4

I want to use a suitable libsodium keypair as user identity but I don't know yet what cryptography features I'll provide.

There seems to be 3 types of keypair generation in libsodium:

crypto_box_keypair()
crypto_kx_keypair()
crypto_sign_keypair()

Also, there seems to be 3 types of keys:

// Source: https://github.com/DefinitelyTyped/DefinitelyTyped/blob/master/types/libsodium-wrappers/index.d.ts
export type KeyType = 'curve25519' | 'ed25519' | 'x25519';

I don't know which key-type corresponds to which key-pair generation function, or if they correspond at all.

So, the questions:

  1. Each key-pair is designed to be used with some functions (e.g., crypto_box_keypair() with crypto_box_easy()). What is the compatibility matrix between the keypair types & the cryptographic functions/capabilities?
  2. If there's a key-type that can be used with all functions, which one is it?
Hossam El-Deen
  • 972
  • 1
  • 13
  • 27
  • The question seems to be upside down. It sounds like you are saying, I want to use a library, but I don't know what kind of program I want to write. It is like putting the cart before the horse. – jww Feb 11 '19 at 18:34

1 Answers1

4

If you want to create a key pair for the box operation, use crypto_box_keypair().

If you need a key pair for signing, use crypto_sign_keypair().

If you need a key pair for key exchange, use crypto_kx_keypair().

A key for one operation is not guaranteed to be usable for a different operation. And a good hygiene in cryptography is to never use a key for two different purposes.

If you need to derive both a key pair for key exchange and for signing, you can use crypto_kx_seed_keypair() and crypto_sign_ed25519_seed_keypair() for this. The box operation also provides crypto_box_seed_keypair().

These functions deterministically derive a key pair from a seed. That seed can be considered your actual secret key, from which you can compute different types of key pairs.

Frank Denis
  • 1,475
  • 9
  • 12
  • Thank you, but, for instance, both `crypto_box_keypair()` & `crypto_sign_keypair()` produce the same type of key, so they are indeed inoperable for now. I know _they are not guaranteed_, but I was hoping someone knew the exact with libsodium :)). For "good hygiene", could I know why in that specific case? Why not use the same key for multiple purposes, if I could, in this specific specific setting? Regarding seed, I want one public identifier for the user, how would I do it using seed? I was going to do it with the corresponding public key if I went with one keypair. – Hossam El-Deen Feb 12 '19 at 10:01
  • 1
    See [What is the purpose of using separate key pairs for signing and encryption?](https://stackoverflow.com/questions/5133246/what-is-the-purpose-of-using-separate-key-pairs-for-signing-and-encryption) - [Why should one not use the same asymmetric key for encryption as they do for signing?](https://security.stackexchange.com/questions/1806/why-should-one-not-use-the-same-asymmetric-key-for-encryption-as-they-do-for-sig). Use different keys. The public key you publish can be the concatenation of two public keys, especially since these are very short. – Frank Denis Feb 12 '19 at 10:58
  • I think you should use `crypto_sign_seed_keypair` instead of `crypto_sign_ed25519_seed_keypair` - even if the first calls the second, the first is less confusing. – ineiti Nov 04 '20 at 11:11
  • The documentation has now a section about this very topic: [How can I sign and encrypt using the same key pair?](https://doc.libsodium.org/quickstart#how-can-i-sign-and-encrypt-using-the-same-key-pair) – Frank Denis Nov 04 '20 at 11:13