Direct Ed25519 functionality
Nikolaos D. Bougalis
nikb at bougalis.net
Sat Aug 12 22:30:21 UTC 2023
Thanks Bill, that’s what I thought. It’s somewhat unfortunate, as the high-level EVP APIs impose additional complexity (and actually measurable overhead over the raw ED25519_xxx APIs I mentioned) in situations that don’t require/warrant the flexibility that the EVP interface provides.
Using OpenSSL (which is already a dependency) for Ed25519 would allow me to eliminate a separate dependency on donna-ed25519, but I’m not sure I can justify the increased API complexity and the significant performance degradation (on the order of 50% for signing and 100% for verification).
Best regards,
Nik
On Sat, Aug 12, 2023 at 12:04, Billy Brumley <[bbb at iki.fi](mailto:On Sat, Aug 12, 2023 at 12:04, Billy Brumley <<a href=)> wrote:
> Hey Nik,
>
>> OpenSSL 1.1.1 includes three functions for “direct” Ed25519 signing and verification:
>
> ..
>
>> Am I missing something here? Are these intentionally undocumented? Is there a reason why we don’t
>> make them publicly available?
>
> All crypto operations, including Ed25519, should use the higher level EVP
> interface. It's an architecture design decision in OpenSSL.
>
> https://www.openssl.org/docs/man1.1.1/man3/EVP_DigestSignInit.html
>
> https://wiki.openssl.org/index.php/EVP_Signing_and_Verifying
>
> Hope it helps,
>
> BBB
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20230812/47d24f5b/attachment.htm>
More information about the openssl-users
mailing list