Table of Contents

Class CryptoSign

Namespace
LibSodium
Assembly
LibSodium.Net.dll

Provides digital signature functionality using Ed25519, as implemented by libsodium.

public static class CryptoSign
Inheritance
CryptoSign
Inherited Members

Fields

PrivateKeyLen

Length in bytes of a private (secret) key (64).

public const int PrivateKeyLen = 64

Field Value

int

PublicKeyLen

Length in bytes of a public key (32).

public const int PublicKeyLen = 32

Field Value

int

SeedLen

Length in bytes of a seed used to generate key pairs deterministically.

public const int SeedLen = 32

Field Value

int

SignatureLen

Length in bytes of a signature (64).

public const int SignatureLen = 64

Field Value

int

Methods

CreateIncrementalPreHashSign(SecureMemory<byte>)

Creates an Ed25519ph incremental signing operation using a private key stored in secure memory. The key is used as-is and not disposed automatically. The caller retains ownership.

public static ICryptoIncrementalOperation CreateIncrementalPreHashSign(SecureMemory<byte> privateKey)

Parameters

privateKey SecureMemory<byte>

The Ed25519ph private key used for signing, stored in secure memory (64 bytes).

Returns

ICryptoIncrementalOperation

An incremental operation that produces a signature when finalized.

CreateIncrementalPreHashSign(ReadOnlyMemory<byte>)

Creates an Ed25519ph incremental signing operation using the provided private key. The key is not copied or disposed. The caller is responsible for its lifecycle and protection.

public static ICryptoIncrementalOperation CreateIncrementalPreHashSign(ReadOnlyMemory<byte> privateKey)

Parameters

privateKey ReadOnlyMemory<byte>

The private key used for signing (64 bytes).

Returns

ICryptoIncrementalOperation

An incremental operation that produces a signature when finalized.

CreateIncrementalPreHashVerify(ReadOnlyMemory<byte>, ReadOnlyMemory<byte>)

Creates an Ed25519ph incremental verification operation using the given public key and signature. The result of the verification is written to the output span as a single byte: 1 for valid, 0 for invalid.

public static ICryptoIncrementalOperation CreateIncrementalPreHashVerify(ReadOnlyMemory<byte> publicKey, ReadOnlyMemory<byte> signature)

Parameters

publicKey ReadOnlyMemory<byte>

The Ed25519ph public key used to verify the signature (32 bytes).

signature ReadOnlyMemory<byte>

The expected Ed25519ph signature to verify against (64 bytes).

Returns

ICryptoIncrementalOperation

An incremental operation that validates the message on finalization.

GenerateKeyPair(Span<byte>, SecureMemory<byte>)

Generates a new Ed25519 public/private key pair.

public static void GenerateKeyPair(Span<byte> publicKey, SecureMemory<byte> privateKey)

Parameters

publicKey Span<byte>

A span where the generated public key will be stored (must be PublicKeyLen bytes).

privateKey SecureMemory<byte>

A span where the generated private key will be stored (must be PrivateKeyLen bytes).

Exceptions

ArgumentException

Thrown if the buffer sizes are incorrect.

LibSodiumException

Thrown if key pair generation fails.

GenerateKeyPair(Span<byte>, Span<byte>)

Generates a new Ed25519 public/private key pair.

public static void GenerateKeyPair(Span<byte> publicKey, Span<byte> privateKey)

Parameters

publicKey Span<byte>

A span where the generated public key will be stored (must be PublicKeyLen bytes).

privateKey Span<byte>

A span where the generated private key will be stored (must be PrivateKeyLen bytes).

Exceptions

ArgumentException

Thrown if the buffer sizes are incorrect.

LibSodiumException

Thrown if key pair generation fails.

GenerateKeyPairDeterministically(Span<byte>, SecureMemory<byte>, SecureMemory<byte>)

Generates a Ed25519 public/private key pair from a seed deterministically.

public static void GenerateKeyPairDeterministically(Span<byte> publicKey, SecureMemory<byte> secretKey, SecureMemory<byte> seed)

Parameters

publicKey Span<byte>

A span where the generated public key will be stored (must be PublicKeyLen bytes).

secretKey SecureMemory<byte>

A span where the generated private key will be stored (must be PrivateKeyLen bytes).

seed SecureMemory<byte>

A seed used for key generation (must be SeedLen bytes).

Exceptions

ArgumentException

Thrown if the buffer sizes are incorrect.

LibSodiumException

Thrown if key pair generation fails.

GenerateKeyPairDeterministically(Span<byte>, Span<byte>, ReadOnlySpan<byte>)

Generates a Ed25519 public/private key pair from a seed deterministically.

public static void GenerateKeyPairDeterministically(Span<byte> publicKey, Span<byte> secretKey, ReadOnlySpan<byte> seed)

Parameters

publicKey Span<byte>

A span where the generated public key will be stored (must be PublicKeyLen bytes).

secretKey Span<byte>

A span where the generated private key will be stored (must be PrivateKeyLen bytes).

seed ReadOnlySpan<byte>

A seed used for key generation (must be SeedLen bytes).

Exceptions

ArgumentException

Thrown if the buffer sizes are incorrect.

LibSodiumException

Thrown if key pair generation fails.

PreHashSign(Stream, Span<byte>, SecureMemory<byte>)

Signs the contents of a stream using a Ed25519ph private key stored in secure memory.

public static Span<byte> PreHashSign(Stream message, Span<byte> signature, SecureMemory<byte> privateKey)

Parameters

message Stream

The input stream containing the message to sign.

signature Span<byte>

A buffer that will receive the Ed25519ph signature. Must be at least 64 bytes.

privateKey SecureMemory<byte>

The Ed25519ph private key in secure memory (64 bytes).

Returns

Span<byte>

The portion of the signature buffer containing the resulting signature (64 bytes).

PreHashSign(Stream, Span<byte>, ReadOnlyMemory<byte>)

Signs the contents of a stream using the specified Ed25519ph private key and writes the Ed25519ph signature to the provided buffer.

public static Span<byte> PreHashSign(Stream message, Span<byte> signature, ReadOnlyMemory<byte> privateKey)

Parameters

message Stream

The input stream containing the message to sign.

signature Span<byte>

A buffer that will receive theEd25519ph signature. Must be at least 64 bytes.

privateKey ReadOnlyMemory<byte>

The Ed25519ph private key (64 bytes).

Returns

Span<byte>

The portion of the signature buffer containing the resulting signature (64 bytes).

PreHashSignAsync(Stream, Memory<byte>, SecureMemory<byte>, CancellationToken)

Asynchronously signs the contents of a stream using a private key stored in secure memory and Ed25519ph.

public static Task<Memory<byte>> PreHashSignAsync(Stream message, Memory<byte> signature, SecureMemory<byte> privateKey, CancellationToken cancellationToken = default)

Parameters

message Stream

The input stream containing the message to sign.

signature Memory<byte>

A memory buffer that will receive the Ed25519ph signature. Must be at least 64 bytes.

privateKey SecureMemory<byte>

The Ed25519ph private key in secure memory (64 bytes).

cancellationToken CancellationToken

A cancellation token that can be used to cancel the operation.

Returns

Task<Memory<byte>>

The portion of the signature buffer containing the resulting signature (64 bytes).

PreHashSignAsync(Stream, Memory<byte>, ReadOnlyMemory<byte>, CancellationToken)

Asynchronously signs the contents of a stream using the specified private key and writes the Ed25519ph signature to the provided buffer.

public static Task<Memory<byte>> PreHashSignAsync(Stream message, Memory<byte> signature, ReadOnlyMemory<byte> privateKey, CancellationToken cancellationToken = default)

Parameters

message Stream

The input stream containing the message to sign.

signature Memory<byte>

A memory buffer that will receive the Ed25519ph signature. Must be at least 64 bytes.

privateKey ReadOnlyMemory<byte>

The Ed25519ph private key (64 bytes).

cancellationToken CancellationToken

A cancellation token that can be used to cancel the operation.

Returns

Task<Memory<byte>>

The portion of the signature buffer containing the resulting signature (64 bytes).

PreHashVerify(Stream, ReadOnlyMemory<byte>, ReadOnlyMemory<byte>)

Verifies the signature of a stream using the specified public key and Ed25519ph.

public static bool PreHashVerify(Stream message, ReadOnlyMemory<byte> signature, ReadOnlyMemory<byte> publicKey)

Parameters

message Stream

The input stream containing the message to verify.

signature ReadOnlyMemory<byte>

The Ed25519ph signature to verify (64 bytes).

publicKey ReadOnlyMemory<byte>

The Ed25519ph public key (32 bytes).

Returns

bool

true if the signature is valid; otherwise, false.

PreHashVerifyAsync(Stream, ReadOnlyMemory<byte>, ReadOnlyMemory<byte>, CancellationToken)

Asynchronously verifies the signature of a stream using the specified public key and Ed25519ph.

public static Task<bool> PreHashVerifyAsync(Stream message, ReadOnlyMemory<byte> signature, ReadOnlyMemory<byte> publicKey, CancellationToken cancellationToken = default)

Parameters

message Stream

The input stream containing the message to verify.

signature ReadOnlyMemory<byte>

The Ed25519ph signature to verify (64 bytes).

publicKey ReadOnlyMemory<byte>

The Ed25519ph public key (32 bytes).

cancellationToken CancellationToken

A cancellation token that can be used to cancel the operation.

Returns

Task<bool>

true if the signature is valid; otherwise, false.

PrivateKeyToCurve(SecureMemory<byte>, SecureMemory<byte>)

Converts an Ed25519 private key (64 bytes) to a Curve25519 private key (32 bytes).

public static void PrivateKeyToCurve(SecureMemory<byte> curvePrivateKey, SecureMemory<byte> edPrivateKey)

Parameters

curvePrivateKey SecureMemory<byte>

The buffer where the resulting Curve25519 private key will be written. Must be 32 bytes.

edPrivateKey SecureMemory<byte>

The source Ed25519 private key. Must be 64 bytes.

Remarks

The resulting Curve25519 private key can be used with CryptoBox and CryptoKeyExchange APIs.

Exceptions

ArgumentException

Thrown if buffer sizes are incorrect.

LibSodiumException

Thrown if the conversion fails.

PrivateKeyToCurve(Span<byte>, ReadOnlySpan<byte>)

Converts an Ed25519 private key (64 bytes) to a Curve25519 private key (32 bytes).

public static void PrivateKeyToCurve(Span<byte> curvePrivateKey, ReadOnlySpan<byte> edPrivateKey)

Parameters

curvePrivateKey Span<byte>

The buffer where the resulting Curve25519 private key will be written. Must be 32 bytes.

edPrivateKey ReadOnlySpan<byte>

The source Ed25519 private key. Must be 64 bytes.

Remarks

The resulting Curve25519 private key can be used with CryptoBox and CryptoKeyExchange APIs.

Exceptions

ArgumentException

Thrown if buffer sizes are incorrect.

LibSodiumException

Thrown if the conversion fails.

PublicKeyToCurve(Span<byte>, ReadOnlySpan<byte>)

Converts an Ed25519 public key (32 bytes) to a Curve25519 public key (32 bytes).

public static void PublicKeyToCurve(Span<byte> curvePublicKey, ReadOnlySpan<byte> edPublicKey)

Parameters

curvePublicKey Span<byte>

The buffer where the resulting Curve25519 public key will be written. Must be 32 bytes.

edPublicKey ReadOnlySpan<byte>

The source Ed25519 public key. Must be 32 bytes.

Remarks

The resulting Curve25519 public key can be used with CryptoBox and CryptoKeyExchange APIs.

Exceptions

ArgumentException

Thrown if buffer sizes are incorrect.

LibSodiumException

Thrown if the conversion fails.

Sign(ReadOnlySpan<byte>, Span<byte>, SecureMemory<byte>)

Creates an Ed25519 signature for the given message using the provided private key.

public static Span<byte> Sign(ReadOnlySpan<byte> message, Span<byte> signature, SecureMemory<byte> privateKey)

Parameters

message ReadOnlySpan<byte>

The message to be signed.

signature Span<byte>

A span to store the Ed25519 signature (must be at least SignatureLen bytes).

privateKey SecureMemory<byte>

The Ed25519 private key to sign with (must be PrivateKeyLen bytes).

Returns

Span<byte>

A slice of the signature span containing the actual signature.

Exceptions

ArgumentException

Thrown if the signature or private key length is incorrect.

LibSodiumException

Thrown if the signing operation fails.

Sign(ReadOnlySpan<byte>, Span<byte>, ReadOnlySpan<byte>)

Creates a Ed25519 signature for the given message using the provided private key.

public static Span<byte> Sign(ReadOnlySpan<byte> message, Span<byte> signature, ReadOnlySpan<byte> privateKey)

Parameters

message ReadOnlySpan<byte>

The message to be signed.

signature Span<byte>

A span to store the Ed25519 signature (must be at least SignatureLen bytes).

privateKey ReadOnlySpan<byte>

The Ed25519 private key to sign with (must be PrivateKeyLen bytes).

Returns

Span<byte>

A slice of the signature span containing the actual signature.

Exceptions

ArgumentException

Thrown if the signature or private key length is incorrect.

LibSodiumException

Thrown if the signing operation fails.

Verify(ReadOnlySpan<byte>, ReadOnlySpan<byte>, ReadOnlySpan<byte>)

Verifies an Ed25519 signature against a given message and public key.

public static bool Verify(ReadOnlySpan<byte> message, ReadOnlySpan<byte> signature, ReadOnlySpan<byte> publicKey)

Parameters

message ReadOnlySpan<byte>

The original message.

signature ReadOnlySpan<byte>

The Ed25519 signature to verify (must be SignatureLen bytes).

publicKey ReadOnlySpan<byte>

The Ed25519 public key used to verify the signature (must be PublicKeyLen bytes).

Returns

bool

true if the signature is valid; otherwise, false.

Exceptions

ArgumentException

Thrown if the signature or public key length is incorrect.