dchest · dchest · Aug 3, 2014 · Jul 27, 2014 · Jul 31, 2014
diff --git a/README.md b/README.md
@@ -210,7 +210,16 @@ Generates new random key pair for signing and returns it as an object with
 
 #### nacl.sign.keyPair.fromSecretKey(secretKey)
 
-Returns a signing key pair with public key corresponding to the given secret key.
+Returns a signing key pair with public key corresponding to the given
+64-byte secret key. The secret key must have been generated by
+`nacl.sign.keyPair` or `nacl.sign.keyPair.fromSeed`.
+
+#### nacl.sign.keyPair.fromSeed(seed)
+
+Returns a new signing key pair generated deterministically from a 32-byte seed.
+The seed must contain enough entropy to be secure. This method is not
+recommended for general use: instead, use `nacl.sign.keyPair` to generate a new
+key pair from a random seed.
 
 #### nacl.sign(message, secretKey)
 

diff --git a/nacl-fast.js b/nacl-fast.js
@@ -1141,12 +1141,12 @@ function scalarbase(p, s) {
   scalarmult(p, q, s);
 }
 
-function crypto_sign_keypair(pk, sk) {
+function crypto_sign_keypair(pk, sk, seeded) {
   var d = new Uint8Array(64);
   var p = [gf(), gf(), gf(), gf()];
   var i;
 
-  randombytes(sk, 32);
+  if (!seeded) randombytes(sk, 32);
   crypto_hash(d, sk, 32);
   d[0] &= 248;
   d[31] &= 127;
@@ -1569,6 +1569,17 @@ nacl.sign.keyPair.fromSecretKey = function(secretKey) {
   return {publicKey: pk, secretKey: secretKey};
 };
 
+nacl.sign.keyPair.fromSeed = function(seed) {
+  checkArrayTypes(seed);
+  if (seed.length !== 32)
+    throw new Error('bad seed size');
+  var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);
+  var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES);
+  for (var i = 0; i < 32; i++) sk[i] = seed[i];
+  crypto_sign_keypair(pk, sk, true);
+  return {publicKey: pk, secretKey: sk};
+};
+
 nacl.sign.publicKeyLength = crypto_sign_PUBLICKEYBYTES;
 nacl.sign.secretKeyLength = crypto_sign_SECRETKEYBYTES;
 nacl.sign.signatureLength = crypto_sign_BYTES;

diff --git a/nacl-fast.min.js b/nacl-fast.min.js
diff --git a/nacl.js b/nacl.js
@@ -703,12 +703,12 @@ function scalarbase(p, s) {
   scalarmult(p, q, s);
 }
 
-function crypto_sign_keypair(pk, sk) {
+function crypto_sign_keypair(pk, sk, seeded) {
   var d = new Uint8Array(64);
   var p = [gf(), gf(), gf(), gf()];
   var i;
 
-  randombytes(sk, 32);
+  if (!seeded) randombytes(sk, 32);
   crypto_hash(d, sk, 32);
   d[0] &= 248;
   d[31] &= 127;
@@ -1131,6 +1131,17 @@ nacl.sign.keyPair.fromSecretKey = function(secretKey) {
   return {publicKey: pk, secretKey: secretKey};
 };
 
+nacl.sign.keyPair.fromSeed = function(seed) {
+  checkArrayTypes(seed);
+  if (seed.length !== 32)
+    throw new Error('bad seed size');
+  var pk = new Uint8Array(crypto_sign_PUBLICKEYBYTES);
+  var sk = new Uint8Array(crypto_sign_SECRETKEYBYTES);
+  for (var i = 0; i < 32; i++) sk[i] = seed[i];
+  crypto_sign_keypair(pk, sk, true);
+  return {publicKey: pk, secretKey: sk};
+};
+
 nacl.sign.publicKeyLength = crypto_sign_PUBLICKEYBYTES;
 nacl.sign.secretKeyLength = crypto_sign_SECRETKEYBYTES;
 nacl.sign.signatureLength = crypto_sign_BYTES;