`crypto_ed25519_sign` docs are a bit unclear

[akhilles]

The new API is:

void crypto_ed25519_sign(uint8_t        signature [64],
                         const uint8_t  secret_key[32],
                         const uint8_t *message, size_t message_size);

but the docs on the website show:

void
crypto_ed25519_sign(uint8_t signature[64], const uint8_t secret_key[64], const uint8_t *message, size_t message_size);

Also, crypto_ed25519_key_pair expects the secret key to be 64 bytes. So, I'm not sure what the expected usage is.

[akhilles]

FWIW, I'm actually using crypto_eddsa_sign not crypto_ed25519_sign. Just noticed this inconsistency.

[LoupVaillant]

Oh crap, I'm so sorry, I botched the sizes in the prototypes. Should be fixed now, thanks. Fortunately you can still use version 4.0.0, because the sizes indicated there do not affect the generated binary.

As for your question, the answer is: the manual is correct, EdDSA and Ed25519 secret keys are 64 bytes.

Expected usage is:

1. Get 32 random bytes from your favourite RNG. That's your seed.
2. Allocate a 64-byte buffer for your secret key.
3. Allocate a 32-byte buffer for your public key.
4. Call crypto_eddsa_key_pair(secret_key, public_key, seed)
5. Allocate a 64-byte buffer for your signature.
6. Call crypto_eddsa_sign(signature, secret_key, message, message_size)

Such a facepalm. I shall release a patch soon.