how to generate ed25519 cert

[meilihao]

ca-csr.json:

{
  "CN": "TLS CA X3",
  "key": {
    "algo": "ed25519"
  },
  "names": [
    {
      "O": "TLS Group"
    }
  ]
}

generate log:

⋊> ~/t/ed25519 cfssl gencert -initca ca-csr.json | cfssljson -bare ca -
2018/08/27 11:35:12 [INFO] generating a new CA key and certificate from CSR
2018/08/27 11:35:12 [INFO] generate received request
2018/08/27 11:35:12 [INFO] received CSR
2018/08/27 11:35:12 [INFO] generating key: ed25519-256
2018/08/27 11:35:12 [ERROR] failed to process request: {"code":2400,"message":"invalid algorithm"}
{"code":2400,"message":"invalid algorithm"}
Failed to parse input: unexpected end of JSON input

[adbias]

You can only generate ECDSA and RSA keys.

[meilihao]

I found ed25519_cert.pem in boringssl, And openssl 1.1.1 preN openssl x509 -in ed25519_cert.pem -noout -text works.

So cfssl has plan to support it?

[adbias]

Idk, but it would be awesome a PR.

edit: I found a fork with ed25519, you can make a patch if you want the latest CFSSL.
https://github.com/cjpatton/cfssl

edit2: I found a "recent" commit with ed25519, but idk if they are going to implement it for key generation.
6aeb6e3

[cbroglie]

No plans to add support at the moment, but pull requests are welcome