Hi,

as far as I know it should be possible to get the public key from a private one.
Unfortunatly I'm not feeling confident enough to code this by myself.

So maybe someone could do this? Consider this a feature request 😄

Here are two examples how this is done by @floodyberry and @jedisct1
https://github.com/floodyberry/ed25519-donna/blob/master/ed25519.c#L45
https://github.com/jedisct1/libsodium/blob/master/src/libsodium/crypto_sign/ed25519/sign_ed25519_api.c#L34

And heres more informations about this:
http://blog.mozilla.org/warner/2011/11/29/ed25519-keys/
http://crypto.stackexchange.com/questions/9410/ed25519-choice-of-private-key-implementation

There are different ways to store a Ed25519 private key. The seed gets hashed to get the private key, and then the private key gets multiplied by the Ed25519 curve basepoint to get the public key. You can store the seed and hash it everytime you need the private key, or just store the result of the hash. My library does the latter, as this saves a bit of performance on every operation. This means that it's impossible to get the seed back from the private or public key.

Also interesting is that Ed25519 also requires the public key while signing. Some libraries hide this by concatenating the public key and the private key/seed and calling that result the private key. I don't, and require you to pass both the public key and private key to the sign operation.

So to answer your issue:

It's impossible to get the seed from the private key. To turn a private key (which is the hashed seed) into a public key, look into ed25519_create_keypair and remove the hashing code.

#include "ge.h"

void ed25519_get_pubkey(unsigned char *public_key, const unsigned char *private_key) {
    ge_p3 A;

    ge_scalarmult_base(&A, private_key);
    ge_p3_tobytes(public_key, &A);
}

Hi @nightcracker !
Thanks a lot 😄 That was exactly what I was looking for.