The draft CSR[1] for the EdDSA API[2] is ready for review. Please take a
look and send me any feedback you may have. Here are a few high-level
notes to explain the API:
1) Where possible, this API is similar to the API for X25519/X448. To
get the complete background/motivation for the API design, you can
review the discussion[3] on this topic.
2) Similar to X25519/X448, private keys are byte arrays, and public keys
coordinates. Though we can't get by with a single BigInteger coordinate
for EdDSA, so I am using the new EdPoint class to hold the coordinates.
3) EdDSA has multiple signature modes defined in the RFC[4], including
some that "prehash" the input before signing. The draft API uses the
EdDSAParameterSpec class to specify parameters of these modes. The
standard does not allow an arbitrary choice of prehash function, so the
API for EdDSA does not support algorithm names like "SHA256withEdDSA".
[1] https://wiki.openjdk.java.net/display/csr/Main
[2] https://bugs.openjdk.java.net/browse/JDK-8190219
[3]
http://mail.openjdk.java.net/pipermail/security-dev/2017-September/016325.html
[4] https://tools.ietf.org/html/rfc8032
