questions on using ed25519

Viktor Dukhovni openssl-users at dukhovni.org
Tue Apr 21 17:34:30 UTC 2020


On Tue, Apr 21, 2020 at 05:48:19PM +0800, yang berlin wrote:

> I want to use ed25519 in openssl.

Why?  What actual real-world purpose do you have for ed25519?

> The problem I met is: I can use "speed ed25519" to test the speed of
> ed25519, but when I use "dgst -ed25519", it tells me that "dgst:
> Unrecognized flag Ed25519".

That's because "ed25519" is not a digest algorithm, it is a public key
algorithm.  You can use it to sign messages, but not to compute message
digests.

> So could you please help me to learn how to use ed25519 correctly?

That question has no answer.  Whether a use of "ed25519" is correct or
incorrect depends on the security protocol in which it is to be used,
and whether that protocol is appropriate to security requirements of
the application using it.

If you're just playing with ed25519, you can generate ed25519 keys with:

    $ openssl genpkey -algorithm ed25519 -out privkey.pem

You can extract just the public key via:

    $ openssl pkey -in privkey.pem -pubout -out pubkey.pem

You can generate an ed25519 self-signed public key certificate with:

    $ openssl req -key privkey.pem -new \
        -x509 -subj "/CN=$(uname -n)" -days 36500 -out pubcert.pem

You can use the key and certificate with s_client, and s_server
via the "-key" and "-cert" arguments.

You can also sign and/or encrypt messages with ed25519 using cms(1),
but you may not be ready to dive into cms.

Low-level public and private key operations are possible via pkeyutl(1).

While the dgst(1) command supports signing message digests with various
public key signature algorithms, ed25519 is not one of these:

       -sign filename
           Digitally sign the digest using the private key in "filename". Note
           this option does not support Ed25519 or Ed448 private keys. Use the
           pkeyutl command instead for this.

See the pkeyutl(1) manpage.

Don't assume that some use of encryption implies any gain in security.
It could be mere security theatre.  For actual security you need to
apply a robust protocol that matches the application's security
requirements.

-- 
    Viktor.


More information about the openssl-users mailing list