Function ed25519_dalek::hazmat::raw_sign_prehashed
source · pub fn raw_sign_prehashed<CtxDigest, MsgDigest>(
esk: &ExpandedSecretKey,
prehashed_message: MsgDigest,
verifying_key: &VerifyingKey,
context: Option<&[u8]>
) -> Result<Signature, SignatureError>
Available on crate features
hazmat
and digest
only.Expand description
Compute a signature over the given prehashed message, the Ed25519ph algorithm defined in
RFC8032 §5.1. MsgDigest
is the digest function used to hash the signed message.
CtxDigest
is the digest function used to calculate the pseudorandomness needed for signing.
According to the Ed25519 spec, MsgDigest = CtxDigest = Sha512
.
§⚠️ Unsafe
Do NOT use this function unless you absolutely must. Using the wrong values in
ExpandedSecretKey
can leak your signing key. See
here for more details on this attack.
§Inputs
esk
is theExpandedSecretKey
being used for signingprehashed_message
is an instantiated hash digest with 512-bits of output which has had the message to be signed previously fed into its state.verifying_key
is aVerifyingKey
which corresponds to this secret key.context
is an optional context string, up to 255 bytes inclusive, which may be used to provide additional domain separation. If not set, this will default to an empty string.
scalar
and hash_prefix
are usually selected such that scalar || hash_prefix = H(sk)
where
sk
is the signing key
§Returns
A Result
whose Ok
value is an Ed25519ph Signature
on the
prehashed_message
if the context was 255 bytes or less, otherwise
a SignatureError
.