adding the messenger service and its client-side library

Signed-off-by: TheJackiMonster <thejackimonster@gmail.com>

8 files changed, 538 insertions, 99 deletions

diff --git a/src/identity/gnunet-identity.c b/src/identity/gnunet-identity.c
index d0f5546f3..a01cd1ed7 100644
--- a/src/identity/gnunet-identity.c
+++ b/src/identity/gnunet-identity.c
@@ -66,6 +66,11 @@ static unsigned int verbose;
 static int quiet;
 
 /**
+ * Was "eddsa" specified?
+ */
+static int type_eddsa;
+
+/**
  * -C option
  */
 static char *create_ego;
@@ -108,7 +113,7 @@ static struct GNUNET_IDENTITY_Operation *delete_op;
 /**
  * Private key from command line option, or NULL.
  */
-struct GNUNET_CRYPTO_EcdsaPrivateKey pk;
+struct GNUNET_IDENTITY_PrivateKey pk;
 
 /**
  * Value to return from #main().
@@ -197,7 +202,7 @@ delete_finished (void *cls,
  */
 static void
 create_finished (void *cls,
-                 const struct GNUNET_CRYPTO_EcdsaPrivateKey *pk,
+                 const struct GNUNET_IDENTITY_PrivateKey *pk,
                  const char *emsg)
 {
   struct GNUNET_IDENTITY_Operation **op = cls;
@@ -212,16 +217,16 @@ create_finished (void *cls,
   }
   else if (verbose)
   {
-    struct GNUNET_CRYPTO_EcdsaPublicKey pub;
+    struct GNUNET_IDENTITY_PublicKey pub;
     char *pubs;
 
-    GNUNET_CRYPTO_ecdsa_key_get_public (pk, &pub);
-    pubs = GNUNET_CRYPTO_ecdsa_public_key_to_string (&pub);
+    GNUNET_IDENTITY_key_get_public (pk, &pub);
+    pubs = GNUNET_IDENTITY_public_key_to_string (&pub);
     if (private_keys)
     {
       char *privs;
 
-      privs = GNUNET_CRYPTO_ecdsa_private_key_to_string (pk);
+      privs = GNUNET_IDENTITY_private_key_to_string (pk);
       fprintf (stdout, "%s - %s\n", pubs, privs);
       GNUNET_free (privs);
     }
@@ -293,7 +298,7 @@ print_ego (void *cls,
            void **ctx,
            const char *identifier)
 {
-  struct GNUNET_CRYPTO_EcdsaPublicKey pk;
+  struct GNUNET_IDENTITY_PublicKey pk;
   char *s;
   char *privs;
 
@@ -342,8 +347,8 @@ print_ego (void *cls,
                      set_ego)) )
     return;
   GNUNET_IDENTITY_ego_get_public_key (ego, &pk);
-  s = GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk);
-  privs = GNUNET_CRYPTO_ecdsa_private_key_to_string (
+  s = GNUNET_IDENTITY_public_key_to_string (&pk);
+  privs = GNUNET_IDENTITY_private_key_to_string (
     GNUNET_IDENTITY_ego_get_private_key (ego));
   if ((monitor) || (NULL != identifier))
   {
@@ -357,9 +362,16 @@ print_ego (void *cls,
     else
     {
       if (private_keys)
-        fprintf (stdout, "%s - %s - %s\n", identifier, s, privs);
+        fprintf (stdout, "%s - %s - %s - %s\n",
+                 identifier, s, privs,
+                 (ntohl (pk.type) == GNUNET_IDENTITY_TYPE_ECDSA) ?
+                 "ECDSA" : "EdDSA");
       else
-        fprintf (stdout, "%s - %s\n", identifier, s);
+        fprintf (stdout, "%s - %s - %s\n",
+                 identifier, s,
+                 (ntohl (pk.type) == GNUNET_IDENTITY_TYPE_ECDSA) ?
+                 "ECDSA" : "EdDSA");
+
     }
   }
   GNUNET_free (privs);
@@ -407,11 +419,12 @@ run (void *cls,
                                      strlen (privkey_ego),
                                      &pk,
                                      sizeof(struct
-                                            GNUNET_CRYPTO_EcdsaPrivateKey));
+                                            GNUNET_IDENTITY_PrivateKey));
       create_op =
         GNUNET_IDENTITY_create (sh,
                                 create_ego,
                                 &pk,
+                                0, // Ignored
                                 &create_finished,
                                 &create_op);
     }
@@ -420,6 +433,9 @@ run (void *cls,
         GNUNET_IDENTITY_create (sh,
                                 create_ego,
                                 NULL,
+                                (type_eddsa) ?
+                                GNUNET_IDENTITY_TYPE_EDDSA :
+                                GNUNET_IDENTITY_TYPE_ECDSA,
                                 &create_finished,
                                 &create_op);
   }
@@ -456,6 +472,11 @@ main (int argc, char *const *argv)
                                  gettext_noop (
                                    "set the private key for the identity to PRIVATE_KEY (use together with -C)"),
                                  &privkey_ego),
+    GNUNET_GETOPT_option_flag ('X',
+                               "eddsa",
+                               gettext_noop (
+                                 "generate an EdDSA identity. (use together with -C) EXPERIMENTAL"),
+                               &type_eddsa),
     GNUNET_GETOPT_option_flag ('d',
                                "display",
                                gettext_noop ("display all egos"),
diff --git a/src/identity/gnunet-service-identity.c b/src/identity/gnunet-service-identity.c
index bdacf3ba0..6cdb1c2f7 100644
--- a/src/identity/gnunet-service-identity.c
+++ b/src/identity/gnunet-service-identity.c
@@ -57,7 +57,7 @@ struct Ego
   /**
    * Private key of the ego.
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey pk;
+  struct GNUNET_IDENTITY_PrivateKey pk;
 
   /**
    * String identifier for the ego.
@@ -538,8 +538,8 @@ handle_get_default_message (void *cls,
  * @return 0 if the keys are equal
  */
 static int
-key_cmp (const struct GNUNET_CRYPTO_EcdsaPrivateKey *pk1,
-         const struct GNUNET_CRYPTO_EcdsaPrivateKey *pk2)
+key_cmp (const struct GNUNET_IDENTITY_PrivateKey *pk1,
+         const struct GNUNET_IDENTITY_PrivateKey *pk2)
 {
   return GNUNET_memcmp (pk1, pk2);
 }
@@ -738,10 +738,10 @@ handle_create_message (void *cls,
   send_result_code (client, 0, NULL);
   fn = get_ego_filename (ego);
   (void) GNUNET_DISK_directory_create_for_file (fn);
-  if (sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey) !=
+  if (sizeof(struct GNUNET_IDENTITY_PrivateKey) !=
       GNUNET_DISK_fn_write (fn,
                             &crm->private_key,
-                            sizeof(struct GNUNET_CRYPTO_EcdsaPrivateKey),
+                            sizeof(struct GNUNET_IDENTITY_PrivateKey),
                             GNUNET_DISK_PERM_USER_READ
                             | GNUNET_DISK_PERM_USER_WRITE))
     GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_ERROR, "write", fn);
@@ -1038,6 +1038,67 @@ handle_delete_message (void *cls, const struct DeleteMessage *dm)
 }
 
 
+static int
+read_from_file (const char *filename,
+                void *buf,
+                size_t buf_size)
+{
+  int fd;
+  struct stat sb;
+
+  fd = open (filename,
+             O_RDONLY);
+  if (-1 == fd)
+  {
+    memset (buf,
+            0,
+            buf_size);
+    return GNUNET_SYSERR;
+  }
+  if (0 != fstat (fd,
+                  &sb))
+  {
+    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
+                              "stat",
+                              filename);
+    GNUNET_assert (0 == close (fd));
+    memset (buf,
+            0,
+            buf_size);
+    return GNUNET_SYSERR;
+  }
+  if (sb.st_size != buf_size)
+  {
+    GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
+                "File `%s' has wrong size (%llu), expected %llu bytes\n",
+                filename,
+                (unsigned long long) sb.st_size,
+                (unsigned long long) buf_size);
+    GNUNET_assert (0 == close (fd));
+    memset (buf,
+            0,
+            buf_size);
+    return GNUNET_SYSERR;
+  }
+  if (buf_size !=
+      read (fd,
+            buf,
+            buf_size))
+  {
+    GNUNET_log_strerror_file (GNUNET_ERROR_TYPE_WARNING,
+                              "read",
+                              filename);
+    GNUNET_assert (0 == close (fd));
+    memset (buf,
+            0,
+            buf_size);
+    return GNUNET_SYSERR;
+  }
+  GNUNET_assert (0 == close (fd));
+  return GNUNET_OK;
+}
+
+
 /**
  * Process the given file from the "EGODIR".  Parses the file
  * and creates the respective 'struct Ego' in memory.
@@ -1063,9 +1124,9 @@ process_ego_file (void *cls,
   }
   ego = GNUNET_new (struct Ego);
   if (GNUNET_OK !=
-      GNUNET_CRYPTO_ecdsa_key_from_file (filename,
-                                         GNUNET_NO,
-                                         &ego->pk))
+      read_from_file (filename,
+                      &ego->pk,
+                      sizeof (ego->pk)))
   {
     GNUNET_free (ego);
     GNUNET_log (GNUNET_ERROR_TYPE_WARNING,
diff --git a/src/identity/identity.h b/src/identity/identity.h
index ef638fa36..11c5883bc 100644
--- a/src/identity/identity.h
+++ b/src/identity/identity.h
@@ -30,6 +30,44 @@
 
 #include "gnunet_common.h"
 
+/**
+ * Handle for an ego.
+ */
+struct GNUNET_IDENTITY_Ego
+{
+  /**
+   * Hash of the private key of this ego.
+   */
+  struct GNUNET_HashCode id;
+
+  /**
+   * The identity key pair
+   */
+  struct GNUNET_IDENTITY_PublicKey pub;
+
+  /**
+   * The identity key pair
+   */
+  struct GNUNET_IDENTITY_PrivateKey pk;
+
+  /**
+   * Current name associated with this ego.
+   */
+  char *name;
+
+  /**
+   * Client context associated with this ego.
+   */
+  void *ctx;
+
+  /**
+   * Set to true once @e pub was initialized
+   */
+  bool pub_initialized;
+};
+
+
+
 
 GNUNET_NETWORK_STRUCT_BEGIN
 
@@ -95,7 +133,7 @@ struct UpdateMessage
   /**
    * The private key
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey private_key;
+  struct GNUNET_IDENTITY_PrivateKey private_key;
 
   /* followed by 0-terminated ego name */
 };
@@ -151,7 +189,7 @@ struct SetDefaultMessage
   /**
    * The private key
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey private_key;
+  struct GNUNET_IDENTITY_PrivateKey private_key;
 
   /* followed by 0-terminated service name */
 };
@@ -181,7 +219,7 @@ struct CreateRequestMessage
   /**
    * The private key
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey private_key;
+  struct GNUNET_IDENTITY_PrivateKey private_key;
 
   /* followed by 0-terminated identity name */
 };
@@ -239,42 +277,5 @@ struct DeleteMessage
 
 GNUNET_NETWORK_STRUCT_END
 
-/**
- * Handle for an ego.
- */
-struct GNUNET_IDENTITY_Ego
-{
-  /**
-   * Hash of the private key of this ego.
-   */
-  struct GNUNET_HashCode id;
-
-  /**
-   * Private key associated with this ego.
-   */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey pk;
-
-  /**
-   * Public key associated with this ego. Initialized on demand.
-   * Always use #GNUNET_IDENTITY_ego_get_public_key() to obtain.
-   */
-  struct GNUNET_CRYPTO_EcdsaPublicKey pub;
-
-  /**
-   * Current name associated with this ego.
-   */
-  char *name;
-
-  /**
-   * Client context associated with this ego.
-   */
-  void *ctx;
-
-  /**
-   * Set to true once @e pub was initialized
-   */
-  bool pub_initialized;
-};
-
 
 #endif
diff --git a/src/identity/identity_api.c b/src/identity/identity_api.c
index f7aca1655..64c088923 100644
--- a/src/identity/identity_api.c
+++ b/src/identity/identity_api.c
@@ -74,7 +74,7 @@ struct GNUNET_IDENTITY_Operation
   /**
    * Private key to return to @e create_cont, or NULL.
    */
-  struct GNUNET_CRYPTO_EcdsaPrivateKey pk;
+  struct GNUNET_IDENTITY_PrivateKey pk;
 
   /**
    * Continuation to invoke with the result of the transmission for
@@ -157,13 +157,12 @@ GNUNET_IDENTITY_ego_get_anonymous ()
 {
   static struct GNUNET_IDENTITY_Ego anon;
   static int setup;
-  struct GNUNET_CRYPTO_EcdsaPublicKey pub;
 
   if (setup)
     return &anon;
-  anon.pk = *GNUNET_CRYPTO_ecdsa_key_get_anonymous ();
-  GNUNET_CRYPTO_ecdsa_key_get_public (&anon.pk,
-                                      &pub);
+  anon.pk.type = htonl (GNUNET_IDENTITY_TYPE_ECDSA);
+  anon.pub.type = htonl (GNUNET_IDENTITY_TYPE_ECDSA);
+  anon.pk.ecdsa_key = *GNUNET_CRYPTO_ecdsa_key_get_anonymous ();
   GNUNET_CRYPTO_hash (&anon.pk,
                       sizeof(anon.pk),
                       &anon.id);
@@ -172,6 +171,51 @@ GNUNET_IDENTITY_ego_get_anonymous ()
 }
 
 
+enum GNUNET_GenericReturnValue
+GNUNET_IDENTITY_key_get_public (const struct
+                                GNUNET_IDENTITY_PrivateKey *privkey,
+                                struct GNUNET_IDENTITY_PublicKey *key)
+{
+  key->type = privkey->type;
+  switch (ntohl (privkey->type))
+  {
+  case GNUNET_IDENTITY_TYPE_ECDSA:
+    GNUNET_CRYPTO_ecdsa_key_get_public (&privkey->ecdsa_key,
+                                        &key->ecdsa_key);
+    break;
+  case GNUNET_IDENTITY_TYPE_EDDSA:
+    GNUNET_CRYPTO_eddsa_key_get_public (&privkey->eddsa_key,
+                                        &key->eddsa_key);
+    break;
+  default:
+    GNUNET_break (0);
+    return GNUNET_SYSERR;
+  }
+  return GNUNET_OK;
+}
+
+
+static int
+private_key_create (enum GNUNET_IDENTITY_KeyType ktype,
+                    struct GNUNET_IDENTITY_PrivateKey *key)
+{
+  key->type = htonl (ktype);
+  switch (ktype)
+  {
+  case GNUNET_IDENTITY_TYPE_ECDSA:
+    GNUNET_CRYPTO_ecdsa_key_create (&key->ecdsa_key);
+    break;
+  case GNUNET_IDENTITY_TYPE_EDDSA:
+    GNUNET_CRYPTO_eddsa_key_create (&key->eddsa_key);
+    break;
+  default:
+    GNUNET_break (0);
+    return GNUNET_SYSERR;
+  }
+  return GNUNET_OK;
+}
+
+
 /**
  * Try again to connect to the identity service.
  *
@@ -591,7 +635,7 @@ GNUNET_IDENTITY_connect (const struct GNUNET_CONFIGURATION_Handle *cfg,
  * @param ego the ego
  * @return associated ECC key, valid as long as the ego is valid
  */
-const struct GNUNET_CRYPTO_EcdsaPrivateKey *
+const struct GNUNET_IDENTITY_PrivateKey *
 GNUNET_IDENTITY_ego_get_private_key (const struct GNUNET_IDENTITY_Ego *ego)
 {
   return &ego->pk;
@@ -606,12 +650,11 @@ GNUNET_IDENTITY_ego_get_private_key (const struct GNUNET_IDENTITY_Ego *ego)
  */
 void
 GNUNET_IDENTITY_ego_get_public_key (struct GNUNET_IDENTITY_Ego *ego,
-                                    struct GNUNET_CRYPTO_EcdsaPublicKey *pk)
+                                    struct GNUNET_IDENTITY_PublicKey *pk)
 {
   if (GNUNET_NO == ego->pub_initialized)
   {
-    GNUNET_CRYPTO_ecdsa_key_get_public (&ego->pk,
-                                        &ego->pub);
+    GNUNET_IDENTITY_key_get_public (&ego->pk, &ego->pub);
     ego->pub_initialized = GNUNET_YES;
   }
   *pk = ego->pub;
@@ -710,20 +753,11 @@ GNUNET_IDENTITY_set (struct GNUNET_IDENTITY_Handle *h,
 }
 
 
-/**
- * Create a new identity with the given name.
- *
- * @param h identity service to use
- * @param name desired name
- * @param privkey desired private key or NULL to create one
- * @param cont function to call with the result (will only be called once)
- * @param cont_cls closure for @a cont
- * @return handle to abort the operation
- */
 struct GNUNET_IDENTITY_Operation *
 GNUNET_IDENTITY_create (struct GNUNET_IDENTITY_Handle *h,
                         const char *name,
-                        const struct GNUNET_CRYPTO_EcdsaPrivateKey *privkey,
+                        const struct GNUNET_IDENTITY_PrivateKey *privkey,
+                        enum GNUNET_IDENTITY_KeyType ktype,
                         GNUNET_IDENTITY_CreateContinuation cont,
                         void *cont_cls)
 {
@@ -749,7 +783,10 @@ GNUNET_IDENTITY_create (struct GNUNET_IDENTITY_Handle *h,
   crm->name_len = htons (slen);
   crm->reserved = htons (0);
   if (NULL == privkey)
-    GNUNET_CRYPTO_ecdsa_key_create (&crm->private_key);
+  {
+    GNUNET_assert (GNUNET_OK ==
+                   private_key_create (ktype, &crm->private_key));
+  }
   else
     crm->private_key = *privkey;
   op->pk = crm->private_key;
@@ -917,4 +954,316 @@ GNUNET_IDENTITY_disconnect (struct GNUNET_IDENTITY_Handle *h)
 }
 
 
+ssize_t
+private_key_get_length (const struct GNUNET_IDENTITY_PrivateKey *key)
+{
+  switch (ntohl (key->type))
+  {
+  case GNUNET_IDENTITY_TYPE_ECDSA:
+    return sizeof (key->type) + sizeof (key->ecdsa_key);
+    break;
+  case GNUNET_IDENTITY_TYPE_EDDSA:
+    return sizeof (key->type) + sizeof (key->eddsa_key);
+    break;
+  default:
+    GNUNET_break (0);
+  }
+  return -1;
+}
+
+
+ssize_t
+GNUNET_IDENTITY_key_get_length (const struct GNUNET_IDENTITY_PublicKey *key)
+{
+  switch (ntohl (key->type))
+  {
+  case GNUNET_IDENTITY_TYPE_ECDSA:
+    return sizeof (key->type) + sizeof (key->ecdsa_key);
+    break;
+  case GNUNET_IDENTITY_TYPE_EDDSA:
+    return sizeof (key->type) + sizeof (key->eddsa_key);
+    break;
+  default:
+    GNUNET_break (0);
+  }
+  return -1;
+}
+
+
+ssize_t
+GNUNET_IDENTITY_read_key_from_buffer (struct GNUNET_IDENTITY_PublicKey *key,
+                                      const void*buffer,
+                                      size_t len)
+{
+  if (len < sizeof (key->type))
+    return -1;
+  GNUNET_memcpy (&(key->type), buffer, sizeof (key->type));
+  const ssize_t length = GNUNET_IDENTITY_key_get_length (key);
+  if (len < length)
+    return -1;
+  if (length < 0)
+    return -2;
+  GNUNET_memcpy (&(key->ecdsa_key), buffer + sizeof (key->type), length
+                 - sizeof (key->type));
+  return length;
+}
+
+
+ssize_t
+GNUNET_IDENTITY_write_key_to_buffer (const struct
+                                     GNUNET_IDENTITY_PublicKey *key,
+                                     void*buffer,
+                                     size_t len)
+{
+  const ssize_t length = GNUNET_IDENTITY_key_get_length (key);
+  if (len < length)
+    return -1;
+  if (length < 0)
+    return -2;
+  GNUNET_memcpy (buffer, key, length);
+  return length;
+}
+
+
+ssize_t
+GNUNET_IDENTITY_signature_get_length (const struct
+                                      GNUNET_IDENTITY_Signature *sig)
+{
+  switch (ntohl (sig->type))
+  {
+  case GNUNET_IDENTITY_TYPE_ECDSA:
+    return sizeof (sig->type) + sizeof (sig->ecdsa_signature);
+    break;
+  case GNUNET_IDENTITY_TYPE_EDDSA:
+    return sizeof (sig->type) + sizeof (sig->eddsa_signature);
+    break;
+  default:
+    GNUNET_break (0);
+  }
+  return -1;
+}
+
+
+ssize_t
+GNUNET_IDENTITY_read_signature_from_buffer (struct
+                                            GNUNET_IDENTITY_Signature *sig,
+                                            const void*buffer,
+                                            size_t len)
+{
+  if (len < sizeof (sig->type))
+    return -1;
+  GNUNET_memcpy (&(sig->type), buffer, sizeof (sig->type));
+  const ssize_t length = GNUNET_IDENTITY_signature_get_length (sig);
+  if (len < length)
+    return -1;
+  if (length < 0)
+    return -2;
+  GNUNET_memcpy (&(sig->ecdsa_signature), buffer + sizeof (sig->type), length
+                 - sizeof (sig->type));
+  return length;
+}
+
+
+ssize_t
+GNUNET_IDENTITY_write_signature_to_buffer (const struct
+                                           GNUNET_IDENTITY_Signature *sig,
+                                           void*buffer,
+                                           size_t len)
+{
+  const ssize_t length = GNUNET_IDENTITY_signature_get_length (sig);
+  if (len < length)
+    return -1;
+  if (length < 0)
+    return -2;
+  GNUNET_memcpy (buffer, &(sig->type), sizeof (sig->type));
+  GNUNET_memcpy (buffer + sizeof (sig->type), &(sig->ecdsa_signature), length
+                 - sizeof (sig->type));
+  return length;
+}
+
+
+int
+GNUNET_IDENTITY_sign_ (const struct
+                       GNUNET_IDENTITY_PrivateKey *priv,
+                       const struct
+                       GNUNET_CRYPTO_EccSignaturePurpose *purpose,
+                       struct GNUNET_IDENTITY_Signature *sig)
+{
+  sig->type = priv->type;
+  switch (ntohl (priv->type))
+  {
+  case GNUNET_IDENTITY_TYPE_ECDSA:
+    return GNUNET_CRYPTO_ecdsa_sign_ (&(priv->ecdsa_key), purpose,
+                                      &(sig->ecdsa_signature));
+    break;
+  case GNUNET_IDENTITY_TYPE_EDDSA:
+    return GNUNET_CRYPTO_eddsa_sign_ (&(priv->eddsa_key), purpose,
+                                      &(sig->eddsa_signature));
+    break;
+  default:
+    GNUNET_break (0);
+  }
+
+  return GNUNET_SYSERR;
+}
+
+
+int
+GNUNET_IDENTITY_signature_verify_ (uint32_t purpose,
+                                   const struct
+                                   GNUNET_CRYPTO_EccSignaturePurpose *validate,
+                                   const struct GNUNET_IDENTITY_Signature *sig,
+                                   const struct GNUNET_IDENTITY_PublicKey *pub)
+{
+  /* check type matching of 'sig' and 'pub' */
+  GNUNET_assert (ntohl (pub->type) == ntohl (sig->type));
+  switch (ntohl (pub->type))
+  {
+  case GNUNET_IDENTITY_TYPE_ECDSA:
+    return GNUNET_CRYPTO_ecdsa_verify_ (purpose, validate,
+                                        &(sig->ecdsa_signature),
+                                        &(pub->ecdsa_key));
+    break;
+  case GNUNET_IDENTITY_TYPE_EDDSA:
+    return GNUNET_CRYPTO_eddsa_verify_ (purpose, validate,
+                                        &(sig->eddsa_signature),
+                                        &(pub->eddsa_key));
+    break;
+  default:
+    GNUNET_break (0);
+  }
+
+  return GNUNET_SYSERR;
+}
+
+
+ssize_t
+GNUNET_IDENTITY_encrypt (const void *block,
+                         size_t size,
+                         const struct GNUNET_IDENTITY_PublicKey *pub,
+                         struct GNUNET_CRYPTO_EcdhePublicKey *ecc,
+                         void *result)
+{
+  struct GNUNET_CRYPTO_EcdhePrivateKey pk;
+  GNUNET_CRYPTO_ecdhe_key_create (&pk);
+  struct GNUNET_HashCode hash;
+  switch (ntohl (pub->type))
+  {
+  case GNUNET_IDENTITY_TYPE_ECDSA:
+    if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdh_ecdsa (&pk, &(pub->ecdsa_key),
+                                                   &hash))
+      return -1;
+    break;
+  case GNUNET_IDENTITY_TYPE_EDDSA:
+    if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdh_eddsa (&pk, &(pub->eddsa_key),
+                                                   &hash))
+      return -1;
+    break;
+  default:
+    return -1;
+  }
+  GNUNET_CRYPTO_ecdhe_key_get_public (&pk, ecc);
+  GNUNET_CRYPTO_ecdhe_key_clear (&pk);
+  struct GNUNET_CRYPTO_SymmetricSessionKey key;
+  struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
+  GNUNET_CRYPTO_hash_to_aes_key (&hash, &key, &iv);
+  GNUNET_CRYPTO_zero_keys (&hash, sizeof(hash));
+  const ssize_t encrypted = GNUNET_CRYPTO_symmetric_encrypt (block, size, &key,
+                                                             &iv, result);
+  GNUNET_CRYPTO_zero_keys (&key, sizeof(key));
+  GNUNET_CRYPTO_zero_keys (&iv, sizeof(iv));
+  return encrypted;
+}
+
+
+ssize_t
+GNUNET_IDENTITY_decrypt (const void *block,
+                         size_t size,
+                         const struct GNUNET_IDENTITY_PrivateKey *priv,
+                         const struct GNUNET_CRYPTO_EcdhePublicKey *ecc,
+                         void *result)
+{
+  struct GNUNET_HashCode hash;
+  switch (ntohl (priv->type))
+  {
+  case GNUNET_IDENTITY_TYPE_ECDSA:
+    if (GNUNET_SYSERR == GNUNET_CRYPTO_ecdsa_ecdh (&(priv->ecdsa_key), ecc,
+                                                   &hash))
+      return -1;
+    break;
+  case GNUNET_IDENTITY_TYPE_EDDSA:
+    if (GNUNET_SYSERR == GNUNET_CRYPTO_eddsa_ecdh (&(priv->eddsa_key), ecc,
+                                                   &hash))
+      return -1;
+    break;
+  default:
+    return -1;
+  }
+  struct GNUNET_CRYPTO_SymmetricSessionKey key;
+  struct GNUNET_CRYPTO_SymmetricInitializationVector iv;
+  GNUNET_CRYPTO_hash_to_aes_key (&hash, &key, &iv);
+  GNUNET_CRYPTO_zero_keys (&hash, sizeof(hash));
+  const ssize_t decrypted = GNUNET_CRYPTO_symmetric_decrypt (block, size, &key,
+                                                             &iv, result);
+  GNUNET_CRYPTO_zero_keys (&key, sizeof(key));
+  GNUNET_CRYPTO_zero_keys (&iv, sizeof(iv));
+  return decrypted;
+}
+
+
+char *
+GNUNET_IDENTITY_public_key_to_string (const struct
+                                      GNUNET_IDENTITY_PublicKey *key)
+{
+  size_t size = GNUNET_IDENTITY_key_get_length (key);
+  return GNUNET_STRINGS_data_to_string_alloc (key,
+                                              size);
+}
+
+
+char *
+GNUNET_IDENTITY_private_key_to_string (const struct
+                                       GNUNET_IDENTITY_PrivateKey *key)
+{
+  size_t size = private_key_get_length (key);
+  return GNUNET_STRINGS_data_to_string_alloc (key,
+                                              size);
+}
+
+
+enum GNUNET_GenericReturnValue
+GNUNET_IDENTITY_public_key_from_string (const char *str,
+                                        struct GNUNET_IDENTITY_PublicKey *key)
+{
+  enum GNUNET_GenericReturnValue ret;
+  enum GNUNET_IDENTITY_KeyType ktype;
+  ret = GNUNET_STRINGS_string_to_data (str,
+                                       strlen (str),
+                                       key,
+                                       sizeof (*key));
+  if (GNUNET_OK != ret)
+    return GNUNET_SYSERR;
+  ktype = ntohl (key->type);
+  return (GNUNET_IDENTITY_TYPE_ECDSA == ktype) ? GNUNET_OK : GNUNET_SYSERR; // FIXME other keys, cleaner way?
+
+}
+
+
+enum GNUNET_GenericReturnValue
+GNUNET_IDENTITY_private_key_from_string (const char *str,
+                                         struct GNUNET_IDENTITY_PrivateKey *key)
+{
+  enum GNUNET_GenericReturnValue ret;
+  enum GNUNET_IDENTITY_KeyType ktype;
+  ret = GNUNET_STRINGS_string_to_data (str,
+                                       strlen (str),
+                                       key,
+                                       sizeof (*key));
+  if (GNUNET_OK != ret)
+    return GNUNET_SYSERR;
+  ktype = ntohl (key->type);
+  return (GNUNET_IDENTITY_TYPE_ECDSA == ktype) ? GNUNET_OK : GNUNET_SYSERR; // FIXME other keys, cleaner way?
+}
+
+
 /* end of identity_api.c */
diff --git a/src/identity/identity_api_lookup.c b/src/identity/identity_api_lookup.c
index 26b1eacd7..51afb2515 100644
--- a/src/identity/identity_api_lookup.c
+++ b/src/identity/identity_api_lookup.c
@@ -127,14 +127,12 @@ handle_identity_update (void *cls, const struct UpdateMessage *um)
   struct GNUNET_IDENTITY_EgoLookup *el = cls;
   uint16_t name_len = ntohs (um->name_len);
   const char *str = (0 == name_len) ? NULL : (const char *) &um[1];
-  struct GNUNET_CRYPTO_EcdsaPublicKey pub;
   struct GNUNET_HashCode id;
   struct GNUNET_IDENTITY_Ego ego;
   memset (&ego, 0, sizeof (ego));
 
   GNUNET_break (GNUNET_YES != ntohs (um->end_of_list));
-  GNUNET_CRYPTO_ecdsa_key_get_public (&um->private_key, &pub);
-  GNUNET_CRYPTO_hash (&pub, sizeof(pub), &id);
+  GNUNET_CRYPTO_hash (&um->private_key, sizeof(um->private_key), &id);
   ego.pk = um->private_key;
   ego.name = (char *) str;
   ego.id = id;
diff --git a/src/identity/plugin_rest_identity.c b/src/identity/plugin_rest_identity.c
index d86d29e36..dba1d478d 100644
--- a/src/identity/plugin_rest_identity.c
+++ b/src/identity/plugin_rest_identity.c
@@ -384,7 +384,7 @@ ego_get_for_subsystem (void *cls,
 {
   struct RequestHandle *handle = cls;
   struct MHD_Response *resp;
-  struct GNUNET_CRYPTO_EcdsaPublicKey public_key;
+  struct GNUNET_IDENTITY_PublicKey public_key;
   json_t *json_root;
   char *result_str;
   char *public_key_string;
@@ -398,7 +398,7 @@ ego_get_for_subsystem (void *cls,
   }
 
   GNUNET_IDENTITY_ego_get_public_key (ego, &public_key);
-  public_key_string = GNUNET_CRYPTO_ecdsa_public_key_to_string (&public_key);
+  public_key_string = GNUNET_IDENTITY_public_key_to_string (&public_key);
 
   // create json with subsystem identity
   json_root = json_object ();
@@ -496,7 +496,7 @@ ego_get_all (struct GNUNET_REST_RequestHandle *con_handle,
         GNUNET_CONTAINER_multihashmap_contains (
           handle->rest_handle->url_param_map, &key))
     {
-      privkey_str = GNUNET_CRYPTO_ecdsa_private_key_to_string (
+      privkey_str = GNUNET_IDENTITY_private_key_to_string (
         GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego));
       json_object_set_new (json_ego,
                            GNUNET_REST_IDENTITY_PARAM_PRIVKEY,
@@ -549,7 +549,7 @@ ego_get_response (struct RequestHandle *handle, struct EgoEntry *ego_entry)
       GNUNET_CONTAINER_multihashmap_contains (
         handle->rest_handle->url_param_map, &key))
   {
-    privkey_str = GNUNET_CRYPTO_ecdsa_private_key_to_string (
+    privkey_str = GNUNET_IDENTITY_private_key_to_string (
       GNUNET_IDENTITY_ego_get_private_key (ego_entry->ego));
     json_object_set_new (json_ego,
                          GNUNET_REST_IDENTITY_PARAM_PRIVKEY,
@@ -686,7 +686,7 @@ do_finished (void *cls, const char *emsg)
  */
 static void
 do_finished_create (void *cls,
-                    const struct GNUNET_CRYPTO_EcdsaPrivateKey *pk,
+                    const struct GNUNET_IDENTITY_PrivateKey *pk,
                     const char *emsg)
 {
   struct RequestHandle *handle = cls;
@@ -999,8 +999,8 @@ ego_create (struct GNUNET_REST_RequestHandle *con_handle,
   json_error_t err;
   char *egoname;
   char *privkey;
-  struct GNUNET_CRYPTO_EcdsaPrivateKey pk;
-  struct GNUNET_CRYPTO_EcdsaPrivateKey *pk_ptr;
+  struct GNUNET_IDENTITY_PrivateKey pk;
+  struct GNUNET_IDENTITY_PrivateKey *pk_ptr;
   int json_unpack_state;
   char term_data[handle->data_size + 1];
 
@@ -1074,7 +1074,7 @@ ego_create (struct GNUNET_REST_RequestHandle *con_handle,
                                    strlen (privkey),
                                    &pk,
                                    sizeof(struct
-                                          GNUNET_CRYPTO_EcdsaPrivateKey));
+                                          GNUNET_IDENTITY_PrivateKey));
     pk_ptr = &pk;
   }
   else
@@ -1084,6 +1084,7 @@ ego_create (struct GNUNET_REST_RequestHandle *con_handle,
   handle->op = GNUNET_IDENTITY_create (identity_handle,
                                        handle->name,
                                        pk_ptr,
+                                       GNUNET_IDENTITY_TYPE_ECDSA,
                                        &do_finished_create,
                                        handle);
 }
@@ -1208,7 +1209,7 @@ list_ego (void *cls,
           const char *identifier)
 {
   struct EgoEntry *ego_entry;
-  struct GNUNET_CRYPTO_EcdsaPublicKey pk;
+  struct GNUNET_IDENTITY_PublicKey pk;
 
   if ((NULL == ego) && (ID_REST_STATE_INIT == state))
   {
@@ -1219,7 +1220,7 @@ list_ego (void *cls,
   {
     ego_entry = GNUNET_new (struct EgoEntry);
     GNUNET_IDENTITY_ego_get_public_key (ego, &pk);
-    ego_entry->keystring = GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk);
+    ego_entry->keystring = GNUNET_IDENTITY_public_key_to_string (&pk);
     ego_entry->ego = ego;
     ego_entry->identifier = GNUNET_strdup (identifier);
     GNUNET_CONTAINER_DLL_insert_tail (ego_head,
@@ -1245,7 +1246,7 @@ list_ego (void *cls,
       /* Add */
       ego_entry = GNUNET_new (struct EgoEntry);
       GNUNET_IDENTITY_ego_get_public_key (ego, &pk);
-      ego_entry->keystring = GNUNET_CRYPTO_ecdsa_public_key_to_string (&pk);
+      ego_entry->keystring = GNUNET_IDENTITY_public_key_to_string (&pk);
       ego_entry->ego = ego;
       ego_entry->identifier = GNUNET_strdup (identifier);
       GNUNET_CONTAINER_DLL_insert_tail (ego_head,
diff --git a/src/identity/test_identity.c b/src/identity/test_identity.c
index 37eeab238..4954fe7be 100644
--- a/src/identity/test_identity.c
+++ b/src/identity/test_identity.c
@@ -253,7 +253,7 @@ success_rename_cont (void *cls, const char *emsg)
  */
 static void
 create_cb (void *cls,
-           const struct GNUNET_CRYPTO_EcdsaPrivateKey *pk,
+           const struct GNUNET_IDENTITY_PrivateKey *pk,
            const char *emsg)
 {
   CHECK (NULL != pk);
@@ -279,7 +279,11 @@ run (void *cls,
   GNUNET_SCHEDULER_add_shutdown (&cleanup, NULL);
   h = GNUNET_IDENTITY_connect (cfg, &notification_cb, NULL);
   CHECK (NULL != h);
-  op = GNUNET_IDENTITY_create (h, "test-id", NULL, &create_cb, NULL);
+  op = GNUNET_IDENTITY_create (h,
+                               "test-id",
+                               NULL,
+                               GNUNET_IDENTITY_TYPE_ECDSA,
+                               &create_cb, NULL);
 }
 
 
diff --git a/src/identity/test_identity_defaults.c b/src/identity/test_identity_defaults.c
index 53eec1252..2d5244d1b 100644
--- a/src/identity/test_identity_defaults.c
+++ b/src/identity/test_identity_defaults.c
@@ -241,7 +241,7 @@ notification_cb (void *cls,
  */
 static void
 create_cb (void *cls,
-           const struct GNUNET_CRYPTO_EcdsaPrivateKey *pk,
+           const struct GNUNET_IDENTITY_PrivateKey *pk,
            const char *emsg)
 {
   CHECK (NULL == emsg);
@@ -266,7 +266,11 @@ run_set (void *cls,
   GNUNET_SCHEDULER_add_shutdown (&cleanup, NULL);
   h = GNUNET_IDENTITY_connect (cfg, &notification_cb, NULL);
   CHECK (NULL != h);
-  op = GNUNET_IDENTITY_create (h, "test-id", NULL, &create_cb, NULL);
+  op = GNUNET_IDENTITY_create (h,
+                               "test-id",
+                               NULL,
+                               GNUNET_IDENTITY_TYPE_ECDSA,
+                               &create_cb, NULL);
 }