Александър Гьонов
Здрасти, аз съм Сашо
Контакти
 
[ БГ EN ]
light_mode dark_mode

Ed25519, Ed448, X25519 & X448 Algorithms in .NET similar way

As the CryptoEx library evolved there occurred natural need to bring Ed cryptographic algorithms to it, more specifically to the JSON electronic signatures part (as XMLs electronic signatures are not yet specified for Ed algorithms).

And I have implemented and published as second library CryptoEx.Ed - extension of the logic in the core library (CryptoEx) to support Ed25519 & Ed448 cryptographic algorithms for digital signatures and X25519 & X448 algorithms for Diffie-Hellman key agreement. The library also implements JWSs (JSON Web signatures) and JAdES (Advanced JSON Web Signatures) with EdDSA algorithm.

The goal was to implement the algorithms for Ed25519, Ed448, X25519 and X488 in a .NET similar way. The issue is that these algorithms, currently, are not implemented in .NET "standard" libraries. It is understandable as the "standard" .NET approach is to rely on specific/basic cryptographic libraries, provided by the underlying operating system. Such as:

  • CNG for Windows
  • OpenSSL for Linux
  • on Mac OS I am not sure what is used lately...

As a side note - OpenSSL does support Ed algorithms, but this support have not yet been ported to .NET.

There are also other libraries that provide support for Ed algorithms in .NET, such as:

  • BouncyCastle
  • libsodium based wrappers

But, they do implement Ed stuff in a API-wise way different from what is the approach in mainstream .NET. So, I have decided to implement the algorithms in a similar way to what is done in .NET.

It must be said that the core implementation of the cryptographic algorithms, in current project, comes from Bouncy Castle project. I have just added some facade classes to adjust the API surface to be more .NET way similar. This is done deliberately, based on the following:

  1. Implementation of the cryptographic algorithms is not trivial. It is better to rely on well tested and proven code.
  2. Besides, it is not a matter to just implement the core algorithm logic, but also to maintain it. This, also, is not a trivial task in terms of organization and resources.
  3. Putting several classes, as a facade, in front of the core implementation allows to achieve the goal of having the API surface similar to the one in .NET and to have the core implementation separated from the facade, but still be a well developed and maintained.

I do believe the above is a good, balanced approach.

And, eventually when support for Ed25519, Ed448, X25519 and X448, comes to standard .NET, the dependency on Bouncy Castle can be removed without affecting seriously the client logic that uses the new API.

For basic documentation and HOW-TOs, you can look for more technical details in the following Wiki page - Ed Algorithms in Dotnet similar way.

EdDSA for JWS and JAdES

Also, I have extended the JWS and JAdES classes from the CryptoEx library to support the Ed algorithms for these types of electronic signatures.

You can read another Wiki page about this - EdDSA for JWS and JAdES.

Usage

You can freely use the library in your projects or just use it as an example and further amend or extend the code to suit your particular needs as possible applications are vast.