cryptography.hazmat.primitives.asymmetric.ed25519
Ed25519 is an elliptic curve signing algorithm using EdDSA and Curve25519. If you do not have legacy interoperability concerns then you should strongly consider using this signature algorithm.
>>> from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey >>> private_key = Ed25519PrivateKey.generate() >>> signature = private_key.sign(b"my authenticated message") >>> public_key = private_key.public_key() >>> # Raises InvalidSignature if verification fails >>> public_key.verify(signature, b"my authenticated message")
2.6
generate()
Generate an Ed25519 private key.
- returns
Ed25519PrivateKey
from_private_bytes(data)
- param data
32 byte private key.
- type data
bytes-like
- returns
Ed25519PrivateKey
>>> from cryptography.hazmat.primitives import serialization >>> from cryptography.hazmat.primitives.asymmetric import ed25519 >>> private_key = ed25519.Ed25519PrivateKey.generate() >>> private_bytes = private_key.private_bytes( ... encoding=serialization.Encoding.Raw, ... format=serialization.PrivateFormat.Raw, ... encryption_algorithm=serialization.NoEncryption() ... ) >>> loaded_private_key = ed25519.Ed25519PrivateKey.from_private_bytes(private_bytes)
public_key()
- returns
Ed25519PublicKey
sign(data)
- param bytes data
The data to sign.
- returns bytes
The 64 byte signature.
private_bytes(encoding, format, encryption_algorithm)
Allows serialization of the key to bytes. Encoding ( ~cryptography.hazmat.primitives.serialization.Encoding.PEM
, ~cryptography.hazmat.primitives.serialization.Encoding.DER
, or ~cryptography.hazmat.primitives.serialization.Encoding.Raw
) and format ( ~cryptography.hazmat.primitives.serialization.PrivateFormat.PKCS8
, ~cryptography.hazmat.primitives.serialization.PrivateFormat.OpenSSH
or ~cryptography.hazmat.primitives.serialization.PrivateFormat.Raw
) are chosen to define the exact serialization.
- param encoding
A value from the
~cryptography.hazmat.primitives.serialization.Encoding
enum.- param format
A value from the
~cryptography.hazmat.primitives.serialization.PrivateFormat
enum. If theencoding
is~cryptography.hazmat.primitives.serialization.Encoding.Raw
thenformat
must be~cryptography.hazmat.primitives.serialization.PrivateFormat.Raw
, otherwise it must be~cryptography.hazmat.primitives.serialization.PrivateFormat.PKCS8
or~cryptography.hazmat.primitives.serialization.PrivateFormat.OpenSSH
.- param encryption_algorithm
An instance of an object conforming to the
~cryptography.hazmat.primitives.serialization.KeySerializationEncryption
interface.- return bytes
Serialized key.
2.6
from_public_bytes(data)
- param bytes data
32 byte public key.
- returns
Ed25519PublicKey
>>> from cryptography.hazmat.primitives import serialization >>> from cryptography.hazmat.primitives.asymmetric import ed25519 >>> private_key = ed25519.Ed25519PrivateKey.generate() >>> public_key = private_key.public_key() >>> public_bytes = public_key.public_bytes( ... encoding=serialization.Encoding.Raw, ... format=serialization.PublicFormat.Raw ... ) >>> loaded_public_key = ed25519.Ed25519PublicKey.from_public_bytes(public_bytes)
public_bytes(encoding, format)
Allows serialization of the key to bytes. Encoding ( ~cryptography.hazmat.primitives.serialization.Encoding.PEM
, ~cryptography.hazmat.primitives.serialization.Encoding.DER
, ~cryptography.hazmat.primitives.serialization.Encoding.OpenSSH
, or ~cryptography.hazmat.primitives.serialization.Encoding.Raw
) and format ( ~cryptography.hazmat.primitives.serialization.PublicFormat.SubjectPublicKeyInfo
, ~cryptography.hazmat.primitives.serialization.PublicFormat.OpenSSH
, or ~cryptography.hazmat.primitives.serialization.PublicFormat.Raw
) are chosen to define the exact serialization.
- param encoding
A value from the
~cryptography.hazmat.primitives.serialization.Encoding
enum.- param format
A value from the
~cryptography.hazmat.primitives.serialization.PublicFormat
enum. If theencoding
is~cryptography.hazmat.primitives.serialization.Encoding.Raw
thenformat
must be~cryptography.hazmat.primitives.serialization.PublicFormat.Raw
. Ifencoding
is~cryptography.hazmat.primitives.serialization.Encoding.OpenSSH
thenformat
must be~cryptography.hazmat.primitives.serialization.PublicFormat.OpenSSH
. In all other casesformat
must be~cryptography.hazmat.primitives.serialization.PublicFormat.SubjectPublicKeyInfo
.- returns bytes
The public key bytes.
verify(signature, data)
- param bytes signature
The signature to verify.
- param bytes data
The data to verify.
- raises cryptography.exceptions.InvalidSignature
Raised when the signature cannot be verified.