pyca / pynacl

Python binding to the Networking and Cryptography (NaCl) library
https://pynacl.readthedocs.io/
Apache License 2.0
1.07k stars 230 forks source link

Document if nacl.signing.SigningKey and VerifyKey can be reused. #509

Open sseering opened 5 years ago

sseering commented 5 years ago

The documentation should state if nacl.signing.SigningKey and VerifyKey objects can be used to sign/verify several messages with a keypair. Or does one need to create a new object for every message (like hmac and hashlib of the python standard library)?

From my testing it looks like one can reuse these object. Is this guaranteed in the future or just an deail of the current implementation?

lmctv commented 5 years ago

Neither the public, nor the secret key get modified by the signature generation operation; you can use the same SigningKey instance to sign as many different messages as needed in any order, and the same VerifyKey instance to check any number of messages signed by the corresponding SigningKey,