Ed25519 Digital Signatures
Ed25519 digital signatures provide cryptographic non-repudiation for Enterprise QR codes.
Overview
Ed25519 is a high-speed, secure digital signature algorithm based on elliptic curve cryptography. GoValid uses Ed25519 for Enterprise QR codes to provide legal-grade document authentication.
What is Non-Repudiation?
Non-repudiation means the signer cannot deny having signed the document. Ed25519 signatures provide:
- Authenticity: Proof that the document was signed by the claimed signer
- Integrity: Proof that the document has not been modified after signing
- Non-repudiation: The signer cannot deny having signed the document
How It Works
Key Generation
- Each user has a unique Ed25519 key pair (public + private key)
- The private key is encrypted and stored securely
- The public key is available for verification
Signing Process
- User creates a QR code with Enterprise security level
- User enters their signing PIN
- The document data is hashed
- The hash is signed with the user's private key
- The signature is embedded in the QR code
Verification Process
- Scanner reads the QR code
- The signature is extracted
- The document data is re-hashed
- The signature is verified using the public key
- Verification result is displayed
Signing PIN
The signing PIN adds an extra layer of security:
- Required for every Enterprise QR signature
- Prevents unauthorized signing even if the account is compromised
- Can be changed in security settings
- Is separate from the account password
Setting Up Signing PIN
- Go to Account → Security
- Click Set Signing PIN
- Enter a 6-digit PIN
- Confirm the PIN
Changing Signing PIN
- Go to Account → Security
- Click Change Signing PIN
- Enter current PIN
- Enter new PIN and confirm
Signature Verification
Via Verification Page
When scanning an Enterprise QR:
- The verification page shows the signature status
- Displays signer identity and timestamp
- Shows document integrity status
- Provides cryptographic proof details
Developer option: API verification
curl -X POST https://api.govalid.org/api/v1/qr/verify/ \
-H "Content-Type: application/json" \
-d '{
"code": "abc123",
"verify_signature": true
}'
Response:
{
"valid": true,
"security_level": "enterprise",
"signature": {
"valid": true,
"signer": {
"name": "John Doe",
"verified": true
},
"signed_at": "2025-01-29T12:00:00Z",
"algorithm": "Ed25519"
},
"integrity": "intact"
}
Use Cases
| Scenario | Why Ed25519 |
|---|---|
| Legal contracts | Non-repudiation in court |
| Government documents | Official authentication |
| Financial certificates | Audit compliance |
| Academic credentials | Degree verification |
| Regulatory filings | Compliance proof |
Technical Details
Algorithm
- Name: Ed25519 (EdDSA using SHA-512 and Curve25519)
- Key size: 256 bits
- Signature size: 512 bits (64 bytes)
- Speed: Very fast signing and verification
Security Properties
- Resistant to side-channel attacks
- Deterministic signatures (no randomness needed)
- No known practical attacks
- Widely audited and standardized
Standards Compliance
- RFC 8032: Edwards-Curve Digital Signature Algorithm (EdDSA)
- NIST-approved curve (Curve25519)
- Compatible with major cryptographic libraries
Key Management
Private Key Protection
- Encrypted at rest with AES-256
- Never transmitted over the network
- Only used for signing operations
- Backed up securely for recovery
Public Key Distribution
- Available via API for verification
- Embedded in verification pages
- Can be exported for offline verification
Related
- Security Levels - Enterprise QR details
- Encryption - Data encryption
- Security Overview - Security architecture