On Wed, Apr 22, 2020 at 11:46:16AM +0800, yang berlin wrote:
> Wow, thanks for the detailed reply!
> Actually I am a master student and my teacher wants me to figure out the
> use of ed25519. So I went to see openssl.
> I thought ed25519 can sign messages so I tried the dgst command. Now I know
> that I was wrong.
Well, actually it *does* sign messages, but not via "openssl dgst",
because typically ed25519 is used to sign short messages without first
running them through a digest function. This makes it resistant to hash
function collion attacks.
There is actually more than one flavour of the ed25519 signature
algorithm, see RFC8032:
https://tools.ietf.org/html/rfc8032#section-4
https://tools.ietf.org/html/rfc8032#section-5
You can use "pkeyutl" to directly sign (short messages) with (pure)
ed25519, or, for longer messages, you can use the "prehash" variant
which signs a SHA2-512 hash.
--
Viktor.
