crypto_x25519: Note that _from_eddsa exists

author Fabio Scotoni <34964387+fscoto@users.noreply.github.com>

Tue, 31 Mar 2020 11:39:37 +0000 (13:39 +0200)

committer Fabio Scotoni <34964387+fscoto@users.noreply.github.com>

Tue, 31 Mar 2020 11:40:25 +0000 (13:40 +0200)
author Fabio Scotoni <34964387+fscoto@users.noreply.github.com>
Tue, 31 Mar 2020 11:39:37 +0000 (13:39 +0200)
committer Fabio Scotoni <34964387+fscoto@users.noreply.github.com>
Tue, 31 Mar 2020 11:40:25 +0000 (13:40 +0200)
diff --git a/doc/man/man3/crypto_x25519.3monocypher b/doc/man/man3/crypto_x25519.3monocypher

index 0aa8b459e95cb3ecb0289823443ad8acc368d4dd..e39c0d4d575f3f480a7a665f20a60d17f0ab158e 100644 (file)
--- a/doc/man/man3/crypto_x25519.3monocypher
+++ b/doc/man/man3/crypto_x25519.3monocypher
@@ -52,7 +52,7 @@
  .\" with this software.  If not, see
  .\" <https://creativecommons.org/publicdomain/zero/1.0/>
  .\"
-.Dd March 2, 2020
+.Dd March 31, 2020
  .Dt CRYPTO_X25519 3MONOCYPHER
  .Os
  .Sh NAME
@@ -128,6 +128,15 @@ compare the output of
  to an all-zero buffer using
  .Xr crypto_verify32 3monocypher ;
  abort the protocol if the output and the all-zero buffer are equal.
+.Pp
+Do not use the same secret key for both key exchanges and signatures.
+The public keys are different, and revealing both may leak information.
+If there really is no room to store or derive two different secret keys,
+consider generating a key pair for signatures and then converting it
+with
+.Xr crypto_from_eddsa_private 3monocypher
+and
+.Xr crypto_from_eddsa_public 3monocypher .
  .Sh RETURN VALUES
  .Fn crypto_x25519
  and
author	Fabio Scotoni <34964387+fscoto@users.noreply.github.com>
	Tue, 31 Mar 2020 11:39:37 +0000 (13:39 +0200)
committer	Fabio Scotoni <34964387+fscoto@users.noreply.github.com>
	Tue, 31 Mar 2020 11:40:25 +0000 (13:40 +0200)