pinkpixel-dev/implementing-digital-signatures-with-ed25519
SKILLS/implementing-digital-signatures-with-ed25519/SKILL.md
Ed25519 is a high-performance digital signature algorithm using the Edwards curve Curve25519. It provides 128-bit security with 64-byte signatures and 32-byte keys, offering significant advantages ove
$ install --global
skillsauthnpx skillsauth add pinkpixel-dev/skills-collection-2 implementing-digital-signatures-with-ed25519Install this skill globally with one command. Works with Claude Code, Cursor, and Windsurf.
Security Scan Results
3 of 9 scanners reported clean
Some scanners were skipped, did not run, or reported a non-clean status. Review each row below.
3
Scanners Passed
9
Scanners in report
Clean
TrivyContainer and dependency vulnerability scanner
95%
Clean
SemgrepStatic code analysis for vulnerabilities
95%
Clean
mcp-scan (Snyk)Model Context Protocol security validation
95%
Skipped
Snyk (dep)Open source security scanning
50%
Skipped
Socket.devSupply chain security analysis
50%
Skipped
VirusTotalMulti-engine malware detection
50%
Skipped
CrowdStrikeAdvanced threat intelligence
50%
Skipped
OSV-ScannerOpen Source Vulnerability database check
50%
Skipped
OWASP Dep-Check
50%
Last scanned: May 13, 2026, 4:31 AM157.3s7 files scanned
SKILL.md
- name:
- implementing-digital-signatures-with-ed25519
- description:
- Ed25519 is a high-performance digital signature algorithm using the Edwards curve Curve25519. It provides 128-bit security with 64-byte signatures and 32-byte keys, offering significant advantages ove
- domain:
- cybersecurity
- subdomain:
- cryptography
- tags:
- [cryptography, digital-signatures, ed25519, authentication, integrity]
- version:
- 1.0
- author:
- mahipal
- license:
- Apache-2.0
Implementing Digital Signatures with Ed25519
Overview
Ed25519 is a high-performance digital signature algorithm using the Edwards curve Curve25519. It provides 128-bit security with 64-byte signatures and 32-byte keys, offering significant advantages over RSA and ECDSA including deterministic signatures (no random nonce needed), resistance to side-channel attacks, and fast verification. This skill covers implementing Ed25519 for document signing, code signing, and API authentication.
When to Use
- When deploying or configuring implementing digital signatures with ed25519 capabilities in your environment
- When establishing security controls aligned to compliance requirements
- When building or improving security architecture for this domain
- When conducting security assessments that require this implementation
Prerequisites
- Familiarity with cryptography concepts and tools
- Access to a test or lab environment for safe execution
- Python 3.8+ with required dependencies installed
- Appropriate authorization for any testing activities
Objectives
- Generate Ed25519 key pairs for signing
- Sign messages and files with Ed25519
- Verify signatures against public keys
- Implement multi-signature verification
- Build a simple code signing system
- Compare Ed25519 performance with RSA and ECDSA
Key Concepts
Ed25519 vs RSA vs ECDSA
| Property | Ed25519 | RSA-3072 | ECDSA P-256 | |----------|---------|----------|-------------| | Security | 128-bit | 128-bit | 128-bit | | Public key size | 32 bytes | 384 bytes | 64 bytes | | Signature size | 64 bytes | 384 bytes | 64 bytes | | Key generation | ~50 us | ~100 ms | ~1 ms | | Sign | ~70 us | ~5 ms | ~200 us | | Verify | ~200 us | ~200 us | ~500 us | | Deterministic | Yes | No (PSS) | No (unless RFC 6979) |
Key Properties
- Deterministic: Same message + key always produces same signature
- Collision-resistant: No separate hash function needed
- Side-channel resistant: Constant-time implementation
- Small keys: 32 bytes each (public and private)
Security Considerations
- Ed25519 does not support key recovery from signatures
- Verify the full message, not a hash (Ed25519 hashes internally)
- Public keys must be validated before use (check for low-order points)
- Private keys should be stored encrypted at rest
- Ed25519 is not yet approved for all NIST use cases (Ed448 is preferred for federal)
Validation Criteria
- [ ] Key pair generation produces valid Ed25519 keys
- [ ] Signature verification succeeds for valid message
- [ ] Signature verification fails for tampered message
- [ ] Signature verification fails for wrong public key
- [ ] Deterministic: same input produces same signature
- [ ] File signing and verification works correctly
- [ ] Performance meets or exceeds RSA-3072
Related Skills
pinkpixel-dev/implementing-rapid7-insightvm-for-scanning
development
VerifiedTrustedCommunity
Deploy and configure Rapid7 InsightVM Security Console and Scan Engines for authenticated and unauthenticated vulnerability scanning across enterprise environments.
1SKILL.mdUpdated May 29, 2026
pinkpixel-dev/implementing-ransomware-kill-switch-detection
testing
VerifiedTrustedCommunity
Detects and exploits ransomware kill switch mechanisms including mutex-based execution guards, domain-based kill switches, and registry-based termination checks. Implements proactive mutex vaccination and kill switch domain monitoring to prevent ransomware from executing. Activates for requests involving ransomware kill switch analysis, mutex vaccination, WannaCry-style domain kill switches, or malware execution guard detection.
1SKILL.mdUpdated May 29, 2026
pinkpixel-dev/implementing-ransomware-backup-strategy
testing
VerifiedTrustedCommunity
Designs and implements a ransomware-resilient backup strategy following the 3-2-1-1-0 methodology (3 copies, 2 media types, 1 offsite, 1 immutable/air-gapped, 0 errors on restore verification). Configures backup schedules aligned to RPO/RTO requirements, implements backup credential isolation to prevent ransomware from compromising backup infrastructure, and establishes automated restore testing. Activates for requests involving ransomware backup planning, backup resilience, air-gapped backup design, or backup recovery point objective configuration.
1SKILL.mdUpdated May 29, 2026
pinkpixel-dev/implementing-purdue-model-network-segmentation
testing
VerifiedTrustedCommunity
Implement network segmentation based on the Purdue Enterprise Reference Architecture (PERA) model to separate industrial control system networks into hierarchical security zones from Level 0 physical process through Level 5 enterprise, enforcing strict traffic control between OT and IT domains.
1SKILL.mdUpdated May 29, 2026