Expand description
Cryptographic primitives for the Aptos SDK.
This module provides implementations of the signature schemes supported by Aptos, including Ed25519, Secp256k1, and Secp256r1 (P-256).
§Feature Flags
ed25519(default): Ed25519 signaturessecp256k1(default): Secp256k1 ECDSA signaturessecp256r1: Secp256r1 (P-256) ECDSA signaturesbls: BLS12-381 signatures
§Security Considerations
§Timing Attacks
The PartialEq implementations for cryptographic types use standard byte
comparisons which may not be constant-time. This is generally acceptable
because:
- Public keys and signatures are not secret material
- Signature verification in the underlying libraries uses constant-time operations for the actual cryptographic comparisons
If you need constant-time comparisons for specific use cases (e.g., comparing
against expected signatures in tests), consider using the subtle crate’s
ConstantTimeEq trait.
§Key Material Protection
Private key types clear their secret key material from memory when they are
dropped. The SDK wrappers hold the underlying key types directly
(ed25519_dalek::SigningKey, the k256/p256 SigningKey, and
blst::min_pk::SecretKey), each of which zeroizes its own secret on drop
(ed25519-dalek / k256 / p256 implement ZeroizeOnDrop; blst
zeroizes its SecretKey on drop). The secret is therefore wiped when the
wrapper goes out of scope.
The BLS private key (Bls12381PrivateKey) additionally implements
Zeroize, so it can be wiped eagerly via zeroize(). For the Ed25519,
Secp256k1, and Secp256r1 keys the underlying types do not expose Zeroize,
so eager zeroization is delegated to drop rather than an explicit
zeroize() call.
Note: secret bytes copied out via to_bytes(), to_hex(), or Clone are
independent copies that this mechanism does not track; callers must wipe
those themselves.
§Example
use aptos_sdk::crypto::{Ed25519PrivateKey, Signer};
let private_key = Ed25519PrivateKey::generate();
let message = b"hello world";
let signature = private_key.sign(message);
let public_key = private_key.public_key();
assert!(public_key.verify(message, &signature).is_ok());Structs§
- AnyPublic
Key - A public key that can be any supported signature scheme.
- AnySignature
- A signature that can be any supported signature scheme.
- Bls12381
Private Key bls - A BLS12-381 private key.
- Bls12381
Proof OfPossession bls - A BLS12-381 proof of possession.
- Bls12381
Public Key bls - A BLS12-381 public key.
- Bls12381
Signature bls - A BLS12-381 signature.
- Ed25519
Private Key ed25519 - An Ed25519 private key.
- Ed25519
Public Key ed25519 - An Ed25519 public key.
- Ed25519
Signature ed25519 - An Ed25519 signature.
- Multi
Ed25519 Public Key ed25519 - A multi-Ed25519 public key.
- Multi
Ed25519 Signature ed25519 - A multi-Ed25519 signature.
- Multi
KeyPublic Key - A multi-key public key supporting mixed signature schemes.
- Multi
KeySignature - A multi-key signature containing signatures from multiple signers.
- Secp256k1
Private Key secp256k1 - A Secp256k1 ECDSA private key.
- Secp256k1
Public Key secp256k1 - A Secp256k1 ECDSA public key.
- Secp256k1
Signature secp256k1 - A Secp256k1 ECDSA signature.
- Secp256r1
Private Key secp256r1 - A Secp256r1 (P-256) ECDSA private key.
- Secp256r1
Public Key secp256r1 - A Secp256r1 (P-256) ECDSA public key.
- Secp256r1
Signature secp256r1 - A Secp256r1 (P-256) ECDSA signature.
Enums§
- AnyPublic
KeyVariant - Supported signature schemes for multi-key.
- Hash
Function - Available hash functions.
Constants§
- BLS12381_
POP_ LENGTH bls - BLS12-381 proof of possession length in bytes.
- BLS12381_
PRIVATE_ KEY_ LENGTH bls - BLS12-381 private key length in bytes.
- BLS12381_
PUBLIC_ KEY_ LENGTH bls - BLS12-381 public key length in bytes (compressed).
- BLS12381_
SIGNATURE_ LENGTH bls - BLS12-381 signature length in bytes (compressed).
- ED25519_
PRIVATE_ KEY_ LENGTH ed25519 - Ed25519 private key length in bytes.
- ED25519_
PUBLIC_ KEY_ LENGTH ed25519 - Ed25519 public key length in bytes.
- ED25519_
SCHEME - The authentication key scheme byte for Ed25519 single-key accounts.
- ED25519_
SIGNATURE_ LENGTH ed25519 - Ed25519 signature length in bytes.
- MAX_
NUM_ OF_ KEYS ed25519 - Maximum number of keys in a multi-Ed25519 account.
- MIN_
THRESHOLD ed25519 - Minimum threshold (at least 1 signature required).
- MULTI_
ED25519_ SCHEME - The authentication key scheme byte for multi-Ed25519 accounts.
- MULTI_
KEY_ MAX_ NUM_ OF_ KEYS - Maximum number of keys in a multi-key account.
- MULTI_
KEY_ MIN_ THRESHOLD - Minimum threshold (at least 1 signature required).
- MULTI_
KEY_ SCHEME - The authentication key scheme byte for multi-key accounts (unified).
- SECP256
K1_ PRIVATE_ KEY_ LENGTH secp256k1 - Secp256k1 private key length in bytes.
- SECP256
K1_ PUBLIC_ KEY_ LENGTH secp256k1 - Secp256k1 public key length in bytes (compressed).
- SECP256
K1_ PUBLIC_ KEY_ UNCOMPRESSED_ LENGTH secp256k1 - Secp256k1 uncompressed public key length in bytes.
- SECP256
K1_ SIGNATURE_ LENGTH secp256k1 - Secp256k1 signature length in bytes (raw fixed-width
r || s, 32 bytes each). - SECP256
R1_ PRIVATE_ KEY_ LENGTH secp256r1 - Secp256r1 private key length in bytes.
- SECP256
R1_ PUBLIC_ KEY_ LENGTH secp256r1 - Secp256r1 public key length in bytes (compressed).
- SECP256
R1_ SIGNATURE_ LENGTH secp256r1 - Secp256r1 signature length in bytes.
- SINGLE_
KEY_ SCHEME - The authentication key scheme byte for single-key accounts (unified).
Traits§
- Public
Key - A trait for public key types.
- Signature
- A trait for signature types.
- Signer
- A trait for types that can sign messages.
- Verifier
- A trait for types that can verify signatures.
Functions§
- derive_
address - Derives an account address from a public key and scheme.
- derive_
authentication_ key - Derives an authentication key from a public key and scheme.
- sha2_
256 - Computes the SHA2-256 hash of the input.
- sha3_
256 - Computes the SHA3-256 hash of the input.
- sha3_
256_ of - Computes the SHA3-256 hash of multiple byte slices.
- signing_
message - Builds the signing message for an Aptos transaction preimage.