Yeah, netpgpverify is the new, all-in-one, no pre-reqs codebase solely for the verification part of signatures.
ed25519 also needs to be added to netpgp, which is the older and more crufty code base which covers signing and verification.
So, as netpgpverify is the new code base for verification part, netpgp will be used for only the signing part or for both as it used to do?
But before any code is touched, we'd need to know what gpg constants uses for these algorithms, since they're not in RFC 4880, and so we can interoperate with gpg in verifying and signing.
We can get the ed25519 specifications from RFC8023 and see for the constants but I have a doubt as to what are these constants that you referred?
We need to know what extra parts are needed (from different sources, along with their licences), and any other prereqs we might need for both netpgpverify and netpgp.
I am not able to get what do you mean by extra parts and prereqs, can you explain, please?
And we need to know tests for making sure that the implementation is correct, and for auditing, including a walk-through to make sure that any keys are discarded in a safe manner.
Yes, sure.
And rest assured that your implementation will be used, since pkgsrc uses netpgpverify to verify signatures on signed packages - see how Joyent have done this.
But there, I've just written a big part of your proposal for you :)
Yes, thanks :D :)