-
Notifications
You must be signed in to change notification settings - Fork 198
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
signature: add support for generating & deriving keys (i.e. Signer & Verifier) #1244
Comments
I'm not sure what your proposed First, I'm a bit confused at your function signature. You mention the Neither of these functions are parameterized which means they can only work by side effects, which means they can't e.g. take a deterministic RNG. The We can have a trait for random generation of keypairs, gated on the That doesn't help you persist keypairs though, so I'm a bit confused what you're doing with generic code that can only generate a keypair but not store it? |
Sorry I wasn't explicit enough. Yes, I meant for parameters to be passed (I just thought they are implied from similarly named functions (e.g. in rust-hpke or ed25519-dalek), but let me be explicit): But I wanted first to get the general idea across. What are your thoughts? |
The I still don't know what you mean or want regarding I think a trait to randomly generate keys is OK, but it should be parameterized by default with |
Ok, I now think I understand your point and agree with it: if what I want is to generate a keypair from the array of byte representing the private key scalar, I can just use Wouldn't this, in fact, also invalidate the need to have a trait for randomly generating keys? For I can generate a random 32-byte array, then deserialize (we could wrap this logic by implementing it for |
Something like this should work
|
There's also
Not all 32-byte strings are valid private keys, and that's even assuming you're using an elliptic curve with a ~256-bit base field modulus. Elliptic curve private keys are elements of the scalar field, modulo the curve's order. If the 32-byte string (when interpreted as a 256-bit integer) overflows the curve's order it will be rejected. We provide a |
Thanks this reply cleared it up for me. Yes, I'd love to have such a trait. Regarding Is there something similar for serializing to bytes without serde? I see a |
You can't impl
|
I understand that not all implementors necessarily can expose this for various reasons. However, a lot of types can in fact implement this, and for those, it will be very useful for users of this library to be able to constrain generic parameters to be only those that can be generated/derived.
What I suggest is adding a new trait, e.g.
Derivable
or whatever name may be appropriate, which will expose two functionsgenerate_keypair()
andderive_keypair()
Then, we can implement that for the popular implementors (k256, p256, ed25519-dalek) easily. And, for example, I as a user of this library can expect
K: Keypair + Derivable
and generate new instances of this key in a generic fashion likelet keypair = K::generate_keypair()
.This is much better than the current situation, where my code needs to look like this:
fn generates_keypair< V: Verifier<Sig>, S: Signer<Sig>, >( generate_signing_keypair: fn() -> (V, S), ) -> (V,S) { generate_signing_keypair() }
I think that receiving this function as a parameter makes no sense. Currently, I only need to generate keys for tests -- but this still is very ugly, and unnecessarily so.
The text was updated successfully, but these errors were encountered: