You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
As a side note, RSA keys are "forge" keys with sign, verify and other methods, while ED25519 are just regular Uint8Array/Buffer. I found this strange and it will actually complicate the implementation of pki functions related to pem.
The text was updated successfully, but these errors were encountered:
satazor
changed the title
Support ED25519 in PKCS8
Support ED25519 in PKCS8 (pem)
Mar 16, 2019
Hi, I've forked PR 851 to my own repository. I can successfully build EdDsa25519 CSRs, sign certificates and save private keys to PEM (encrypted or not). I hacked my way through all of it though, and yes that includes the SubjectPublicKeyInfo.
This all works with openssl 1.1.1f. I'm using these cert chains successfully on RabbitMQ, nginx and MongoDB for client authentication. But this is all proof of concept. Comments welcome. Looking forward to hardening and merging this code once PR 851 is resolved.
Note: This is not all that well integrated into pki (x509.js). Check operations in the file ed25519.js if you want to try it out (like loading, saving Ed25519 PEMs). I'd need some help/ideas on how to properly integrate into the pki module.
Support for
ED25519
keys were added recently but I can't export/import to/from PKCS8 pem files.The
PrivateKeyInfo
for elliptic curves is defined in https://tools.ietf.org/html/rfc5915 but a new version (v2) is defined in https://tools.ietf.org/html/rfc5958#section-2. The ecosystem is using thePrivateKeyInfo
v2 to expressED25519
pem keys. More info about their identifiers here: https://tools.ietf.org/html/draft-ietf-curdle-pkix-04.As a side note,
RSA
keys are "forge" keys withsign
,verify
and other methods, whileED25519
are just regular Uint8Array/Buffer. I found this strange and it will actually complicate the implementation ofpki
functions related to pem.The text was updated successfully, but these errors were encountered: