Ed25519 sign & verify

Sign a message with your Ed25519 private key, or verify a signature with the public key. Keys as PEM, hex, or base64; deterministic (RFC 8032). Runs in your browser — keys never leave your device.

Try:
Result

About this tool

Ed25519 Sign & Verify does both halves of an Ed25519 signature in one place. Pick Sign to turn a message + your private key into a signature, or Verify to check a signature against a message and the signer's public key. Everything runs in your browser via WebAssembly — your keys and messages are never uploaded.

Ed25519 is EdDSA over Curve25519 (RFC 8032): fast, 32-byte keys, 64-byte signatures, and used by SSH, OpenPGP, JWT (EdDSA), and TLS.

Worked example

Sign the single byte 0x72 with the RFC 8032 test key. Choose Sign, set Message to 72, Message encoding to Hex, and paste the raw private key:

key = 4ccd089b28ff96da9db6c346ec114e0f5b8a319f35aba624da8cf6ed4fb8a6fb

You get back the deterministic signature and the derived public key:

signature (hex): 92a009a9f0d4cab8720e820b5f642540a2b27b5416503f8fb3762223ebdb69da
                 085ac1e43e15996e458f3613d0f11d8c387b2eaeb4302aeeb00d291612bb0c00
public key (hex): 3d4017c3e843895a92b70aa74d1b7ebc9c982ccf2ec4968cc0cd55f12af4660c

Switch to Verify, keep the same message, paste that public key into the key box and the signature into the signature box, and you get valid: true.

Options

Deterministic signatures

Ed25519 is deterministic by design (RFC 8032): the nonce is derived from the key and message, so signing the same message with the same key always produces the same signature. There is no RNG and no repeated-nonce risk.

Limits & edge cases

FAQ

What key formats can I paste?

For signing: an Ed25519 private key as PKCS#8 PEM (-----BEGIN PRIVATE KEY-----), or the raw 32-byte seed as hex or base64 (a 64-byte seed || public keypair also works). For verifying: the public key as SPKI PEM (-----BEGIN PUBLIC KEY-----) or the raw 32-byte point as hex or base64. The tool auto-detects hex vs base64 by length.

Why is the signature the same every time I sign?

That's expected. Ed25519 signatures are deterministic (RFC 8032) — the per-signature nonce is derived from the private key and message rather than a random number, so the same key + message always yields the same 64-byte signature. It removes the catastrophic key-leak risk that a repeated random nonce causes in ECDSA.

Verify says "valid: false" — what went wrong?

The signature doesn't match the message under that public key. Common causes: the message text or message encoding differs from what was signed (a trailing newline counts), the signature belongs to a different key, or you pasted the wrong public key. Double-check that the message bytes and public key are exactly the signer's.

Is this the same as ECDSA, RSA, or SSH signing?

No. Ed25519 is EdDSA over Curve25519 — a different scheme from ECDSA (NIST P-256/P-384) and RSA. It's the algorithm behind modern ssh-ed25519 keys and JWT's EdDSA, but the raw signature here is not an SSH or PGP wire signature — it's the bare 64-byte Ed25519 signature.

Do my keys or messages leave the browser?

No. Signing and verifying run locally in WebAssembly; nothing is sent to a server. Still, treat any pasted production private key with care and prefer test keys where you can.

Developer & Automation Access

Run it from the terminal

Same engine as this page, headless — via the gizza CLI:

gizza tool ed25519-sign-verify "..."

New to the CLI? Get gizza →

Open it by URL

Pre-fill and auto-run this tool with query parameters — the names match the API/CLI:

https://gizza.ai/tools/ed25519-sign-verify/?operation=sign&message=The%20message%20to%20sign%20or%20verify&message_encoding=utf8&key=-----BEGIN%20PRIVATE%20KEY-----%0A...%0A-----END%20PRIVATE%20KEY-----%20%20%20%C2%B7%20%20%20or%20raw%2032-byte%20key%20as%20hex%2Fbase64&signature=hex%20or%20base64%20signature%20%E2%80%94%20required%20when%20verifying

Machine-readable descriptor: tool.json — title + parameters JSON Schema for agents.