Closed Alexis211 closed 4 years ago
Yep, as you note, curve25519_dalek
can do this conversion, so it's possible for people who want to do this to use the curve25519-dalek
APIs to do this conversion.
But I'm not sure it makes sense to support it in general in the library, primarily because it is not technically part of X25519 nor Ed25519, and it's not totally clear whether there are any security implications (as noted in Filippo's blog post). For now, I think that it probably makes most sense for people who want to do this conversion to do it themselves using the curve25519-dalek
APIs, because there is a little bit of rolling-their-own-protocol involved, and that's the use-case that curve25519-dalek
is intended for. So I would prefer to close this issue for now and leave this note for anyone else who runs into the same question :)
According to this blog post, public and private ed25519 keys used for signing can be transformed into public and private x25519 keys for DH exchange, allowing for encrypted communications. This conversion would be quite useful in the case where one needs to do sometimes signing operations and sometimes encryption operations, as a single public key could be transmitted for both uses.
It looks like the underlying
curve25519_dalek
library could handle this conversion, however it is not exposed in eithered25519_dalek
's orx25519_dalek
's data types. Do you think such functionality could be added?