crypto/ed25519,x/crypto/ed25519: add ValidPrivateKey() method #33923
Comments
See issue golang/go#33923, I had mistakenly used `openssl rand -hex 64` to generate a private key, which did not work for a pretty subtle reason - usually the data you are attempting to sign has been subtly changed between when you signed the message and when you verified it but here the key was the problem. Attempt to fix this by making it really easy for users to generate keys for use with this library.
julieqiu
added
the
NeedsInvestigation
|
/cc @FiloSottile |
|
That's not what Sign checks the PrivateKey length, so are you sure you were using 32 bytes of random? |
|
Ah. I diagnosed the problem incorrectly. I assumed The last 32 bytes of the private key I was using - the public key - was also read from crypto/rand so the public key returned by I suppose if the private key is 64 bytes and the last 32 bytes are the public key, a function could also validate that relationship. |
|
I don't think we want to encourage manually creating private keys by adding a validation function. Keys should only be generated by GenerateKey or NewKeyFromSeed. I kind of regret not making GenerateKey return only |
I mistakenly used 32 bytes of random as a ed25519.PrivateKey and was extremely confused why signatures were not validating, was frantically triple checking the data I was attempting to sign/verify was the same on both ends, etc. I am an experienced user and if I can get tripped up by this, less experienced users could as well.
Adding a method for users to check whether a private key is valid could help alleviate this by suggesting a different source of error, and also helping users ensure that they are using valid keys to sign data. Roughly it could do:
You could also do
func (p *PrivateKey) Valid() boolthough I worry about letting people create a PrivateKey object and then determine whether that is valid or not, because they might try to use it later to sign stuff.The text was updated successfully, but these errors were encountered: