Ed25519 has a number of unique properties that make it one of the best-in-class digital signature algorithms:

Small keys: Ed25519 keys are only 256-bits (32 bytes), making them small enough to easily copy around. Ed25519 also allows the public key to be derived from the private key, meaning that it doesn't need to be included in a serialized private key in cases you want both.
Small signatures: Ed25519 signatures are only 512-bits (64 bytes), one of the smallest signature sizes available.
Deterministic: Unlike (EC)DSA, Ed25519 does not rely on an entropy source when signing messages. This can be a potential attack vector if the entropy source is not generating good random numbers. Ed25519 avoids this problem entirely and will always generate the same signature for the same data.
Collision Resistant: Hash-function collisions do not break this system. This adds a layer of defense against the possibility of weakness in the selected hash function.

You can read more on Dan Bernstein's Ed25519 site.

Is it any good?

Yes.

Help and Discussion

Have questions? Want to suggest a feature or change? Join a discussion group:

Crypto.rb Gitter: web-based chat about Ruby crypto projects including ed25519.
Crypto.rb Google Group: join via web or email ([email protected])

Requirements

ed25519.rb is supported on and tested against the following platforms:

MRI 2.4, 2.5, 2.6, 2.7, 3.0
JRuby 9.2.19, 9.3.0

Installation

Add this line to your application's Gemfile:

gem 'ed25519'

And then execute:

$ bundle

Or install it yourself as:

$ gem install ed25519

Usage

Require ed25519.rb in your Ruby program:

require "ed25519"

Generate a new random signing key:

signing_key = Ed25519::SigningKey.generate

Sign a message with the signing key:

signature = signing_key.sign(message)

Obtain the verify key for a given signing key:

verify_key = signing_key.verify_key

Check the validity of a signature:

verify_key.verify(signature, message)

The verify method will return true if the signature verifies, or raise Ed25519::VerifyError if verification fails.

Serializing Keys

Keys can be serialized as 32-byte binary strings as follows:

signature_key_bytes = signing_key.to_bytes
verify_key_bytes = verify_key.to_bytes

The binary serialization can be passed directly into the constructor for a given key type:

signing_key = Ed25519::SigningKey.new(signature_key_bytes)
verify_key  = Ed25519::VerifyKey.new(verify_key_bytes)

Security Notes

The Ed25519 "ref10" implementation from SUPERCOP was lovingly crafted by expert security boffins with great care taken to prevent timing attacks. The same cannot be said for the C code used in the ed25519.rb C extension or in the entirety of the provided Java implementation.

Care should be taken to avoid leaking to the attacker how long it takes to generate keys or sign messages (at least until ed25519.rb itself can be audited by experts who can fix any potential timing vulnerabilities)

ed25519.rb relies on a strong SecureRandom for key generation. Weaknesses in the random number source can potentially result in insecure keys.

Contributing

Bug reports and pull requests are welcome on GitHub at https://github.com/RubyCrypto/ed25519. This project is intended to be a safe, welcoming space for collaboration, and contributors areexpected to adhere to the Contributor Covenant code of conduct.

License

Code of Conduct

Everyone interacting in the ed25519.rb project’s codebases, issue trackers, chat rooms and mailing lists is expected to follow the code of conduct.

ed25519's People

Contributors

Stargazers

Watchers

Forkers

mikalv animagus-minerva mehmet-tr deepj ixti uheqiang utkarsh2102 johndbritton ziqing-cyber jtdowney ghosteathuman gogainda dentarg jeremyevans

ed25519's Issues

When use with capistrano, get incompatible library version error.

cap aborted!
LoadError: incompatible library version - ed25519-1.3.0/lib/ed25519_ref10.so
<internal:ruby/lib/ruby/3.1.0/rubygems/core_ext/kernel_require.rb>:85:in `require'
<internal:ruby/lib/ruby/3.1.0/rubygems/core_ext/kernel_require.rb>:85:in `require'
ed25519-1.3.0/lib/ed25519.rb:35:in `<module:Ed25519>'
ed25519-1.3.0/lib/ed25519.rb:9:in `<top (required)>'
<internal:ruby/lib/ruby/3.1.0/rubygems/core_ext/kernel_require.rb>:85:in `require'
<internal:ruby/lib/ruby/3.1.0/rubygems/core_ext/kernel_require.rb>:85:in `require'
/home/common/Stocks/marketbet_crawler/Capfile:6:in `<top (required)>'
ruby/lib/ruby/gems/3.1.0/gems/rake-13.0.6/lib/rake/rake_module.rb:29:in `load'
ruby/lib/ruby/gems/3.1.0/gems/rake-13.0.6/lib/rake/rake_module.rb:29:in `load_rakefile'
ruby/lib/ruby/gems/3.1.0/gems/rake-13.0.6/lib/rake/application.rb:710:in `raw_load_rakefile'
ruby/lib/ruby/gems/3.1.0/gems/rake-13.0.6/lib/rake/application.rb:104:in `block in load_rakefile'
ruby/lib/ruby/gems/3.1.0/gems/rake-13.0.6/lib/rake/application.rb:186:in `standard_exception_handling'
ruby/lib/ruby/gems/3.1.0/gems/rake-13.0.6/lib/rake/application.rb:103:in `load_rakefile'
ruby/lib/ruby/gems/3.1.0/gems/rake-13.0.6/lib/rake/application.rb:82:in `block in run'
ruby/lib/ruby/gems/3.1.0/gems/rake-13.0.6/lib/rake/application.rb:186:in `standard_exception_handling'
ruby/lib/ruby/gems/3.1.0/gems/rake-13.0.6/lib/rake/application.rb:80:in `run'
capistrano-3.17.1/lib/capistrano/application.rb:14:in `run'
bin/../app/capistrano/gems/capistrano-3.17.1/bin/cap:3:in `<main>'

Thanks

public and secret key

How expoert public and secret key
for example I need send public key to friend

for example https://ssbc.github.io/scuttlebutt-protocol-guide/#discovery

Support sign hex string

When the message is hex string like(0x0b00586cb27c291c813ce74e86a60dad270609abf2fc8bee107e44a80ac00225c409070010a5d4e80028000100000001000000d9bdd928bef54b08037a91aef4d051e5f6aacdd2cceb839ce58b668e275a161fd9bdd928bef54b08037a91aef4d051e5f6aacdd2cceb839ce58b668e275a161f),
When i use sign message, give me a wrong message.which is different from python result and js result.
please support it

Release new version for jRuby 9.3 support

Hi! I see you have a fix committed to fix jRuby 9.3 - could you release a new gem version with the fix?

I'm getting this error with capistrano and your fix seems to work when I paste it in manually:

NoMethodError: undefined method `runtime' for JRuby:Module

Thanks!

How to use a received public key?

This is more like a quesiotn of usage. Got a public I need to use to verify a siganture. But when i try to load it i get

expected 32-byte String, got 43

Is that becasue i am using a Base64 encoded string?

Internals could use refactoring

The internals of this gem are a tad wonky: parts of the code are implemented in Ruby and other parts as native extensions, calling each other through Ed25519::Engine.

They should probably be rewritten to work more like the x25519 gem, with the entirety of the gem implemented in the respective native language.

64-byte expanded secret key support

Is it possible to use a 64 byte signing key with this library? I have a key generated from https://github.com/sparkle-project/ed25519 and I need to verify signatures using ruby.

Better JRuby provider

The JRuby provider used by this library is quite old, slow, and based on BigInteger, which may mean it is not timing-safe:

https://github.com/k3d3/ed25519-java

It now carries the following warning:

Don't use this!

This library was the first implementation of ed25519 in Java, and I highly recommend you don't
use this for anything serious. It uses BigInteger for everything and is therefore extremely slow
(takes 5 seconds to sign a message) and is also not secure against side-channel or timing attacks.

str4d's implementation is an alternative to consider:

https://github.com/str4d/ed25519-java

License conflict between LICENSE and Gemspec:license

Hi, the Gemspec file incorrectly identifies the project license as the MITlicense.

However, the LICENSE file contains a copy of the MIT-feh license.

The Gemspec file and the README file should be updated to use the MIT-feh short identifier instead.

More modern Ed25519 implementation(s)

The implementation used in this gem presently is the ~~~ref (not even ref10!)~~~ ref10 from SUPERCOP ~~~circa 2012~~~ October 2017. ~~~At the very least, it'd be good to upgrade the portable C implementation to ref10~~~.

It'd be nice to supply a more optimized implementation, such as floodyberry's ed25519-donna:

https://github.com/floodyberry/ed25519-donna

It might also be interesting to explore binding to curve25519-dalek using Helix:

https://github.com/isislovecruft/curve25519-dalek

See also issue #4 specifically in regard to JRuby.

Seeking to decode a point

I'm seeking to decode a point as described in RFC-8032 Section 5.1.3.

I believe I've discovered that the point is available as a serialization verify_key.to_bytes, however in rummaging through the gem, I cannot readily find an interface that performs the Section 5.1.3 decoding.

Is this decoding operation already supported? If so, are there usage guidelines?

(newbie in working with ed25519)