January 3, 2026

Crypto, but make it chaotic

Article URL →HN comments →

Ed25519-CLI – command-line interface for the Ed25519 signature system

New crypto CLI drops, community roasts weird file numbers and asks: why not OpenSSH

TLDR: Ed25519-CLI brings simple signing and verification to the command line. Commenters love the idea but slam the confusing file-number dance, argue OpenSSH already covers the job, and crack malware jokes—calling the design a risky “footgun” that needs clearer, safer choices for everyday users.

A new command-line tool for Ed25519 signatures landed, promising simple key generation, signing, and verification—but the crowd isn’t swooning over the interface. The star of the drama? Those quirky numbered file doors (aka descriptors): public key on 5, secret key on 9, then later secret key on 8, public key on 4. One commenter called it “zany” and begged for consistency, while another sighed that exit codes are clear but usability isn’t. The tool even returns a special code 100 for invalid signatures, which the community appreciates, yet still side-eyes the UX.

Meanwhile, the debate turned spicy: why use this at all when OpenSSH—the popular secure shell tool—already covers most crypto chores? Cue the meme parade: “Why not Zoidberg? I mean, why not OpenSSH?” Others hammered the design as a weird, footgun-shaped middle ground, implying it’s too easy to misuse. Security panic made an appearance, with someone joking it’s a perfect spot to hide credential-stealing malware and snarking about not using mainstream code-hosting. Fans defend the minimal, script-friendly vibe, but the vibe check is clear: the community wants consistency, transparency, and fewer ways to shoot themselves in the foot. And they want fewer surprises than a numbered scavenger hunt today.

Key Points

  • lib25519 implements X25519 (encryption) and Ed25519 (signature) systems, with ed25519-cli providing three Ed25519 tools.
  • ed25519-keypair generates a secret/public key pair, writing the public key to fd 5 and the secret key to fd 9.
  • ed25519-sign reads the secret key from fd 8, reads a message from stdin, signs it, and writes the signed message to stdout.
  • ed25519-open reads the public key from fd 4, verifies a signed message from stdin, and outputs the verified message; exit code 100 indicates invalid signature.
  • All tools exit 0 on success and nonzero on failure, facilitating shell scripting; related X25519 tools are documented separately.

Hottest takes

"zany use of numbered file descriptors... Why aren’t they the same??" — alexjurkiewicz
"Why not open ssh?" — why-o-why
"Sounds like the perfect place to embed credential stealing malware" — mrbluecoat

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.