Things that use Ed25519

Updated: July 10, 2018

Here's a list of protocols and software that use or support the superfast, super secure Ed25519 public-key signature system from Daniel J. Bernstein, Niels Duif, Tanja Lange, Peter Schwabe, and Bo-Yin Yang.

You may also be interested in this list of Curve25519 ECDH deployment .

Protocols

  • TLS 1.3 — Transport Layer Security
  • SSH — thanks to work done by the OpenSSH team, adopted also by TinySSH and others
  • Signal Protocol — encrypted messaging protocol derivative of OTR Messaging
  • cryptosphere — Encrypted peer-to-peer web application platform for decentralized, privacy-preserving applications
  • saltpack — a modern crypto messaging format
  • ORDO — Ordered Representation for Distinguished Objects: A Certificate Format
  • RAET — (Reliable Asynchronous Event Transport) Protocol
  • Evernym — a high-speed, privacy-enhancing, distributed public ledger engineered for self-sovereign identity
  • Chain Key Derivation — a deterministic key derivation scheme
  • dfi — a distributed file sharing and indexing network
  • BLEMeshChat — 100% sneakernet chat via Bluetooth LE Mesh, for iOS and Android
  • (n+1)sec — a free, end-to-end secure, synchronous protocol for group chat
  • PASETO — a specification and reference implementation for secure stateless tokens

Networks

  • Tor — The Onion Router anonymity network
  • I2P — an anonymous network
  • GNUnet — a framework for secure peer-to-peer networking that does not use any centralized or otherwise trusted services
  • Serval — Mesh telecommunications
  • Yggdrasil — a fully end-to-end encrypted network
  • URC — an IRC style, private, security aware, open source project
  • Stellar (Payment Network) — low-cost, real-time transactions on a distributed ledger
  • Sia — Blockchain-based marketplace for file storage
  • cjdns — encrypted ipv6 mesh networking

Operating systems

  • OpenBSD — used in OpenSSH, signify, and in CVS over SSH
  • OpenWrt — used in package signing
  • All operating systems that ship with OpenSSH 6.5+ from the OpenBSD Project

Software projects signed with Ed25519

  • OpenBSD signs releases, packages, and patches with Ed25519 via signify
  • M:Tier signs OpenBSD packages and binary updates with Ed25519 via signify
  • minisign signs releases with Ed25519 via minisign
  • libsodium signs releases with Ed25519 via minisign
  • dnscrypt-proxy signs its resolver list with Ed25519 via minisign
  • SimpleDnsCrypt signs packages with Ed25519 via minisign
  • dnscrypt-osxclient signs packages with Ed25519 via minisign
  • Markdeep signs releases with Ed25519 via minisign
  • Airship signs automatic updates with Ed25519
  • LibreSSL signs releases with Ed25519 via signify
  • radare2 signs releases with Ed25519 via signify
  • OpenSMTPD signs releases with Ed25519 via signify
  • DNSCurve.io signs downloads with Ed25519 via signify

Hardware

  • SC4 HSM — a fully-open USB2 HSM (hardware-secure module)
  • crypto-in-a-box — Turns an Arduino into a cryptography token
  • YubiHSM 2 — a cost-effective Hardware Security Module (HSM) for servers and IoT gateways
  • Voting machines in Brazil — administered by Justiça Eleitoral brasileira; printable Ed25519-signed QR code paper trails
  • SafeNet Luna Network HSMs — High Assurance Hardware Security Modules
  • CEC1702 — ARM Cortex M4-based microcontroller with a complete hardware cryptography-enabled solution in a single package

Software

  • dnscrypt-proxy — securing communications between a client and a DNS resolver
  • GnuPG — GNU Privacy Guard
  • reop — reasonable expectation of privacy
  • dnsdist — dnsdist supports DNSCrypt
  • Unbound — a validating, recursive, and caching DNS resolver
  • PowerDNS Recursor — a high-performance DNS recursor with built-in scripting capabilities
  • PowerDNS Authoritative Server — the only solution that enables authoritative DNS service from all major databases
  • SimpleDnsCrypt — A simple management tool for dnscrypt-proxy
  • tweetnacl-tools — Tools for using TweetNaCl
  • Wire — fully encrypted calls, video and group chats available on all your devices
  • Hyperledger Iroha — blockchain platform designed for simple creation and management of assets
  • i2pd — Simplified C++ implementation of I2P client
  • Semaphor — zero-knowledge messaging and file transfer
  • sigtool — Signify like tool in Golang - only easier and simpler
  • Sandstorm — Personal Cloud Sandbox
  • SSH software with full modern crypto support (X25519, Ed25519 and ChaCha20-Poly1305)
    • OpenSSH — Secure Shell from the OpenBSD project
    • TinySSH — a small SSH server with state-of-the-art cryptography
    • Win32-OpenSSH — Win32 port of OpenSSH
    • PuTTY — a free implementation of SSH and Telnet for Windows and Unix platforms
    • WinSCP — a popular SFTP client for Microsoft Windows
    • asyncssh — an asynchronous SSH2 client and server atop asyncio
    • Termius — iOS SSH client
    • rlogin — Japanese rlogin, telnet, and ssh client
    • pssht — SSH server written in PHP
  • SSH software with partial modern crypto support
    • Golang ssh — for both client and server keys
    • ConnectBot — SSH client for Android
    • passphrase-identity — Regenerable ed25519 keys for OpenSSH and OpenPGP
    • teleport — Modern SSH server for teams managing distributed infrastructure
    • Prompt — SSH client for iOS
    • ssh-key-generator — A utility for deterministically generating ssh keypairs
    • determin-ed — Create deterministic ed25519 keys from seedfile and password for openssh-key-v1 format
    • net-ssh — Pure Ruby implementation of an SSH (protocol 2) client
    • SmartFTP — an FTP, SSH, SFTP client
    • Cyberduck — Libre FTP, SFTP, WebDAV, S3, Azure & OpenStack Swift browser for Mac and Windows
    • ed25519hetzner — Script to scan OpenSSH host key and known_hosts files for shared keys from server hoster Hetzner
    • 2sshfp — Build SSHFP DNS records - ecdsa & ed25519 support (sh)
    • edkey — write ED25519 private keys in the OpenSSH private key format
    • tinyssh-convert — convert ed25519 hostkeys from openssh format
    • MobaXterm — Windows SSH client
    • Paramiko — A Python implementation of SSHv2
    • Tera Term — SSH client for Windows
    • TinyTERM (proprietary; support according to this )
  • pts-dropbear — Dropbear SSH tools with ed25519 and other improvements by pts
  • Airship — Secure Content Management for the Modern Web - "The sky is only the beginning"
  • trust-dns — A Rust based DNS client and server
  • Rubinius Language Platform — a modern language platform that supports a number of programming languages
  • KadNode — P2P name resolution daemon based on a Distributed Hash Table (DHT)
  • pbp — salty privacy (provides basic functionality resembling PGP)
  • sodium11 — A command line toolkit for encryption and signing of files based on libsodium
  • fwup — Configurable embedded Linux firmware update creator and runner
  • libdime — The DIME resolver library and command line utilities
  • GoVPN — DPI/censorship-resistant, written on Go
  • locker — easy secure locker
  • auth — sample ed25519 browser extension backend
  • cosi — CoSi command line interface
  • crypt — ed25519 chrome extension
  • TarsierMessenger — Tarsier Messenger is a messaging application using WiFi direct
  • zkc — Zero Knowledge Communications
  • mkp224o — vanity address generator for ed25519 onion services
  • FalconGate — A smart gateway to stop hackers and Malware attacks (includes DNSCrypt support)
  • piknik — Copy/paste anything over the network
  • detox-crypto — High-level utilities that combine under simple interfaces complexity of the cryptographic layer used in Detox project
  • RChain Cooperative — a consesus algorithm using a proof-of-stake protocol
  • horse25519 — Ed25519 vanity public key generator
  • clmm — An exercise in cryptographic minimlism
  • salty — A practical, compact CLI crypto system based on TweetNaCl, featuring public key sharing and zero-password peer stream encryption
  • twisted-ego — Vanity Ed25519/Cv25519 GPG Keys
  • DoorKeeper — An attempt to enable secure communication, authentication & authorization for my ESP8266 project
  • stellar-hd-wallet — Key derivation for Stellar (SEP-0005)
  • WebSign — used by Cyph
  • box — Simple file authenticated encryption/decryption
  • jfpg — A relatively small, simple GPG-like encryption utility using TweetNaCl and Argon2
  • mulsigo — decentralized multi signature scheme pgp compatible
  • session-keys-js — A cryptographic tool for the deterministic generation of unique user IDs, and NaCl cryptographic keys
  • Isotoxin — Multiprotocol messenger for windows XP and later with tox support
  • dename — NameCoin-style names using consensus instead of proof of work
  • nacl-signature — Nodejs module to sign/verify data using NaCl
  • challenge-su — `su` implementation using Ed25519 signatures for challenge/response
  • SC4 — Strong Crypto for Mere Mortals
  • Scorex — The modular blockchain framework
  • strongSwan — open source IPsec-based VPN
  • pcp — Pretty Curved Privacy
  • mcrypt — Message Crypto - Encrypt and sign individual messages
  • srndv2 — some random news daemon (version 2)
  • go-anvil — Forge "no password on the wire" authentication challenges
  • gen-ed25-keypair — Haskell CLI tool to generate Ed25519 keys and sign/verify msgs
  • CPGB — Curve Privacy Guard B, a secure replacement for GPG using ECC
  • Simply Good Privacy — PGP-like system without web of trust
  • cubed_old — A proper open-source minecraft clone in C++
  • BigchainDB — A scalable blockchain database
  • KinomaJS — A JavaScript runtime optimized for the applications that power IoT devices
  • verifysignature — Sample of standalone portable C to verify Ed25519 public-key signature
  • tiny-ssh-keygen-ed25519 — tiny ssh-keygen for ed25519 keypairs in standard C
  • SQRL — Secure Quick Reliable Login
  • ed25519 — Erlang port program for ed25519 sign and verify from libsodium
  • py_ssh_keygen_ed25519 — ssh-keygen for ed25519 keypairs in Pure Python
  • jsign — Tool to sign files and verify signature
  • DNSCryptClient — A simple DNSCrypt client
  • Kraken — C ed25519-donna Key Pair generator
  • falconlab
  • rust-sign — Proof of concept for rustup signing/verification
  • freepass — The free password manager for power users
  • scuttles — Miscellaneous Secure Scuttlebutt stuff
  • cordova-plugin-minisodium — A minimal cordova plugin that provides a binding to libsodium
  • textsecure-go — TextSecure client package for Go
  • Dhall — Sign/Verify files
  • HAP-NodeJS — Node.js implementation of HomeKit Accessory Server
  • Osteria — secure point-to-point messenger
  • sick — Sign and check streams cryptographically using the ed25519 algorithm
  • curvebench — Benchmark comparing secp256k1 to ed25519
  • cryptutils — Various crypto utilties based on a common NaCl/Ed25519 core
  • srndv2 — some random news daemon (version 2)
  • ed2curve-js — Convert Ed25519 signing keys into Curve25519 Diffie-Hellman keys
  • tuf — a secure updater framework for Python
  • PoSH-Sodium — Powershell module to wrap libsodium-net methods
  • crypto-bench — Benchmarks for crypto libraries (in Rust, or with Rust bindings)
  • SUPERCOP — a cryptographic benchmarking suite
  • Signify software

    This section is for OpenBSD signify ported to Linux and other operating systems.

    • OpenBSD: signify — cryptographically sign and verify files
    • Adrian Perez: signify-portable — OpenBSD tool to sign and verify signatures
    • mancha: signify-portable — put together by mancha
    • Felix von Leitner: signify-fefe — signify that builds on Linux
    • Vsevolod Stakhov: asignify — Yet another signify tool
    • Jean-Philippe Ouellet: signify-osx — OS X port of OpenBSD's signify(1)
    • Michael Gehring: signify-go — Go implementation of OpenBSD's signify(1)
    • Yui NARUSE: nurse-signify — portable version of OpenBSD's signify with autoconf
    • Christian Neukirchen: chneukirchen-signify
    • Blitznote: bliznote-signify — signify that builds on Linux
    • Aaron Bieber: signify.el — signify package for emacs
    • Tobias Stoeckmann: signify-windows — OpenBSD signify for Windows systems
    • Björn Edström: python-signify — OpenBSD Signify for Python
    • Robert Escriva: rescrv-signify — signify ported from OpenBSD
    • Heinrich Schuchardt: usign — tiny signify replacement
    • Frank Braun: gosignify — a Go reimplementation of OpenBSD's signify
    • Debian packages: signify-openbsd
    • Greg (myfreeweb): freepass — The free password manager for power users + signify support
    • Jan-Erik Rediger: signify-rs — Create cryptographic signatures for files and verify them

    Minisign software and libraries

    Minisign is compatable with signify.

    • Frank Denis: minisign — A dead simple tool to sign files and verify signatures. Compatable with OpenBSD signify!
      • Package availability: Homebrew for OS X; Scoop and chocolatey in Windows; Void Linux; Alpine Linux; Nix package manager
  • minisign-misc — macOS workflows and shell scripts to verify and sign files with minisign
  • rsign — A simple rust implementation of Minisign tool
  • go-minisign — Minisign library for Golang
  • minisign-net — .NET library to handle and create minisign signatures
  • TLS Libraries

    NaCl Crypto Libraries

    For cryptographic libraries in the NaCl family, including TweetNaCl, uNaCl, and libsodium, as well as wrappers, bindings, and ports.

    • TweetNaCl + wrappers & bindings
      • TweetNaCl — a crypto library in 100 tweets (Daniel J. Bernstein, Bernard van Gastel, Wesley Janssen, Tanja Lange, Peter Schwabe, Sjaak Smetsers)
      • Erlang: TweetNaCl-Erlang — Erlang bindings for TweetNaCl
      • Go: tweetnacl-go — a wrapper around TweetNaCl
      • Jim TCL: jim-nacl — NaCl extension for Jim TCL (using TweetNaCl)
      • Julia: TweetNaCl-Julia — Julia wrapper for the TweetNaCl library
      • Objective-C: tweetnacl-objc — Objective-C bindings to the TweetNaCl crypto library
      • Lua: luatweetnacl — Lua wrapper arount the Tweet NaCl cryptographic library
  • Node.js: naclb — NaCl module binding for Node.js
  • OCaml: ocaml-tweetnacl — TweetNaCl for OCaml
  • Perl6: perl6-tweetnacl
  • Python: Python-TweetNaCl — a wrapper around the C implementation of TweetNaCl
  • Python: python-tweetnacl — Python bindings to the "TweetNaCl" cryptography library
  • Q/KDB: qsalt — NaCl bindings for Q/KDB
  • Racket: racl — Racket bindings for nacl.cr.yp.to
  • Ruby: tweetnacl-ruby — TweetNaCl Ruby C-extension
  • Rust: rust-tweetnacl — Rust wrapper for TweetNaCl crypto library
  • Rust: knuckle — Rust bindings to TweetNaCl
  • Rust: libredsalt — Simple Rust bindings to the tweetnacl library
  • Swift: tweetnacl-swiftwrap — from Bitmark Inc.
  • TCL: nacl-tcl — tcl package for Networking and Cryptography library (pronounced "salt")
  • TweetNaCl ports etc.
  • JavaScript: tweetnacl-nodewrap — Port of TweetNaCl / NaCl to javascript Node.js
  • Python: pure_pynacl — A pure python implementation of TweetNaCl
  • Rust: sodalite — tweetnacl in rust
  • Rust: microsalt — High Level Pure Rust Crypto library for your trusty rusty programs
  • TypeScript: tweetnacl-ts — Port of TweetNaCl cryptographic library to TypeScript (and ES6)
  • WebAssembly: TweetNacl-WebAssembly — This is a testbed for some web assembly experiments
  • μNaCl — The Networking and Cryptography library for microcontrollers (Core team: Michael Hutter and Peter Schwabe)
  • libsodium + wrappers & bindings
  • Swift: swift-sodium
  • UWP: libsodium-uwp
  • libsodium.js — The sodium crypto library compiled to pure JavaScript using Emscripten
  • PASETO libraries

    • Go: paseto — Platform-Agnostic Security Tokens implementation in GO (Golang)
    • Python: pypaseto — PASETO for Python
    • Ruby: paseto.rb — Ruby implementation of Paseto using libsodium

    Libraries

  • C: libbrine (Kevin Smith)
  • C: Ed25519 (ArduinoLibs)
  • C++ curve25519-uwp (Jeff R)
  • C#: ed25519 (Hans Wolff)
  • C#: curve25519-pcl (Jeff R)
  • C#: Ed25519 (CryptoManiac)
  • Clojure: ed25519 (Kevin Downey)
  • Elixir: ed25519_ex (Matt Miller)
  • Go: ed25519 (Adam Langley)
  • Go: ed25519 (Nebulous)
  • Go: blakEd25519 (Inkeliz) — uses Blake2 instead of SHA-2
  • Haskell: hs-scraps (Vincent Hanquez)
  • Java: ed25519-java (str4d)
  • Java: ed25519-java (k3d3)
  • Java: ed25519 (Bjorn Arnelid)
  • Java: ed25519-java (Keith M)
  • Java: Punisher.NaCl (Arpan Jati)
  • Java: Ed25519 (GNUnet)
  • Java: ED25519 (Mick Michalski)
  • Node.js: Ed25519 (Boris Povod)
  • Perl: Crypt::Ed25519 (Marc Lehmann)
  • Python: ed25519.py (Ed25519 authors)
  • Python: ed25519 (Python Cryptographic Authority)
  • Python: python-pure25519 (Brian Warner)
  • Python: ietf-eddsa (Simon Josefsson)
  • Python: nmed25519 (naturalmessage)
  • Python: ed25519 (vbuterin)
  • Python: ed25519.py (Shiho Midorikawa)
  • Rust: ed25519-dalek (Isis Agora Lovecruft)
  • Swift: ed25519swift (pebble8888)
  • VHDL: edxcel_old (Software Defined Buildings)
  • Ed25519 standalone (wrappers and bindings)
  • Other Libraries
    • PHP 7.2.0+ — a popular general-purpose scripting language that is especially suited to web development
    • ring — Crypto library for Rust using BoringSSL's cryptography primitives
    • HACL* — a formally verified cryptographic library written in F*
    • Chaos.NaCl — a cryptography library writen in C#, based on NaCl
    • Nettle — a low-level cryptographic library
      • Bindings available in Haskell, Perl, Pike, PostgreSQL, R6RS Scheme, and TCL
  • Monocypher — a small, secure, auditable, easy to use crypto library
  • libsuola — An ENGINE gluing together OpenSSL and NaCl-derived crypto
  • curve25519-java — Pure Java and JNI backed Curve25519 implementation
    • scrypto — Cryptographic primitives for Scala (includes Curve25519-Java wrapper)
  • Noise-C — a plain C implementation of the Noise Protocol
  • curve25519-dalek — a Rust implementation of field and group operations on an Edwards curve over GF(2 255 - 19)
  • libgodium — Pure Go implementation of cryptographic APIs found in libsodium
  • Libgcrypt — a general purpose cryptographic library originally based on code from GnuPG
  • hs-nacl — Modern Haskell Cryptography
  • Signatory — a pure Rust multi-provider digital signature library
  • Elligator-2 — Javascript implementation of the Elligator 2 algorithm for Curve25519
  • nacl4s — Scala implementation of Networking and Cryptography (NaCl) library
  • kevinburke-nacl — Pure Go implementation of the NaCl set of APIs
  • Sapient — Secure API toolkit
  • mipher — Mobile Cipher library written in clean TypeScript
  • rust-crypto-decoupled — Experiment on dividing rust-crypto into several small crates
  • OpenPGP.js — an Open Source OpenPGP library in JavaScript
  • Crypto++ — a free C++ class library of cryptographic schemes
  • pycryptopp — Python bindings to the Crypto++ library
  • eddsa — EdDSA python prototype
  • libelligator — A C++ Elligator2 implementation
  • extra25519 — includes AGL's Go implementation of Elligator
  • elliptic — Fast Elliptic Curve Cryptography in plain javascript
  • nsec — A modern and easy-to-use crypto library for .NET Core based on libsodium
  • amber — Cryptography library. X25519, Ed25519, ChaCha20, Blake2, Poly1305, Scrypt
  • nacl-cert — NaCl Certification System
  • cryptonite — a haskell repository of cryptographic primitives
  • easy-ecc — A usability wrapper for PHP ECC
  • edcert — A rust crate for high-performance content-signing and certificate verification
  • dnscrypt-python — DNSCrypt Python Library
  • dnscrypt — Very basic DNSCrypt library for Go
  • dnscrypt-proxy-gui — Qt/KF5 GUI wrapped over dnscrypt-proxy
  • libsignal-protocol-c — Signal Protocol C Library
  • sshj — ssh, scp and sftp for java
  • salt-channel-c — C implementation of Salt Channel
  • xeddsa — port of libsignal's xeddsa implementation to the pitchfork
  • TweetPepper — Formats, PKI using TweetNaCl as the Crypto
  • hc — HomeControl is an implementation of the HomeKit Accessory Protocol (HAP) in Go
  • GO-JWT-ed25519 — A very basic GO implementation of JWT using ed25519
  • libssh — a library written in C implementing the SSH protocol
  • Personal-HomeKit-HAP — build HomeKit support accessories
  • ocaml-bip32-ed25519 — OCaml implementation of BIP32-Ed25519 (Khovratovich/Law flavour)
  • cryptostack — cryptographic library based on Curve25519, Ed25519, blake2b, Poly1305, XSalsa20 primitives
  • prototok — RbNaCl + json/msgpack/protobuf key generation/parsing gem
  • kyber — Advanced crypto library for the Go language
  • Ed25519_DS — Ed25519 node.js library
  • go-lib — Useful, Reusable Golang libraries
  • Neuro:pil — a small messaging library which by default adds two layers of encryption
  • The Update Framework — helps developers to secure new or existing software update systems
  • spring-boot-wow — spring boot integrity and multi modules with spring-boot include ed25519
  • libaxolotl-crypto-web — WebCrypto implementation of cryptography interface for libaxolotl-javascript
  • libaxolotl-javascript — A JavaScript implementation of axolotl
  • libaxolotl-crypto-node — Node.js implementation of cryptography interface for libaxolotl-javascript
  • ed25519-to-x25519.wasm — Library for Ed25519 signing key pair into X25519/Curve25519 key pair suitable for Diffie-Hellman key exchange
  • crypto — crypto with ed25519 + base58 or other
  • edssh — ed25519 signature support for golang.org/x/crypto/ssh
  • salt-channel — A Java implementation of Salt Channel - a simple, light-weight secure channel protocol
  • SharedEcc25519 — ANSI-C based cross-platform elliptic curve cryptography provider with objc api
  • Virgil Crypto Library — modern cryptography libraries (ECIES and RSA with Cryptographic Agility) and all the necessary infrastructure
  • arduinolibs-Crypto — Arduino libraries and examples
  • libuecc — Very small Elliptic Curve Cryptography library
  • ecc25519 — combine golang ed25519 and curve25519 libray in one
  • erlang-libdecaf — ed448goldilocks (libdecaf) NIF with timeslice reductions for Erlang and Elixir (+Ed25519)
  • ruby-jose — JSON Object Signing and Encryption (JOSE) for Ruby
  • erlang-jose — JSON Object Signing and Encryption (JOSE) for Erlang and Elixir
  • redux-signatures — Cryptographic signing of your redux (or flux) actions
  • HeavyThing — x86_64 assembler library
  • libcryptoconditions — Interledger crypto-conditions implemented in C, including simple JSON api
  • joken — Elixir JWT library
  • jwt_nacl — A Ruby JSON Web Token implementation using NaCl Ed25519 digital signatures
  • go-libp2p-crypto — Various cryptographic utilities used by ipfs
  • libsqrl — a library implementing the SQRL Specification
  • yii2-api — A Yii2 API Skeleton Framework
  • hp_ecc_avx2 — an optimized library for computing EdDSA and the Diffie-Hellman functions X25519 and X448
  • cryptofamily — a heap of primitives, algorithms, etc.
  • kcl — NaCl substitute of sorts in Elixir
  • c25519 — Curve25519 and Ed25519 for low-memory systems
  • python-signedjson — Sign JSON objects with ED25519 signatures
  • signedjson — Signs JSON objects with ED25519 signatures
  • supercop.js — not to be confused with SUPERCOP
  • molch — An implementation of the axolotl ratchet based on libsodium
  • sshlib — ConnectBot's SSH library
  • tankfeeder — writtein in picolisp
  • Javascript: asymmetric-crypto — Encryption and signing using public-key cryptography (via TweetNaCl)
  • coniks-go — A CONIKS implementation in Golang
  • pspka — password seeded public key authentication
  • curve25519-js — Curve25519 Javascript Implementation
  • ed25519-supercop — ed25519 curve operations using a supercop/ref10 implementation
  • libeddsa — cryptographic library for ed25519 and curve25519
  • libec — Small PKI library
  • AFEnacl — An AFNetworking subclass providing payload signing via libsodium
  • eddsa — Structures for safe handling of Ed25519 keys
  • ECC-25519 — helps to use ECC with Curve25519
  • Salt — NaCl cryptography library for PHP (not by the NaCl authors)
  • KCl — NaCl, but heavier (not compatable with NaCl)
  • libgcrypt — a general purpose cryptographic library based on the code from GnuPG
  • 25519 — Key agreement (X25519) and signing (ed25519)
  • js-stellar-base — the lowest-level stellar helper library
  • microstar-crypto — Cryptography library for Microstar, wrapping TweetNaCl
  • libaxolotl-crypto-curve25519 — emscripten compiled version of curve25519 and ed25519
  • shick_crypto — multi recipient NaCl-style encryption via libsodium
  • SQRL-Protocol — A helper library to handle SQRL requests and responses
  • gryphon — HTTP Request Signing with Ed25519
  • python-axolotl-curve25519 — curve25519 with ed25519 signatures, used by libaxolotl
  • secret-handshake — Javascript-based authentication
  • python-sshpubkeys — OpenSSH public key parser for Python
  • Cryptocurrencies, blockchains, and ledgers

    • Monero — a secure, private, untraceable currency
    • Decred — Hybridized PoW/PoS cryptocurrency
    • Chain Core — enterprise-grade blockchain infrastructure that enables organizations to build better financial services from the ground up
    • tezos — A self-amending cryptographic ledger
    • Chronicle — a self-hostable microservice and append-only public ledger

    Miscellaneous

    • Matthew Green : "Any potential 'up my sleeve' number should be looked at with derision and thoroughly examined (Schneier thinks that the suggested NIST ECC curves are probably compromised by NSA using 'up my sleeve' constants). This is why I think we all should embrace DJB's curve25519."
    • Ted Unangst : "The one and only supported algorithm is Ed25519. It has a lot of very nice properties, though I really like the deterministic signatures. Anything that makes it harder to screw up is great."
    • GnuPG : "For many people the NIST and also the Brainpool curves have an doubtful origin and thus the plan for GnuPG is to use Bernstein's Curve 25519 as default. GnuPG 2.1.0 already comes with support for signing keys using the Ed25519 variant of this curve. This has not yet been standardized by the IETF (i.e. there is no RFC) but we won't wait any longer and go ahead using the proposed format for this signing algorithm."
    • Cesar Pereida García and Billy Bob Brumley and Yuval Yarom: Make Sure DSA Signing Exponentiations Really are Constant-Time : "OpenSSH supports building without OpenSSL as a dependency. We recommend that OpenSSH package maintainers switch to this option. For OpenSSH administrators and users, we recommend migrating to ssh-ed25519 key types, the implementation of which has many desirable side-channel properties."
    • Adam Caudill : "FYI - Went through 12.5M executions with afl against the minisign verification function, no hits. Good job!"
    • Ted Unangst : "It takes more code for a TLS client to negotiate Hello and do the key exchange than in all of signify."
    • Adam Langley : "Current ECDSA deployments involve an ECDSA key in an X.509 certificate and ephemeral, ECDHE keys being generated by the server as needed. These ephemeral keys are signed by the ECDSA key. A similar design would have an Ed25519 key in the X.509 certificate and curve25519 used for ECDHE. I don't believe there's anything needed to get that working save for switching out the algorithms."

    Timeline notes

    Ed25519 support coming soon!

    • TLS 1.3 — Transport Layer Security
    • LibreSSL — "Add objects for X25519, X448, Ed25519 and Ed448"
    • NaCl — Networking and Cryptography Library
    • Tor — for Hidden Services; already used elsewhere in Tor
    • wolfSSL — Roadmap: "ed25519 integration at the crypto and TLS level" — already supported at the crypto level
    • BearSSL — Smaller SSL/TLS
    • OpenSSL — for use in libcrypto and libssl (TLS)
    • tink — a small crypto library that provides a safe, simple, agile and fast way to accomplish some common crypto tasks
    • pgsodium — Postgres extension wrapper around libsodium
    • DNSSEC — a horrible protocol that shouldn't be used
  • Zcash — a decentralized and open source cryptocurrency using groundbreaking cryptography (for JoinSplit signatures)
  • Brave Sync — A client/server for Brave sync
  • kovri — The Kovri I2P Router Project
  • Peergos — An end-to-end encrypted, peer-to-peer file storage, sharing and communication network
  • cothority — Scalable collective authority prototype
  • ithos — Modern directory services and credential management
  • messagesodium — Patches ActiveSupport's MessageEncryptor to use libsodium
  • Upspin — "TODO(ehg) add "25519": x/crypto/curve25519, github.com/agl/ed25519"
  • Tendermint — Simple, Secure, Scalable Blockchain Platform
  • curve-ed25519 — WIP!
  • freepass — The free password manager for power users. (Already supports ssh-ed25519 and signify, plans to support SQRL!)
  • php71_crypto — Pluggable Cryptography Interface for PHP 7.1
  • ed25519 — an implementation of ed25519 in lisp
  • gtank-ed25519 — General-purpose implementation of the Ed25519 curve
  • prifi — Work-in-progress Dissent port/rewrite for low-latency anonymous communication
  • WAMP-cryptosign — The WAMP Protocol team is working on WAMP-cryptosign; see also wamp-proto.org
  • raaz — Cryptographic network library for Haskell
  • petmail — secure messaging, file-transfer, and directory synchronization
  • antinet-before-yedino — safe decentralized network for data and contracts
  • coname — a WIP impl. of an EXPERIMENTAL cooperative keyserver design based on ideas from dename and CONIKS
  • mute — secure messaging (currently in alpha release)
  • Crossbar.io - WAMP application router — plans to implement WAMP-cryptosign
  • libsodium-laravel — Laravel integration for libsodium
  • End-To-End — a Chrome extension that helps you encrypt, decrypt, digital sign, and verify signed messages within the browser using OpenPGP
  • "Powered by Ed25519"