Function generateDeterministic [src]

Deterministically derive a key pair from a cryptograpically secure secret seed. To create a new key, applications should generally call generate() instead of this function. As in RFC 8032, an Ed25519 public key is generated by hashing the secret key using the SHA-512 function, and interpreting the bit-swapped, clamped lower-half of the output as the secret scalar. For this reason, an EdDSA secret key is commonly called a seed, from which the actual secret is derived.

Prototype

pub fn generateDeterministic(seed: [seed_length]u8) IdentityElementError!KeyPair

Parameters

seed: [seed_length]u8

Possible Errors

IdentityElement IdentityElementError

Source

  pub fn generateDeterministic(seed: [seed_length]u8) IdentityElementError!KeyPair {
    var az: [Sha512.digest_length]u8 = undefined;
    var h = Sha512.init(.{});
    h.update(&seed);
    h.final(&az);
    const pk_p = Curve.basePoint.clampedMul(az[0..32].*) catch return error.IdentityElement;
    const pk_bytes = pk_p.toBytes();
    var sk_bytes: [SecretKey.encoded_length]u8 = undefined;
    sk_bytes[0..seed_length].* = seed;
    sk_bytes[seed_length..].* = pk_bytes;
    return KeyPair{
        .public_key = PublicKey.fromBytes(pk_bytes) catch unreachable,
        .secret_key = try SecretKey.fromBytes(sk_bytes),
    };
}  