Please review EdDSA API

Adam Petcher adam.petcher at oracle.com
Wed Jul 25 14:29:41 UTC 2018


The draft CSR[1] for the EdDSA API[2] is ready for review. Please take a 
look and send me any feedback you may have. Here are a few high-level 
notes to explain the API:

1) Where possible, this API is similar to the API for X25519/X448. To 
get the complete background/motivation for the API design, you can 
review the discussion[3] on this topic.
2) Similar to X25519/X448, private keys are byte arrays, and public keys 
coordinates. Though we can't get by with a single BigInteger coordinate 
for EdDSA, so I am using the new EdPoint class to hold the coordinates.
3) EdDSA has multiple signature modes defined in the RFC[4], including 
some that "prehash" the input before signing. The draft API uses the 
EdDSAParameterSpec class to specify parameters of these modes. The 
standard does not allow an arbitrary choice of prehash function, so the 
API for EdDSA does not support algorithm names like "SHA256withEdDSA".

[1] https://wiki.openjdk.java.net/display/csr/Main
[2] https://bugs.openjdk.java.net/browse/JDK-8190219
[3] 
http://mail.openjdk.java.net/pipermail/security-dev/2017-September/016325.html
[4] https://tools.ietf.org/html/rfc8032




More information about the security-dev mailing list