geomind_research/herolib_rust
18
0
Fork 1
Code Issues 18 Pull requests 2 Projects 1 Releases Packages 1 Wiki Activity Actions

crypto ed25519 module #8

New issue
Closed
opened 2025-12-21 11:35:31 +00:00 by thabeta · 1 comment
thabeta commented 2025-12-21 11:35:31 +00:00
Owner
Copy link

Module Overview

The keys module provides the foundational cryptographic infrastructure for , focusing on Ed25519 keypair generation, secure key management, and essential cryptographic utilities. This module ensures that all components can generate, store, and use cryptographic keys securely for authentication, encryption, and digital signatures throughout the ecosystem.

Functionality

  • Ed25519 keypair generation and management: Generate cryptographically secure Ed25519 keypairs using system entropy, with support for importing existing keys from various formats (hex, raw bytes)
  • Key serialization and deserialization: Export and import keys in multiple formats including hexadecimal strings and raw byte arrays for storage and transmission
  • Digital signature operations: Sign and verify messages using Ed25519 signatures, providing cryptographic guarantees of authenticity and integrity
  • Cryptographic helper functions: Essential utilities including secure random number generation, encoding/decoding operations, and hash functions
  • Security utilities: Constant-time comparison functions to prevent timing attacks and SHA-256 digest calculations for data integrity

Module API

Key Management

  • KeyPair::generate() -> Result<Self, KeyError> - Generate a new cryptographically secure Ed25519 keypair using system entropy
  • KeyPair::from_private_hex(hex: &str) -> Result<Self, KeyError> - Restore a keypair from a hex-encoded private key string
  • KeyPair::from_private_bytes(bytes: &[u8]) -> Result<Self, KeyError> - Restore a keypair from raw private key bytes
  • KeyPair::public_key_hex(&self) -> String - Export the public key as a hex-encoded string for sharing or storage
  • KeyPair::private_key_hex(&self) -> String - Export the private key as a hex-encoded string (use with caution)
  • KeyPair::public_key_bytes(&self) -> Vec<u8> - Export the public key as raw bytes for binary protocols
  • KeyPair::private_key_bytes(&self) -> Vec<u8> - Export the private key as raw bytes (handle securely)
  • KeyPair::sign(&self, message: &[u8]) -> Signature - Create a digital signature for the given message
  • KeyPair::verify(&self, message: &[u8], sig: &Signature) -> bool - Verify a signature against the original message
  • KeyPair::to_public_key(&self) -> PublicKey - Extract just the public key portion for sharing

Utilities

  • generate_random_bytes(size: usize) -> Vec<u8> - Generate cryptographically secure random bytes using system entropy
  • encode_hex(data: &[u8]) -> String - Convert binary data to hexadecimal string representation
  • decode_hex(s: &str) -> Result<Vec<u8>, DecodeError> - Convert hex string back to binary data with validation
  • encode_base64(data: &[u8]) -> String - Encode binary data using Base64 for text-safe transmission
  • decode_base64(s: &str) -> Result<Vec<u8>, DecodeError> - Decode Base64 string back to binary data
  • secure_compare(a: &[u8], b: &[u8]) -> bool - Constant-time comparison to prevent timing attacks
  • sha256_digest(data: &[u8]) -> Vec<u8> - Compute SHA-256 hash for data integrity verification
  • verify_signature_ed25519(public_key: &[u8], message: &[u8], signature: &[u8]) -> bool - Standalone signature verification using raw bytes
## Module Overview The keys module provides the foundational cryptographic infrastructure for , focusing on Ed25519 keypair generation, secure key management, and essential cryptographic utilities. This module ensures that all components can generate, store, and use cryptographic keys securely for authentication, encryption, and digital signatures throughout the ecosystem. ## Functionality - **Ed25519 keypair generation and management**: Generate cryptographically secure Ed25519 keypairs using system entropy, with support for importing existing keys from various formats (hex, raw bytes) - **Key serialization and deserialization**: Export and import keys in multiple formats including hexadecimal strings and raw byte arrays for storage and transmission - **Digital signature operations**: Sign and verify messages using Ed25519 signatures, providing cryptographic guarantees of authenticity and integrity - **Cryptographic helper functions**: Essential utilities including secure random number generation, encoding/decoding operations, and hash functions - **Security utilities**: Constant-time comparison functions to prevent timing attacks and SHA-256 digest calculations for data integrity ## Module API ### Key Management - `KeyPair::generate() -> Result<Self, KeyError>` - Generate a new cryptographically secure Ed25519 keypair using system entropy - `KeyPair::from_private_hex(hex: &str) -> Result<Self, KeyError>` - Restore a keypair from a hex-encoded private key string - `KeyPair::from_private_bytes(bytes: &[u8]) -> Result<Self, KeyError>` - Restore a keypair from raw private key bytes - `KeyPair::public_key_hex(&self) -> String` - Export the public key as a hex-encoded string for sharing or storage - `KeyPair::private_key_hex(&self) -> String` - Export the private key as a hex-encoded string (use with caution) - `KeyPair::public_key_bytes(&self) -> Vec<u8>` - Export the public key as raw bytes for binary protocols - `KeyPair::private_key_bytes(&self) -> Vec<u8>` - Export the private key as raw bytes (handle securely) - `KeyPair::sign(&self, message: &[u8]) -> Signature` - Create a digital signature for the given message - `KeyPair::verify(&self, message: &[u8], sig: &Signature) -> bool` - Verify a signature against the original message - `KeyPair::to_public_key(&self) -> PublicKey` - Extract just the public key portion for sharing ### Utilities - `generate_random_bytes(size: usize) -> Vec<u8>` - Generate cryptographically secure random bytes using system entropy - `encode_hex(data: &[u8]) -> String` - Convert binary data to hexadecimal string representation - `decode_hex(s: &str) -> Result<Vec<u8>, DecodeError>` - Convert hex string back to binary data with validation - `encode_base64(data: &[u8]) -> String` - Encode binary data using Base64 for text-safe transmission - `decode_base64(s: &str) -> Result<Vec<u8>, DecodeError>` - Decode Base64 string back to binary data - `secure_compare(a: &[u8], b: &[u8]) -> bool` - Constant-time comparison to prevent timing attacks - `sha256_digest(data: &[u8]) -> Vec<u8>` - Compute SHA-256 hash for data integrity verification - `verify_signature_ed25519(public_key: &[u8], message: &[u8], signature: &[u8]) -> bool` - Standalone signature verification using raw bytes
despiegk commented 2025-12-21 20:30:26 +00:00
Owner
Copy link

there is already some in vault

requirements

  • integrate with rhai, make examples
  • nice interface, builder pattern and OO where useful
there is already some in vault ## requirements - integrate with rhai, make examples - nice interface, builder pattern and OO where useful
despiegk added this to the priority project 2025-12-21 20:30:32 +00:00
despiegk added this to the later milestone 2025-12-21 20:38:29 +00:00
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
develop
develop_network_taps_routing
develop_myfs
develop-config-sal
develop-crypto-consolidation
main-work
develop_podman
kristof
main
rpc_opapi
main-integration
v0.3.4
v0.3.3
v0.3.2
Labels
Clear labels
No items
No labels
Milestone
Clear milestone
No items
No milestone
later
Projects
Clear projects
No items
No project
priority
Assignees
Clear assignees
No assignees
sameh-farouk
2 participants
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
geomind_research/herolib_rust#8
No description provided.