Boring crypto that simply works

conversion of key pairs for EdDSA with BLAKE2b to X25519 key pairs

#include <monocypher.h>

crypto_from_eddsa_private(uint8_t x25519[32], const uint8_t eddsa[32]);

crypto_from_eddsa_public(uint8_t x25519[32], const uint8_t eddsa[32]);

These functions convert keys for use with crypto_sign() (EdDSA with the BLAKE2b hash function) to keys for use with crypto_x25519() and crypto_x25519(). This may be useful in some resource-constrained contexts or when no other key is available – for example when retrieving SSH public keys from GitHub and reusing the SSH public keys as X25519 public keys.

The () function converts an EdDSA (with BLAKE2b) private key to an X25519 private key. The () function converts an EdDSA public key to an X25519 public key.

X25519 key pairs cannot be converted back to EdDSA key pairs. The conversion of private keys is specific to EdDSA with BLAKE2b because of the way EdDSA works. In particular, this means that the output of () differs from crypto_from_ed25519_private() in the optional code. However, the output of () is identical to crypto_from_ed25519_public().

The arguments are:

The signing public key or private key to convert to a X25519 public key or private key, respectively.
The converted private key or public key.

The arguments may overlap or point at the same buffer.

These functions return nothing. They cannot fail.

crypto_x25519(), crypto_sign_public_key(), intro()

The crypto_from_eddsa_private() and crypto_from_eddsa_public() functions first appeared in Monocypher 3.1.0.

It is generally considered poor form to reuse the same key for different purposes. While this conversion is technically safe, avoid these functions nonetheless unless you are particularly resource-constrained or have some other kind of hard requirement. It is otherwise an unnecessary risk factor.

February 13, 2022 Debian