ed25519 and sha256

Robert J. Hansen rjh at sixdemonbag.org
Wed Sep 25 22:35:50 CEST 2019

> According to Wikipedia "Ed25519 is the EdDSA signature scheme using
> SHA-512 and Curve25519”. Granted, I have sha256 in my preferences,
> but the standard should override that, correct?

Wikipedia is not a very good reference for low-level technical details.
 Ed25519 is shorthand for "EdDSA on a specific curve": it is silent on
the subject of hash algorithms, although you can specify one as
"Ed25519-SHA-512" or what-have-you.

Many other applications, such as DNSSEC, call for SHA-256 to be used
with Ed25519.

>From the original paper defining Ed25519:

"Our recommended curve for EdDSA is a twisted Edwards curve birationally
equivalent to the curve Curve25519 from [12]. ... We use the name
Ed25519 for EdDSA with this particular choice of curve.

Specifically, Ed25519-SHA-512 is EdDSA with ... SHA-512."


More information about the Gnupg-users mailing list