Unable to use Keypair::generate with 1.0.0-pre.2

[johnptoohey]

Hi,
I'm trying to use ed25519-dalek et al for all my signature requirements for an Encrypted Data Vault (EDV) application. Stuck just trying to create a random keypair for my tests. Think I may have a wrong combination of crate versions, but am stuck on how to proceed from here. Any help would be very appreciated.

Code

      let keypair: Keypair;
      let mut csprng = OsRng;
      keypair = Keypair::generate(&mut csprng);

Cargo.toml

[dependencies]
base64 = "*"
ed25519 = "1.0.1"
signatory-dalek = "0.20.0"
ed25519-dalek = "1.0.0-pre.2"
rand = { version = "0.7", default-features = false, optional = true }

Output

error[E0277]: the trait bound `rand_core::os::OsRng: rand_core::RngCore` is not satisfied
   --> zcaps-agent/src/lib.rs:97:37
    |
97  |         keypair = Keypair::generate(&mut csprng);
    |                                     ^^^^^^^^^^^ the trait `rand_core::RngCore` is not implemented for `rand_core::os::OsRng`
    |
   ::: /Users/johntoohey/.cargo/registry/src/github.com-1ecc6299db9ec823/ed25519-dalek-1.0.0-pre.2/src/ed25519.rs:251:24
    |
251 |         R: CryptoRng + RngCore,
    |                        ------- required by this bound in `ed25519_dalek::ed25519::Keypair::generate`
    |
help: trait impl with same name found
   --> /Users/johntoohey/.cargo/registry/src/github.com-1ecc6299db9ec823/rand_core-0.5.1/src/lib.rs:388:1

[johnptoohey]

When I remove the dependency on signatory-dalek, I can compile my code.

[tarcieri]

@johnptoohey it looks like what's happening is signatory-dalek is pulling in ed25519-dalek 1.0.0-pre.2 explicitly (due to #108, which is ironically building without the rand crate), and that release depends on rand v0.6, but your Cargo.toml is using rand v0.7, which is incompatible.

When you remove signatory-dalek, since you don't have an explicit = 1.0.0-pre.2, Cargo performs ^-style SemVer matching, and is likely pulling in ed25519-dalek 1.0.0-pre.3, which has upgraded to rand v0.7.

@isislovecruft would it be possible to get a 1.0.0-pre.4 release of ed25519-dalek with #108 included? Then I can upgrade signatory-dalek to use it.

Alternatively I can upgrade it to use 1.0.0-pre.3, but with the rand feature always-on. Not sure if that would break no_std builds though?

[johnptoohey]

Thanks for the feedback. Spent a few hours changing versions and order of inclusion, but nothing much changes. I now have errors coming from the curve25519 library, which I thought was just internal to ed25519-dalek. Frustrating few days trying to just compile 5 lines of code :-(

New to Rust but ::

1. Can I use a top-level crate that will include all its dependencies or do I always have to include stuff like rand, curveed25519 etc. I thought the signatory-dalek was that.
2. Assuming I got past the compilation errors, is the following not the correct was to create a signer object?

use signatory_dalek::Ed25519Signer;
.
.
.
keypair = Keypair::generate(&mut csprng);
let s = Ed25519Signer(keypair);

I was originally attracted to the dalek* libraries by the example in the ed25519 crate of passing multiple different signers into my own signing agent. I have requirements for user generated secrets for key generation and also Yubikey support.

[tarcieri]

@johnptoohey I can help you out with how to use Signatory. Since you opened an issue on the Signatory repo, let's continue discussing there?

https://github.com/iqlusioninc/signatory/issues/33

[ghost]

I'm also struggling with this - I'd like to use the latest version of ed25519-dalek that doesn't depend on failure (and thus transitively pull in syn and quote, very slow to compile). However, going from version 1.0.0-pre.2 to 1.0.0-pre.3 is considered a major version jump and Cargo doesn't like it :(

[isislovecruft]

Hi, thanks for reporting this! And sorry for the stabilisation issues. I'm going to release 1.0.0-pre.4 very soon and this should be fixed; feel free to reopen if you're still hitting them.