How to use ed25519 to encrypt/decrypt data?

Question

Currently I am investigating https://github.com/orlp/ed25519 , and it has example for signing but how to use it for encrypting/decrypting data? Thanks

Answer 1

Assuming you want to send a message to Alice who has the public key A.

1. Generate a new ephemeral key pair e, E
2. Compute the shared DH secret between e and A using the ed25519_key_exchange function.
3. Use some kind of of KDF of that secret. In the simplest case a hash.
4. Use the value derived in step 3 as key in a symmetric algorithm

NaCl's crypto_box works almost like this. The main differences are that it uses Montgomery form public keys and uses HSalsa20 as hash in step 3.

Some people don't feel comfortable with using the same keypair for signing and encryption. Use at your own risk. If you don't need this key reuse, I'd recommend LibSodium as an alternative.

Answer 2

You don't. ED25519 is a public-key signature system, not an encryption system. Trying to use it for a purpose it was not designed for is likely to introduce security vulnerabilities.