[openssl-users] EDDSA test results

Robert Moskowitz rgm at htt-consult.com
Fri Aug 10 20:44:26 UTC 2018

I have followed the procedure I made for ECDSA certs in:

draft-moskowitz-ecdsa-pki (an update is pending on typos I encountered 
in this run through)

But making ED25519 certs instead.

Other than obvious changes (e.g. -algorithm ed25519) and hash 
specification, I was successful.

My testing was done on a Fedora-armhfp-28-beta system providing openssl:

OpenSSL 1.1.1-pre8 (beta) FIPS 20 Jun 2018

I am going to assume that PR6901 will go into the next beta and I can 
drop the '-md null' from some command lines and do not have to make 
special .cnf files without md_default lines.

I will test this on the next beta to be sure (trust, but verify!)

Remaining to do:

Using the tree command, here are some certificate size comparisons

                       ECDSA     ED25519

Root cert               826         737

Intermedicate CA cert   806         721

Client cert             944         834

Server cert            1086         971

thank you for making ED25519 available!

More information about the openssl-users mailing list