Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Unable to deal with ed25519 pk #81

Open
xxorax opened this issue Feb 16, 2022 · 3 comments
Open

Unable to deal with ed25519 pk #81

xxorax opened this issue Feb 16, 2022 · 3 comments

Comments

@xxorax
Copy link

xxorax commented Feb 16, 2022

I'm desperatly trying to handle EdDSA / ed25519 private key in any library.
Most of them accept only PKCS8 format, while sshpk handle only PKCS1

Even node crypto can't import it :

const crypto = require('crypto')
const sshpk = require('sshpk')

const privkey = sshpk.generatePrivateKey('ed25519')

privkey.toBuffer('pkcs8')
// Error: Ed25519 private keys in pkcs8 format are not supported

const privkeyObj = crypto.createPrivateKey({
  key: privkey.toBuffer('pem'),
  format: 'pem',
})
// Error: error:0909006C:PEM routines:get_name:no start line

const privkeyObj = crypto.createPrivateKey({
  key: privkey.toBuffer('pkcs1'),
  format: 'der',
  type: 'pkcs1'
})
// Error: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag

Tried on node v12, v16, v17.

Thanks for help

@xxorax
Copy link
Author

xxorax commented May 25, 2022

I was able to export generated ed25519 key to pkcs8 using the ssh2 lib :

const ssh2 = require('ssh2')
const sshpk = require('sshpk')

const pkcs8 = ssh2.utils.parseKey(
      sshpk.generatePrivateKey('ed25519').toString('ssh')
).getPrivatePEM()

Also working with ecdsa key. ecdsa need more gymnastic :

sshpk.parsePrivateKey(
  ssh2.utils.parseKey(sshpk.generatePrivateKey('ecdsa').toString('ssh')).getPrivatePEM(),
  'pem'
).toString('pkcs8')

Hard to fond... It would be more convenient to have such function here.

Thanks !

@arekinath
Copy link
Contributor

This was missing because the support for Ed25519 in PEM in sshpk was written before RFC8410 had been finalised. There's a few little fixes that have to go into the way it's generating and parsing these before it can be enabled, but they're easy enough to do.

With ECDSA, you should just be able to do sshpk.generatePrivateKey('ecdsa').toString('pkcs8'); -- I'm not sure why you're converting it to ssh format and then back again?

@bahamat bahamat linked a pull request May 30, 2022 that will close this issue
@xxorax
Copy link
Author

xxorax commented Sep 7, 2022

With ECDSA, you should just be able to do sshpk.generatePrivateKey('ecdsa').toString('pkcs8'); -- I'm not sure why you're converting it to ssh format and then back again?

True, and after re-rechecking, sometime there is differences 👀

The folliwng will print "test" for each pass, and will stop once pkcs8 are differents

const ssh2 = require('ssh2')
const sshpk = require('sshpk')

const test = function () {
  console.log('test')
  const privkey = sshpk.generatePrivateKey('ecdsa')

  const pkcs8 = sshpk.parsePrivateKey(
    ssh2.utils.parseKey(privkey.toString('ssh')).getPrivatePEM(),
    'pem'
  ).toString('pkcs8')

  if ( pkcs8 !== privkey.toString('pkcs8') ) {
    console.log(pkcs8)
    console.log(privkey.toString('pkcs8'))
    return false
  }
  return true
}

while(test());

Tested on node v12, v16, and v17, also tried on an other cpu. I make some stats, at the end I got ~50% of errors.

On my side I send the pkcs8 to jose.importPKCS8 , and my tests pass 100% of time with the weird convertion I mentionned before.

??? ☁️

Thanks !

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants