Skip to content


Subversion checkout URL

You can clone with
Download ZIP
A Ruby binding to the Ed25519 public-key signature system
C Java Ruby
branch: master
Failed to load latest commit information.
spec Initial JRuby support
tasks Initial JRuby support
.gitignore Initial commit with SUPERCOP ref10 sources
.travis.yml It builds on rbx yay! Bump version to 1.0.0
LICENSE Don't use red25519, use RbNaCl
ed25519.png Smaller diagram


Build Status

NOTE: red25519 is defunct. Please use RbNaCl instead.

Red25519 provides a Ruby binding to the Ed25519 public-key signature system based on elliptic curves and created by Dan Bernstein et al. Two implementations are provided: a MRI C extension which uses the "ref" implementation from the SUPERCOP benchmark suite, and a pure Java version which is a direct port of the Python implementation.

Ed25519 provides a 128-bit security level, that is to say, all known attacks take at least 2^128 operations, providing the same security level as AES-128, NIST P-256, and RSA-3072.

Ed25519 Diagram

Ed25519 has a number of unique properties that make it one of the best-in-class digital signature algorithms:

  • Small keys: Ed25519 keys are only 256-bits (32 bytes), making them small enough to easily copy around. Ed25519 also allows the public key to be derived from the private key, meaning that it doesn't need to be included in a serialized private key in cases you want both.
  • Small signatures: Ed25519 signatures are only 512-bits (64 bytes), one of the smallest signature sizes available.
  • Deterministic: Unlike (EC)DSA, Ed25519 does not rely on an entropy source when signing messages. This can be a potential attack vector if the entropy source is not generating good random numbers. Ed25519 avoids this problem entirely and will always generate the same signature for the same data.
  • Collision Resistant: Hash-function collisions do not break this system. This adds a layer of defense against the possibility of weakness in the selected hash function.

You can read more on Dan Bernstein's Ed25519 site.


Add this line to your application's Gemfile:

gem 'red25519'

And then execute:

$ bundle

Or install it yourself as:

$ gem install red25519


Require red25519 in your Ruby program:

require 'red25519'

Generate a new random signing key:

signing_key = Ed25519::SigningKey.generate

Sign a message with the signing key:

signature = signing_key.sign(message)

Obtain the verify key for a given signing key:

verify_key = signing_key.verify_key

Check the validity of a signature:

verify_key.verify(signature, message)

The verify method will return true or false depending on if the signature matches.

Serializing Keys

Keys can be serialized as 32-byte binary strings as follows:

signature_key_bytes = signing_key.to_bytes
verify_key_bytes = verify_key.to_bytes

The binary serialization can be passed directly into the constructor for a given key type:

signing_key =
verify_key  =

You can also serialize keys to a hex string instead of a binary string:

signing_key_hex = signing_key.to_hex

The hex representation can also be passed into the constructor:

signing_key =

Security Notes

The Ed25519 "ref" implementation from SUPERCOP was lovingly crafted by expert security boffins with great care taken to prevent timing attacks. The same cannot be said for the C code used in the red25519 C extension or in the entirety of the provided Java implementation.

Care should be taken to avoid leaking to the attacker how long it takes to generate keys or sign messages (at least until red25519 itself can be audited by an expert who can fix any potential timing vulnerabilities)

red25519 relies on a strong SecureRandom for key generation. Weaknesses in the random number source can potentially result in insecure keys.

JRuby Notes

red25519 provides a pure Java backend, however this backend is much slower than the C-based version. While red25519 will function on JRuby, it may be too slow to be usable for a given use case. You should benchmark your application to determine if it will be fast enough for your purposes.

In the future, red25519 can use an FFI extension to provide better performance on JRuby. Alternatively, red25519 can be abandoned for a more comprehensive FFI binding to Dan Bernstein's NaCl library, which will soon incorporate the SUPERCOP implementation of Ed25519.


  • Fork this repository on github
  • Make your changes and send me a pull request
  • If I like them I'll merge them
  • If I've accepted a patch, feel free to ask for commit access


Copyright (c) 2012 Tony Arcieri. Distributed under the MIT License. See LICENSE for further details.

Something went wrong with that request. Please try again.