EdDsa keys and operations

This tutorial page describes how to create an use EdDSA keys (Edwards-curve Digital Signature Algorithm) with DidiSoft OpenSSL Library for .NET.

The namespace that provides classes for EdDSA operations is DidiSoft.OpenSsl.EdDsa

 Namespace DidiSoft.OpenSsl
 +---------+      +---------+    +----------+
 | KeyPair |      |PublicKey|    |PrivateKey|
 ++--------+      +-------+-+    +-----+----+
  ^                        ^              ^
  | DidiSoft.OpenSsl.EdDsa |              |
+-+----------+     +-------+------+ +-----+---------+
|EdDsaKeyPair|     |EdDsaPublicKey| |EdDsaPrivateKey|
+------------+     +--------------+ +---------------+

Table of Contents

Creating EdDSA keys

EdDsa keys are created as a key pair. Then from the key pair we can extract the public and private key. The easiest way to create an EDsa keypair is by invokling method GenerateKeyPair from DidiSoft.OpenSsl.EdDsa.EdDsaKeyPair:

DidiSoft.OpenSsl.EdDsa.EdDsaKeyPair kp = DidiSoft.OpenSsl.EdDsa.EdDsaKeyPair.GenerateKeyPair(DidiSoft.OpenSsl.EdDsa.EdCurve.Ed25519);
DidiSoft.OpenSsl.EdDsa.EdDsaPublicKey pubKey = kp.PublicEdDsa;
DidiSoft.OpenSsl.EdDsa.EdDsaPrivateKey privKey = kp.PrivateEdDsa;

Loading EdDSA keys

EdDSA keys can be loaded from a file, String or byte array with the static Load method:

DidiSoft.OpenSsl.EdDsa.EdDsaPublicKey pubKey = DidiSoft.OpenSsl.EdDsa.EdDsaPublicKey.Load("akey.pem");

or from byte array:

byte[] keyBytes = ...
DidiSoft.OpenSsl.EdDsa.EdDsaPublicKey pubKey = DidiSoft.OpenSsl.EdDsa.EdDsaPublicKey.Load(keyBytes);

Similar approach applies to private EdDsa keys:

DidiSoft.OpenSsl.EdDsa.EdDsaPrivateKey privKey = DidiSoft.OpenSsl.EdDsa.EdDsaPrivateKey.Load("seckey.pem");

Saving EdDsa keys

EdDSA keys can be stored in PEM or DER format specified as a last parameter of the Save method:

using DidiSoft.OpenSsl.EdDsa;
EdDsaKeyPair kp = EdDsaKeyPair.GenerateKeyPair(EdCurve.Ed25519);
EdDsaPublicKey pubKey = kp.PublicEdDsa;
EdDsaPrivateKey privKey = kp.PrivateEdDsa;
bool pemFormat = true;
pubKey.Save(@"Data\public_key.pem", pemFormat);
privKey.Save(@"Data\private_key.pem", pemFormat);

If we need to get the keys as raw byte arrays, we can do so with the GetEncoded() methods, and later load them with Load:

using DidiSoft.OpenSsl.EdDsa;
EdDsaPublicKey publicKey = EdDsaPublicKey.Load(.../*byte array here*/) 
EdDsaPrivateKey privateKey = EdDsaPrivateKey.Load(.../*byte array here*/) 
byte[] raw_public = publicKey.GetEncoded();
byte[] raw_public = privateKey.GetEncoded();

Restoring the public key from a private key

Common for asymmetric keys is that the public key can be obtained from the private key, thus we can restore the public key using the private key with this code block:

EdDsaPrivateKey privKey = ...
EdDsaPublicKey pubKey = (EdDsaPublicKey) privKey.GetPublicKey();

Creating EdDSA signatures

EdDSA signatures are created using the private EdDSA key. The methods for signing are located in the DidiSoft.OpenSsl.EdDsa.OpenSslEdDsa class, and can be using for creating a signature for input data of type String, Stream, file or byte arrays, as you can see from the following examples:

OpenSslEdDsa eddsa = new OpenSslEdDsa();
// signing a String message
bool base64Encode = true;
// create the signature as Base-64 encoded string
string signatureString = eddsa.SignString("Hello world", @"Data\private_key.pem", "", base64Encode);
// we may need the raw signature bytes
byte[] signatureBytes = eddsa.SignStringRaw("Hello world", @"Data\private_key.pem");

Signing a byte array, returns the raw signature bytes:

OpenSslEdDsa eddsa = new OpenSslEdDsa();
EdDsaPrivateKey key = EdDsaPrivateKey.Load(@"Data\private_key_edsa.pem");
byte[] data = new byte[] { 1, 2, 3 };
byte[] raw_signature = eddsa.SignBytes(data, key);

When signing a file the signature is stored also in file:

OpenSslEdDsa eddsa = new OpenSslEdDsa();
eddsa.SignFile(@"Data\myfile.dat", @"Data\private_key_edsa.pem", @"Data\signature.txt");

Verifying EdDSA signatures

In order to verify an EdDSA signature we must also have access to the initial data and of course the public EdDSA key of the signer:

// verifying against String message 
bool signatureOk = eddsa.VerifyString("Hello world", signatureString, @"Data\public_key_edsa.pem");

Verifying byte array data:

bool signatureCheck = eddsa.VerifyBytes(data, raw_signature, kp.PublicEdDsa);

Verifying signature made for a file:

bool signatureCheck = eddsa.VerifyFile(@"Data\myfile.dat", @"Data\signature.txt", @"Data\public_key_edsa.pem");


To create and verify EdDSA signatures using DidiSoft OpenSSL library for .NET, we must firts generate a private key and a corresponding public key. The private key can then be used to sign messages, while the public key can be used to verify the signature. This article provides step-by-step instructions on how to generate and use EdDSA keys with OpenSSL in .NET applications using examples in C#.