package ed25519

Import Path
	crypto/ed25519 (on go.dev)

Dependency Relation
	imports 9 packages, and imported by 2 packages

Involved Source Files

	  d ed25519.go
		Package ed25519 implements the Ed25519 signature algorithm. See
		https://ed25519.cr.yp.to/.
		
		These functions are also compatible with the “Ed25519” function defined in
		RFC 8032. However, unlike RFC 8032's formulation, this package's private key
		representation includes a public key suffix to make multiple signing
		operations with the same key more efficient. This package refers to the RFC
		8032 private key as the “seed”.
Package-Level Type Names (total 3, all are exported)

	/* sort exporteds by: alphabet | popularity */
	 type Options (struct)
		Options can be used with [PrivateKey.Sign] or [VerifyWithOptions]
		to select Ed25519 variants.

		Fields (total 2, both are exported)
			Context string
				Context, if not empty, selects Ed25519ctx or provides the context string
				for Ed25519ph. It can be at most 255 bytes in length.

			Hash crypto.Hash
				Hash can be zero for regular Ed25519, or crypto.SHA512 for Ed25519ph.

		Methods (only one, which is exported)
			(*Options) HashFunc() crypto.Hash
				HashFunc returns o.Hash.

		Implements (at least one exported)
			*Options : crypto.SignerOpts
		As Inputs Of (at least one exported)
			func VerifyWithOptions(publicKey PublicKey, message, sig []byte, opts *Options) error

	 type PrivateKey ([])
		PrivateKey is the type of Ed25519 private keys. It implements [crypto.Signer].

		Methods (total 4, all are exported)
			( PrivateKey) Equal(x crypto.PrivateKey) bool
				Equal reports whether priv and x have the same value.

			( PrivateKey) Public() crypto.PublicKey
				Public returns the [PublicKey] corresponding to priv.

			( PrivateKey) Seed() []byte
				Seed returns the private key seed corresponding to priv. It is provided for
				interoperability with RFC 8032. RFC 8032's private keys correspond to seeds
				in this package.

			( PrivateKey) Sign(rand io.Reader, message []byte, opts crypto.SignerOpts) (signature []byte, err error)
				Sign signs the given message with priv. rand is ignored and can be nil.
				
				If opts.HashFunc() is [crypto.SHA512], the pre-hashed variant Ed25519ph is used
				and message is expected to be a SHA-512 hash, otherwise opts.HashFunc() must
				be [crypto.Hash](0) and the message must not be hashed, as Ed25519 performs two
				passes over messages to be signed.
				
				A value of type [Options] can be used as opts, or crypto.Hash(0) or
				crypto.SHA512 directly to select plain Ed25519 or Ed25519ph, respectively.

		Implements (at least one exported)
			 PrivateKey : crypto.Signer
		As Outputs Of (at least 2, both are exported)
			func GenerateKey(rand io.Reader) (PublicKey, PrivateKey, error)
			func NewKeyFromSeed(seed []byte) PrivateKey
		As Inputs Of (at least one exported)
			func Sign(privateKey PrivateKey, message []byte) []byte

	 type PublicKey ([])
		PublicKey is the type of Ed25519 public keys.

		Methods (only one, which is exported)
			( PublicKey) Equal(x crypto.PublicKey) bool
				Equal reports whether pub and x have the same value.

		As Outputs Of (at least one exported)
			func GenerateKey(rand io.Reader) (PublicKey, PrivateKey, error)
		As Inputs Of (at least 3, in which 2 are exported)
			func Verify(publicKey PublicKey, message, sig []byte) bool
			func VerifyWithOptions(publicKey PublicKey, message, sig []byte, opts *Options) error
			/* at least one unexported ... *//* at least one unexported: */
			func verify(publicKey PublicKey, message, sig []byte, domPrefix, context string) bool


Package-Level Functions (total 8, in which 5 are exported)

	 func GenerateKey(rand io.Reader) (PublicKey, PrivateKey, error)
		GenerateKey generates a public/private key pair using entropy from rand.
		If rand is nil, [crypto/rand.Reader] will be used.
		
		The output of this function is deterministic, and equivalent to reading
		[SeedSize] bytes from rand, and passing them to [NewKeyFromSeed].

	 func NewKeyFromSeed(seed []byte) PrivateKey
		NewKeyFromSeed calculates a private key from a seed. It will panic if
		len(seed) is not [SeedSize]. This function is provided for interoperability
		with RFC 8032. RFC 8032's private keys correspond to seeds in this
		package.

	 func Sign(privateKey PrivateKey, message []byte) []byte
		Sign signs the message with privateKey and returns a signature. It will
		panic if len(privateKey) is not [PrivateKeySize].

	 func Verify(publicKey PublicKey, message, sig []byte) bool
		Verify reports whether sig is a valid signature of message by publicKey. It
		will panic if len(publicKey) is not [PublicKeySize].

	 func VerifyWithOptions(publicKey PublicKey, message, sig []byte, opts *Options) error
		VerifyWithOptions reports whether sig is a valid signature of message by
		publicKey. A valid signature is indicated by returning a nil error. It will
		panic if len(publicKey) is not [PublicKeySize].
		
		If opts.Hash is [crypto.SHA512], the pre-hashed variant Ed25519ph is used and
		message is expected to be a SHA-512 hash, otherwise opts.Hash must be
		[crypto.Hash](0) and the message must not be hashed, as Ed25519 performs two
		passes over messages to be signed.

	/* 3 unexporteds ... *//* 3 unexporteds: */
	 func newKeyFromSeed(privateKey, seed []byte)
	 func sign(signature, privateKey, message []byte, domPrefix, context string)
	 func verify(publicKey PublicKey, message, sig []byte, domPrefix, context string) bool
Package-Level Constants (total 7, in which 4 are exported)

	const PrivateKeySize = 64
		PrivateKeySize is the size, in bytes, of private keys as used in this package.

	const PublicKeySize = 32
		PublicKeySize is the size, in bytes, of public keys as used in this package.

	const SeedSize = 32
		SeedSize is the size, in bytes, of private key seeds. These are the private key representations used by RFC 8032.

	const SignatureSize = 64
		SignatureSize is the size, in bytes, of signatures generated and verified by this package.

	/* 3 unexporteds ... *//* 3 unexporteds: */
	const domPrefixCtx = "SigEd25519 no Ed25519 collisions\x00"
		domPrefixCtx is dom2(phflag=0) for Ed25519ctx. It must be followed by the
		uint8-length prefixed context.

	const domPrefixPh = "SigEd25519 no Ed25519 collisions\x01"
		domPrefixPh is dom2(phflag=1) for Ed25519ph. It must be followed by the
		uint8-length prefixed context.

	const domPrefixPure = ""
		domPrefixPure is empty for pure Ed25519.

The pages are generated with Golds v0.6.7. (GOOS=linux GOARCH=amd64)
Golds is a Go 101 project developed by Tapir Liu.
PR and bug reports are welcome and can be submitted to the issue list.
Please follow @Go100and1 (reachable from the left QR code) to get the latest news of Golds.