dongle

English

简体中文
日本語

English

简体中文
日本語

Theme

ED25519

ED25519 is an elliptic curve digital signature algorithm that uses the Curve25519 elliptic curve and Edwards coordinates. dongle supports standard and streaming ED25519 digital signatures, providing fast and secure signing and verification functionality.

ED25519 algorithm features:

  • High Performance: Fast signing and verification speed, better performance than traditional RSA algorithms
  • High Security: Uses 256-bit elliptic curve, providing security strength equivalent to 3072-bit RSA
  • Compact Keys: Public and private key lengths are only 32 bytes, signature length is 64 bytes
  • Side-Channel Attack Resistant: Algorithm design naturally resists timing attacks and other side-channel attacks
  • Deterministic Signatures: Signature results are deterministic for the same data, convenient for testing and debugging

Important Notes:

  • Key Format: ED25519 only supports PKCS#8 format keys, does not support PKCS#1 format
  • Key Length: ED25519 uses fixed-length keys, no need to choose key length
  • Hash Algorithm: ED25519 internally uses SHA-512 hash, no need to specify additional hash algorithm
  • Private Key Security: Private keys must be properly protected and cannot be leaked, only the private key holder can generate valid signatures
  • Signature Verification: Anyone can use the public key to verify the validity of signatures
  • Compatibility: ED25519 is a modern cryptographic standard with widespread support

Import related modules:

go
import (
    "github.com/dromara/dongle"
    "github.com/dromara/dongle/crypto/keypair"
)

Create key pair

go
kp := keypair.NewEd25519KeyPair()

Generate key pair

go
// Generate ED25519 key pair
kp.GenKeyPair()

// Get PEM format public key
publicKey := kp.PublicKey  
// Get PEM format private key
privateKey := kp.PrivateKey

Set key pair from existing PEM keys

go
// Set PEM format public key
kp.PublicKey = []byte(`-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEAGb9ECWmEzf6FQbrBZ9w7lshQhqowtrbLDFw4rXAxZuE=
-----END PUBLIC KEY-----`)

// Set PEM format private key
kp.PrivateKey = []byte(`-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEINTuctv5E1hK1bbY8fdp+K06/nwoy/HU++CXqI9EdVhC
-----END PRIVATE KEY-----`)

Load key pair from existing PEM key files

go
// Load public key from PEM file
publicKeyFile, _ := os.Open("ed25519_public_key.pem")
kp.LoadPublicKey(publicKeyFile)

// Load private key from PEM file
privateKeyFile, _ := os.Open("ed25519_private_key.pem")
kp.LoadPrivateKey(privateKeyFile)

Set key pair from existing string keys

go
// Set string format public key, will be automatically converted to corresponding PEM format public key
kp.SetPublicKey([]byte("Gb9ECWmEzf6FQbrBZ9w7lshQhqowtrbLDFw4rXAxZuE="))

// Set string format private key, will be automatically converted to corresponding PEM format private key
kp.SetPrivateKey([]byte("1O5y2/kTWErVttjx92n4rTr+fCjL8dT74Jeoj0R1WEI="))

Private key signing

Input data

go
// Input string
signer := dongle.Sign.FromString("hello world").ByEd25519(kp)
// Input byte slice
signer := dongle.Sign.FromBytes([]byte("hello world")).ByEd25519(kp)
// Input file stream
file, _ := os.Open("test.txt")
signer := dongle.Sign.FromFile(file).ByEd25519(kp)

// Check signing error
if signer.Error != nil {
	fmt.Printf("Signing error: %v\n", signer.Error)
	return
}

Output data

go
// Output Hex-encoded signature string
hexString := signer.ToHexString() // a1b2c3d4e5f6...
// Output Hex-encoded signature byte slice
hexBytes := signer.ToHexBytes()  // []byte("a1b2c3d4e5f6...")

// Output Base64-encoded signature string
base64String := signer.ToBase64String() // obbD1OX2...
// Output Base64-encoded signature byte slice
base64Bytes := signer.ToBase64Bytes()  // []byte("obbD1OX2...")

// Output raw signature string
rawString := signer.ToRawString()
// Output raw signature byte slice
rawBytes := signer.ToRawBytes()

Public key verification

Note: The WithXxxSign method must be called before ByEd25519

Input data

go
// Input string
verifier := dongle.Verify.FromString("hello world")
// Input byte slice
verifier := dongle.Verify.FromBytes([]byte("hello world"))
// Input file stream
file, _ := os.Open("test.txt")
verifier := dongle.Verify.FromFile(file)

// Set Hex-encoded signature
verifier.WithHexSign(hexString).ByEd25519(kp)
// Set Base64-encoded signature
verifier.WithBase64Sign(base64String).ByEd25519(kp)
// Set raw signature
verifier.WithRawSign(rawBytes).ByEd25519(kp)

// Check verification errors
if verifier.Error != nil {
    fmt.Printf("Verification error: %v\n", verifier.Error)
    return
}

Output data

go
// Output verification result
verifier.ToBool() // true or false

Released under the MIT License, unauthorized reproduction is prohibited in any form

Copyright © 2020-2025 dongle team