[openssl-users] ed25519 key generation
Jeremy Harris
jgh at wizmail.org
Mon Mar 26 08:31:16 UTC 2018
On 26/03/18 06:13, Viktor Dukhovni wrote:
>> On Mar 25, 2018, at 7:46 AM, Jeremy Harris <jgh at wizmail.org> wrote:
>>
>>> Not sure what format DKIM wants the key in, but if it is SKPI
>>> in base64 form
>>
>> It is not. The _raw_ pubkey, base64'd is what is wanted.
>> No ASN.1 wrapping; that's why I said "raw".
>
> I'm afraid you're wrong about that:
>
> $ dig +noall +ans +nocl +nottl +nosplit -t txt 20161025._domainkey.gmail.com
> 20161025._domainkey.gmail.com. TXT "k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAviPGBk4ZB64UfSqWyAicdR7lodhytae+EYRQVtKDhM+1mXjEqRtP/pDT3sBhazkmA48n2k5NJUyMEoO8nc2r6sUA+/Dom5jRBZp6qDKJOwjJ5R/OpHamlRG+YRJQqR" "tqEgSiJWG7h7efGYWmh4URhFM9k9+rmG/CwCgwx7Et+c8OMlngaLl04/bPmfpjdEyLWyNimk761CX6KymzYiRDNz1MOJOJ7OzFaS4PFbVLn0m5mf0HVNtBpPwWuCNvaFVflUYxEyblbB6h/oWOPGbzoSgtRA47SHV53SwZjIsVpbq4LxUW9IxAEwYzGcSgZ4n5Q8X8TndowsDUzoccPFGhdwIDAQAB"
>
> $ printf "MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAviPGBk4ZB64UfSqWyAicdR7lodhytae+EYRQVtKDhM+1mXjEqRtP/pDT3sBhazkmA48n2k5NJUyMEoO8nc2r6sUA+/Dom5jRBZp6qDKJOwjJ5R/OpHamlRG+YRJQqRtqEgSiJWG7h7efGYWmh4URhFM9k9+rmG/CwCgwx7Et+c8OMlngaLl04/bPmfpjdEyLWyNimk761CX6KymzYiRDNz1MOJOJ7OzFaS4PFbVLn0m5mf0HVNtBpPwWuCNvaFVflUYxEyblbB6h/oWOPGbzoSgtRA47SHV53SwZjIsVpbq4LxUW9IxAEwYzGcSgZ4n5Q8X8TndowsDUzoccPFGhdwIDAQAB" | openssl base64 -A -d | openssl asn1parse -inform DER
> 0:d=0 hl=4 l= 290 cons: SEQUENCE
> 4:d=1 hl=2 l= 13 cons: SEQUENCE
> 6:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption
> 17:d=2 hl=2 l= 0 prim: NULL
> 19:d=1 hl=4 l= 271 prim: BIT STRING
>
> That's an ASN1 encoding of X.509 SPKI object. Which is
> not surprising, even for RSA one must still encode the
> modulus and exponent somehow, and other algorithms might
> have parameters... So ASN.1 it is.
That is an RSA key. We're talking about Ed25519 keys.
--
Jeremy
More information about the openssl-users
mailing list