Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support ED25519 in PKCS8 (pem) #667

Open
satazor opened this issue Mar 16, 2019 · 1 comment
Open

Support ED25519 in PKCS8 (pem) #667

satazor opened this issue Mar 16, 2019 · 1 comment

Comments

@satazor
Copy link

satazor commented Mar 16, 2019

Support for ED25519 keys were added recently but I can't export/import to/from PKCS8 pem files.

The PrivateKeyInfo for elliptic curves is defined in https://tools.ietf.org/html/rfc5915 but a new version (v2) is defined in https://tools.ietf.org/html/rfc5958#section-2. The ecosystem is using the PrivateKeyInfo v2 to express ED25519 pem keys. More info about their identifiers here: https://tools.ietf.org/html/draft-ietf-curdle-pkix-04.


As a side note, RSA keys are "forge" keys with sign, verify and other methods, while ED25519 are just regular Uint8Array/Buffer. I found this strange and it will actually complicate the implementation of pki functions related to pem.

@dugrema
Copy link

dugrema commented Jan 19, 2022

Hi, I've forked PR 851 to my own repository. I can successfully build EdDsa25519 CSRs, sign certificates and save private keys to PEM (encrypted or not). I hacked my way through all of it though, and yes that includes the SubjectPublicKeyInfo.

This all works with openssl 1.1.1f. I'm using these cert chains successfully on RabbitMQ, nginx and MongoDB for client authentication. But this is all proof of concept. Comments welcome. Looking forward to hardening and merging this code once PR 851 is resolved.

My fork : https://github.com/dugrema/forge/tree/ed25519

Note: This is not all that well integrated into pki (x509.js). Check operations in the file ed25519.js if you want to try it out (like loading, saving Ed25519 PEMs). I'd need some help/ideas on how to properly integrate into the pki module.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants