ed2curve.js
Convert Ed25519 signing key pair into Curve25519 key pair suitable for
Diffie-Hellman key exchange. This means that by exchanging only 32-byte
Ed25519 public keys users can both sign and encrypt with NaCl.
Note that there's currently no proof
that this is safe to do. It is safer to share both Ed25519 and Curve25519
public keys (their concatenation is 64 bytes long).
Written by Dmitry Chestnykh in 2014-2016, using public domain code from
TweetNaCl.js. Public domain.
No warranty.
Thanks to @CodesInChaos and
@nightcracker for showing how to
convert Edwards coordinates to Montgomery coordinates.
Installation
Via NPM:
$ npm install ed2curve
or just download ed2curve.js
or ed2curve.min.js
and include it after
TweetNaCl.js:
<script src="nacl.min.js"></script>
<script src="ed2curve.min.js"></script>
Usage
ed2curve.convertKeyPair(keyPair) -> convertedKeyPair | null
Converts the given key pair as generated by
TweetNaCl.js's nacl.sign.keyPair
into a key pair suitable for operations which accept key pairs generated by
nacl.box.keyPair
. This function is a combination of convertPublicKey
and convertSecretKey
.
Returns null
if the public key in the given key pair is not a valid
Ed25519 public key.
ed2curve.convertPublicKey(edPublicKey) -> curvePublicKey | null
Converts a 32-byte Ed25519 public key into a 32-byte Curve25519 public key
and returns it.
Returns null
if the given public key in not a valid Ed25519 public key.
ed2curve.convertSecretKey(edSecretKey) -> curveSecretKey
Converts a 64-byte Ed25519 secret key (or just the first 32-byte part of it,
which is the secret value) into a 32-byte Curve25519 secret key and returns it.
Example
(Note: example uses tweetnacl-util
to convert bytes)
var myKeyPair = nacl.sign.keyPair();
console.log(myKeyPair.publicKey);
var theirPublicKey =
var message = nacl.util.decodeUTF8('Hello!');
var signedMessage = nacl.sign(message, myKeyPair.secretKey);
var theirSignedMessage =
var theirMessage = nacl.sign.open(theirSignedMessage, theirPublicKey);
if (theirMessage) {
}
var theirDHPublicKey = ed2curve.convertPublicKey(theirPublicKey);
var myDHSecretKey = ed2curve.convertSecretKey(myKeyPair.secretKey);
var anotherMessage = nacl.util.decodeUTF8('Keep silence');
var encryptedMessage = nacl.box(anotherMessage, nonce, theirDHPublicKey, myDHSecretKey);
var theirEncryptedMessage =
var decryptedMessage = nacl.box.open(theirEncryptedMessage, nonce, theirDHPublicKey, myDHSecretKey);
Requirements
Other libraries
Some other libraries that can use a single Ed/Curve25519 key: