Direct Ed25519 functionality

Nikolaos D. Bougalis nikb at
Fri Aug 11 20:05:53 UTC 2023

OpenSSL 1.1.1 includes three functions for “direct” Ed25519 signing and verification:

int ED25519_sign(
uint8_t* out_sig,
const uint8_t* message,
size_t message_len,
const uint8_t public_key[32],
const uint8_t private_key[32]);

int ED25519_verify(
const uint8_t* message,
size_t message_len,
const uint8_t signature[64],
const uint8_t public_key[32]);

void ED25519_public_from_private(
uint8_t out_public_key[32],
const uint8_t private_key[32]);

I cannot find a “public” header file or documentation for these functions, but a simple forward declaration prior to use, coupled with linking against libcrypto works (but it’s obviously flakey and problematic for many practical reasons).

I assume these are supposed to be internal to the library and not exposed to users—and that they appear under different names in OpenSSL 3.0 lends further credence to that assumption, beyond that of their undocumented nature.

Am I missing something here? Are these intentionally undocumented? Is there a reason why we don’t make them publicly available?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>

More information about the openssl-users mailing list