Expand description
Cryptographic primitives for the Aptos SDK.
This module provides implementations of the signature schemes supported by Aptos, including Ed25519, Secp256k1, and Secp256r1 (P-256).
§Feature Flags
ed25519(default): Ed25519 signaturessecp256k1(default): Secp256k1 ECDSA signaturessecp256r1: Secp256r1 (P-256) ECDSA signaturesbls: BLS12-381 signatures
§Security Considerations
§Timing Attacks
The PartialEq implementations for cryptographic types use standard byte
comparisons which may not be constant-time. This is generally acceptable
because:
- Public keys and signatures are not secret material
- Signature verification in the underlying libraries uses constant-time operations for the actual cryptographic comparisons
If you need constant-time comparisons for specific use cases (e.g., comparing
against expected signatures in tests), consider using the subtle crate’s
ConstantTimeEq trait.
§Key Material Protection
Private key types implement Zeroize and ZeroizeOnDrop to clear sensitive
key material from memory when dropped. The underlying cryptographic libraries
(ed25519-dalek, k256, p256) also implement secure key handling.
§Example
ⓘ
use aptos_sdk::crypto::{Ed25519PrivateKey, Signer};
let private_key = Ed25519PrivateKey::generate();
let message = b"hello world";
let signature = private_key.sign(message);
let public_key = private_key.public_key();
assert!(public_key.verify(message, &signature).is_ok());Structs§
- AnyPublic
Key - A public key that can be any supported signature scheme.
- AnySignature
- A signature that can be any supported signature scheme.
- Bls12381
Private Key bls - A BLS12-381 private key.
- Bls12381
Proof OfPossession bls - A BLS12-381 proof of possession.
- Bls12381
Public Key bls - A BLS12-381 public key.
- Bls12381
Signature bls - A BLS12-381 signature.
- Ed25519
Private Key ed25519 - An Ed25519 private key.
- Ed25519
Public Key ed25519 - An Ed25519 public key.
- Ed25519
Signature ed25519 - An Ed25519 signature.
- Multi
Ed25519 Public Key ed25519 - A multi-Ed25519 public key.
- Multi
Ed25519 Signature ed25519 - A multi-Ed25519 signature.
- Multi
KeyPublic Key - A multi-key public key supporting mixed signature schemes.
- Multi
KeySignature - A multi-key signature containing signatures from multiple signers.
- Secp256k1
Private Key secp256k1 - A Secp256k1 ECDSA private key.
- Secp256k1
Public Key secp256k1 - A Secp256k1 ECDSA public key.
- Secp256k1
Signature secp256k1 - A Secp256k1 ECDSA signature.
- Secp256r1
Private Key secp256r1 - A Secp256r1 (P-256) ECDSA private key.
- Secp256r1
Public Key secp256r1 - A Secp256r1 (P-256) ECDSA public key.
- Secp256r1
Signature secp256r1 - A Secp256r1 (P-256) ECDSA signature.
Enums§
- AnyPublic
KeyVariant - Supported signature schemes for multi-key.
- Hash
Function - Available hash functions.
Constants§
- BLS12381_
POP_ LENGTH bls - BLS12-381 proof of possession length in bytes.
- BLS12381_
PRIVATE_ KEY_ LENGTH bls - BLS12-381 private key length in bytes.
- BLS12381_
PUBLIC_ KEY_ LENGTH bls - BLS12-381 public key length in bytes (compressed).
- BLS12381_
SIGNATURE_ LENGTH bls - BLS12-381 signature length in bytes (compressed).
- ED25519_
PRIVATE_ KEY_ LENGTH ed25519 - Ed25519 private key length in bytes.
- ED25519_
PUBLIC_ KEY_ LENGTH ed25519 - Ed25519 public key length in bytes.
- ED25519_
SCHEME - The authentication key scheme byte for Ed25519 single-key accounts.
- ED25519_
SIGNATURE_ LENGTH ed25519 - Ed25519 signature length in bytes.
- KEYLESS_
SCHEME - The authentication key scheme byte for keyless accounts.
- MAX_
NUM_ OF_ KEYS ed25519 - Maximum number of keys in a multi-Ed25519 account.
- MIN_
THRESHOLD ed25519 - Minimum threshold (at least 1 signature required).
- MULTI_
ED25519_ SCHEME - The authentication key scheme byte for multi-Ed25519 accounts.
- MULTI_
KEY_ MAX_ NUM_ OF_ KEYS - Maximum number of keys in a multi-key account.
- MULTI_
KEY_ MIN_ THRESHOLD - Minimum threshold (at least 1 signature required).
- MULTI_
KEY_ SCHEME - The authentication key scheme byte for multi-key accounts (unified).
- SECP256
K1_ PRIVATE_ KEY_ LENGTH secp256k1 - Secp256k1 private key length in bytes.
- SECP256
K1_ PUBLIC_ KEY_ LENGTH secp256k1 - Secp256k1 public key length in bytes (compressed).
- SECP256
K1_ PUBLIC_ KEY_ UNCOMPRESSED_ LENGTH secp256k1 - Secp256k1 uncompressed public key length in bytes.
- SECP256
K1_ SIGNATURE_ LENGTH secp256k1 - Secp256k1 signature length in bytes (DER encoded max).
- SECP256
R1_ PRIVATE_ KEY_ LENGTH secp256r1 - Secp256r1 private key length in bytes.
- SECP256
R1_ PUBLIC_ KEY_ LENGTH secp256r1 - Secp256r1 public key length in bytes (compressed).
- SECP256
R1_ SIGNATURE_ LENGTH secp256r1 - Secp256r1 signature length in bytes.
- SINGLE_
KEY_ SCHEME - The authentication key scheme byte for single-key accounts (unified).
Traits§
- Public
Key - A trait for public key types.
- Signature
- A trait for signature types.
- Signer
- A trait for types that can sign messages.
- Verifier
- A trait for types that can verify signatures.
Functions§
- derive_
address - Derives an account address from a public key and scheme.
- derive_
authentication_ key - Derives an authentication key from a public key and scheme.
- sha2_
256 - Computes the SHA2-256 hash of the input.
- sha3_
256 - Computes the SHA3-256 hash of the input.
- sha3_
256_ of - Computes the SHA3-256 hash of multiple byte slices.
- signing_
message - Computes a domain-separated hash for transaction signing.