Which key-pair type to use in libsodium? What are the different capabilities of each?

Question

I want to use a suitable libsodium keypair as user identity but I don't know yet what cryptography features I'll provide.

There seems to be 3 types of keypair generation in libsodium:

crypto_box_keypair()
crypto_kx_keypair()
crypto_sign_keypair()

Also, there seems to be 3 types of keys:

// Source: https://github.com/DefinitelyTyped/DefinitelyTyped/blob/master/types/libsodium-wrappers/index.d.ts
export type KeyType = 'curve25519' | 'ed25519' | 'x25519';

I don't know which key-type corresponds to which key-pair generation function, or if they correspond at all.

So, the questions:

1. Each key-pair is designed to be used with some functions (e.g., crypto_box_keypair() with crypto_box_easy()). What is the compatibility matrix between the keypair types & the cryptographic functions/capabilities?
2. If there's a key-type that can be used with all functions, which one is it?

Answer 1

If you want to create a key pair for the box operation, use crypto_box_keypair().

If you need a key pair for signing, use crypto_sign_keypair().

If you need a key pair for key exchange, use crypto_kx_keypair().

A key for one operation is not guaranteed to be usable for a different operation. And a good hygiene in cryptography is to never use a key for two different purposes.

If you need to derive both a key pair for key exchange and for signing, you can use crypto_kx_seed_keypair() and crypto_sign_ed25519_seed_keypair() for this. The box operation also provides crypto_box_seed_keypair().

These functions deterministically derive a key pair from a seed. That seed can be considered your actual secret key, from which you can compute different types of key pairs.