0

Because of the assumption of joint security, I want to use the same keypair for signing (ed22519) and encryption key exchange (x25519)

How can I share the same public key for my nacl.box.keyPair and nacl.sign.keyPair ?

As I understand it should be possible because both are on the same curve.

nacl seems to transform his ed22519 private key using this function:

  crypto_hash(d, sk, 32);
  d[0] &= 248;
  d[31] &= 127;
  d[31] |= 64;

A failed attempt

const nacl = require('tweetnacl')

seed = nacl.randomBytes(32)


box_keypair = nacl.box.keyPair.fromSecretKey(seed)


k = new Uint8Array(Buffer.concat([box_keypair.publicKey, box_keypair.secretKey]))
sign_keypair = nacl.sign.keyPair.fromSecretKey(k)


msg = nacl.randomBytes(32)
signed_msg = nacl.sign(msg, sign_keypair.secretKey)
verif = nacl.sign.open(signed_msg, sign_keypair.publicKey)
console.log(msg, signed_msg, verif) // null
```
t0staky
  • 1
  • 1
  • 2
    This is not a correct approach. Your signature key has a long lifetime, on the other hand, the x25519 key must be randomly generated per key exchange so that you can ephemeral-ephemeral key exchange that is mandated in TLS 1.3. If you really need, use k in both – kelalaka Oct 14 '21 at 21:23
  • 1
    It doesn't work AND it's a bad idea. See https://crypto.stackexchange.com/questions/22850/why-does-nacl-have-different-keys-for-signing-and-encryption?rq=1 https://crypto.stackexchange.com/questions/54353/why-are-nacl-secret-keys-64-bytes-for-signing-but-32-bytes-for-box?rq=1 https://crypto.stackexchange.com/questions/13077/can-curve25519-keys-be-used-with-ed25519-keys?noredirect=1&lq=1 https://crypto.stackexchange.com/questions/27866/why-curve25519-for-encryption-but-ed25519-for-signatures – dave_thompson_085 Oct 15 '21 at 01:22

0 Answers0