PublicKey::from_bytes() docs could be a bit more helpful #4

petertodd · 2017-05-05T18:11:45Z

Re: https://github.com/isislovecruft/ed25519-dalek/blob/0.3.1/src/ed25519.rs#L206

It'd be helpful if there was a bit more info on how the callee is supposed to ensure that the bytes represent a valid CompressedEdwardsY, how to ensure they're a point on the curve, and what are the consequences if you don't do that.

Or of course, a warning like you have in https://github.com/isislovecruft/ed25519-dalek/blob/0.3.1/src/ed25519.rs#104 :)

isislovecruft · 2017-05-05T23:07:22Z

First things first: @petertodd, you've publicly, repetitively defended a man who raped me and several other people, and disparaged the victims who were brave enough to come forward with their stories. Do not speak to me. Do not use work as an excuse to speak to me. Do not use cryptography as an excuse to speak to me.

Now, lest someone say I didn't address your "issue". Both methods are labelled with a giant Warning header, so I'm not sure I see the problem. If you do:

extern crate ed25519_dalek;
extern crate rand;
extern crate sha2;

use rand::OsRng;
use sha2::Sha512;
use ed25519_dalek::Keypair;

let mut csprng = OsRng::new().unwrap();
let keypair = Keypair::generate::(&mut csprng);
let public_key_bytes: [u8; 32] = keypair.public.to_bytes();

And then you later do:

use ed25519_dalek::PublicKey;
let public_key = PublicKey::from_bytes(public_key_bytes);

Then everything will work out fine. If you do anything else, e.g. use a hypothetical broken library¹ to generate the keys, or somehow handcraft your own artisanal broken key, then ed25519-dalek will be unable to verify signatures, because curve25519-dalek will fail to decompress the point.

¹ FWIW, I've no reason to believe there is any incompatibility between ed25519-dalek and other current implementations (and the ed25519-dalek tests call SecretKey::from_bytes() and PublicKey::from_bytes() on keys generated with another implementation).

Merge pull request dalek-cryptography#4 from huitseeker/fiat2

isislovecruft closed this on May 5, 2017

huitseeker added a commit to huitseeker/ed25519-dalek that referenced this issue on May 29

Merge pull request dalek-cryptography#4 from huitseeker/fiat2

Verified

Search This Blog

braingarbage

isislovecruft commented on May 5, 2017 First things first: @petertodd, you've publicly, repetitively defended a man who raped me

PublicKey::from_bytes() docs could be a bit more helpful #4

petertodd commented on May 5, 2017

isislovecruft commented on May 5, 2017

Comments

Post a Comment

Popular Posts

The Skeleton In Alan Dershowitz's Closet: The Resurrection Of Sue Barlach, His First Wife Dershowitz's First Wife SUE BARLACH: Victim Of Tragic Domestic Abuse,

Marion County Circuit Court Judge Audrey J. Broyles called U.S. District Court Judge Michael Mosman's order “absurd” and "ridiculous," and said she would "not cower to the federal court."