pub fn raw_sign_prehashed<CtxDigest, MsgDigest>(
    esk: &ExpandedSecretKey,
    prehashed_message: MsgDigest,
    verifying_key: &VerifyingKey,
    context: Option<&[u8]>
) -> Result<Signature, SignatureError>
where MsgDigest: Digest<OutputSize = U64>, CtxDigest: Digest<OutputSize = U64>,
Available on crate features hazmat and digest only.
Expand description

Compute a signature over the given prehashed message, the Ed25519ph algorithm defined in RFC8032 §5.1. MsgDigest is the digest function used to hash the signed message. CtxDigest is the digest function used to calculate the pseudorandomness needed for signing. According to the Ed25519 spec, MsgDigest = CtxDigest = Sha512.

§⚠️ Unsafe

Do NOT use this function unless you absolutely must. Using the wrong values in ExpandedSecretKey can leak your signing key. See here for more details on this attack.

§Inputs

  • esk is the ExpandedSecretKey being used for signing
  • prehashed_message is an instantiated hash digest with 512-bits of output which has had the message to be signed previously fed into its state.
  • verifying_key is a VerifyingKey which corresponds to this secret key.
  • context is an optional context string, up to 255 bytes inclusive, which may be used to provide additional domain separation. If not set, this will default to an empty string.

scalar and hash_prefix are usually selected such that scalar || hash_prefix = H(sk) where sk is the signing key

§Returns

A Result whose Ok value is an Ed25519ph Signature on the prehashed_message if the context was 255 bytes or less, otherwise a SignatureError.