CARVIEW |
Select Language
HTTP/2 200
date: Wed, 23 Jul 2025 01:46:27 GMT
content-type: text/html; charset=utf-8
vary: X-PJAX, X-PJAX-Container, Turbo-Visit, Turbo-Frame, X-Requested-With,Accept-Encoding, Accept, X-Requested-With
etag: W/"e4b2ae9ac10b1ec1b1c37171bd1831b4"
cache-control: max-age=0, private, must-revalidate
strict-transport-security: max-age=31536000; includeSubdomains; preload
x-frame-options: deny
x-content-type-options: nosniff
x-xss-protection: 0
referrer-policy: no-referrer-when-downgrade
content-security-policy: default-src 'none'; base-uri 'self'; child-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/; connect-src 'self' uploads.github.com www.githubstatus.com collector.github.com raw.githubusercontent.com api.github.com github-cloud.s3.amazonaws.com github-production-repository-file-5c1aeb.s3.amazonaws.com github-production-upload-manifest-file-7fdce7.s3.amazonaws.com github-production-user-asset-6210df.s3.amazonaws.com *.rel.tunnels.api.visualstudio.com wss://*.rel.tunnels.api.visualstudio.com objects-origin.githubusercontent.com copilot-proxy.githubusercontent.com proxy.individual.githubcopilot.com proxy.business.githubcopilot.com proxy.enterprise.githubcopilot.com *.actions.githubusercontent.com wss://*.actions.githubusercontent.com productionresultssa0.blob.core.windows.net/ productionresultssa1.blob.core.windows.net/ productionresultssa2.blob.core.windows.net/ productionresultssa3.blob.core.windows.net/ productionresultssa4.blob.core.windows.net/ productionresultssa5.blob.core.windows.net/ productionresultssa6.blob.core.windows.net/ productionresultssa7.blob.core.windows.net/ productionresultssa8.blob.core.windows.net/ productionresultssa9.blob.core.windows.net/ productionresultssa10.blob.core.windows.net/ productionresultssa11.blob.core.windows.net/ productionresultssa12.blob.core.windows.net/ productionresultssa13.blob.core.windows.net/ productionresultssa14.blob.core.windows.net/ productionresultssa15.blob.core.windows.net/ productionresultssa16.blob.core.windows.net/ productionresultssa17.blob.core.windows.net/ productionresultssa18.blob.core.windows.net/ productionresultssa19.blob.core.windows.net/ github-production-repository-image-32fea6.s3.amazonaws.com github-production-release-asset-2e65be.s3.amazonaws.com insights.github.com wss://alive.github.com api.githubcopilot.com api.individual.githubcopilot.com api.business.githubcopilot.com api.enterprise.githubcopilot.com; font-src github.githubassets.com; form-action 'self' github.com gist.github.com copilot-workspace.githubnext.com objects-origin.githubusercontent.com; frame-ancestors 'none'; frame-src viewscreen.githubusercontent.com notebooks.githubusercontent.com; img-src 'self' data: blob: github.githubassets.com media.githubusercontent.com camo.githubusercontent.com identicons.github.com avatars.githubusercontent.com private-avatars.githubusercontent.com github-cloud.s3.amazonaws.com objects.githubusercontent.com release-assets.githubusercontent.com secured-user-images.githubusercontent.com/ user-images.githubusercontent.com/ private-user-images.githubusercontent.com opengraph.githubassets.com copilotprodattachments.blob.core.windows.net/github-production-copilot-attachments/ github-production-user-asset-6210df.s3.amazonaws.com customer-stories-feed.github.com spotlights-feed.github.com objects-origin.githubusercontent.com *.githubusercontent.com; manifest-src 'self'; media-src github.com user-images.githubusercontent.com/ secured-user-images.githubusercontent.com/ private-user-images.githubusercontent.com github-production-user-asset-6210df.s3.amazonaws.com gist.github.com; script-src github.githubassets.com; style-src 'unsafe-inline' github.githubassets.com; upgrade-insecure-requests; worker-src github.githubassets.com github.com/assets-cdn/worker/ github.com/assets/ gist.github.com/assets-cdn/worker/
server: github.com
content-encoding: gzip
accept-ranges: bytes
set-cookie: _gh_sess=wIb%2Fi7IK3dxHjcApuR3Nmbn1JW5plpxqE362sB25%2Bn82b8CHpyDDcc5tp6MyCehoT7JZ3wB6aF9Vu7A1ScpA4QcTZ7GGqowcFQkRQirz2Qmq5gEWCLR5E8wuBDT6mcMcZaY0f5BG9fJlSwfgOvVrxcAgAj%2BDdYl7aGRQ5BKaA2NBYsXuu5lGVQ1CmKeLo61MVBZFJluWXRJPkQKN4DTII1j12BYqa6zRhuB12T7nedi1%2FmjSVurSDwOsdzwrSHsNuPXw6leCvmSjIw1j%2Bon9og%3D%3D--COseUNTO88cH5qAZ--Cz6a9%2BGdhhUdu%2FHeQAe6Sg%3D%3D; Path=/; HttpOnly; Secure; SameSite=Lax
set-cookie: _octo=GH1.1.177247254.1753235186; Path=/; Domain=github.com; Expires=Thu, 23 Jul 2026 01:46:26 GMT; Secure; SameSite=Lax
set-cookie: logged_in=no; Path=/; Domain=github.com; Expires=Thu, 23 Jul 2026 01:46:26 GMT; HttpOnly; Secure; SameSite=Lax
x-github-request-id: D706:35EBF4:242747:330E78:68803EF2
Digital Signatures · RubyCrypto/rbnacl Wiki · GitHub
Skip to content
Navigation Menu
{{ message }}
-
Notifications
You must be signed in to change notification settings - Fork 88
Digital Signatures
Tony Arcieri edited this page Aug 1, 2019
·
22 revisions
NOTE: if all you need are Ed25519 digital signatures, consider the ed25519 gem instead which does not require libsodium as a dependency but still works on CRuby and JRuby
In the real world, signatures help uniquely identify people because everyone's signature is unique. Digital signatures work similarly in that they are unique to holders of a private key, but unlike real world signatures, digital signatures are unforgable.
Digital signatures allow you to publish a public key, then you can use your private signing key to sign messages. Others who have your public key can then use it to validate that your messages are actually authentic.
# Generate a new random signing key
signing_key = RbNaCl::SigningKey.generate
# Serialize key to bytestring - load using RbNaCl::SigningKey.new(bytes)
signing_key.to_s
# Sign a message with the signing key
signature = signing_key.sign(message)
# Obtain the verify key for a given signing key
verify_key = signing_key.verify_key
# Convert the verify key to a string to send it to a third party
verify_key.to_s
# Create a VerifyKey object from a public key
verify_key = RbNaCl::VerifyKey.new(verify_key)
# Check the validity of a message's signature
# Will raise RbNaCl::BadSignatureError if the signature check fails
verify_key.verify(signature, message)
- Small keys: Ed25519 keys are only 256-bits (32 bytes), making them small enough to easily copy and paste. Ed25519 also allows the public key to be derived from the private key, meaning that it doesn't need to be included in a serialized private key in cases you want both.
- Small signatures: Ed25519 signatures are only 512-bits (64 bytes), one of the smallest signature sizes available.
- Deterministic: Unlike (EC)DSA, Ed25519 does not rely on an entropy source when signing messages (which has lead to catastrophic private key compromises), but instead computes signature nonces from a combination of a hash of the signing key's "seed" and the message to be signed. This avoids using an entropy source for nonces, which can be a potential attack vector if the entropy source is not generating good random numbers. Even a single reused nonce can lead to a complete disclosure of the private key in these schemes, which Ed25519 avoids entirely by being deterministic instead of tied to an entropy source.
- Collision Resistant: Hash-function collisions do not break this system. This adds a layer of defense against the possibility of weakness in the selected hash function.
- Public Keys: Curve25519 high-speed elliptic curve cryptography
- Signatures: Ed25519 digital signature system
-
k: Ed25519 private key (passed into
RbNaCl::SigningKey#new
) - A: Ed25519 public key derived from k
- M: message to be signed
- R: a deterministic nonce value calculated from a combination of private key data RH and the message M
- S: Ed25519 signature
Clone this wiki locally
You can’t perform that action at this time.