[openssl-users] ed25519 key generation
Matt Caswell
matt at openssl.org
Mon Mar 26 10:46:09 UTC 2018
On 25/03/18 12:46, Jeremy Harris wrote:
> On 25/03/18 02:05, Viktor Dukhovni wrote:
>>> Is there a way yet to get the raw public-key out,
>>> documented or not? As you may guess, this is for DKIM.
>>
>> Not sure what format DKIM wants the key in, but if it is SKPI
>> in base64 form
>
> It is not. The _raw_ pubkey, base64'd is what is wanted.
> No ASN.1 wrapping; that's why I said "raw".
>
I just had the exact same conversation off-list...
To generate an Ed25519 private key:
$ openssl genpkey -algorithm ed25519 -outform PEM -out test25519.pem
OpenSSL does not support outputting only the raw key from the command
line. You *can* get it in SubjectPublicKeyInfo format which, for an
Ed25519 key will always consist of 12 bytes of ASN.1 header followed by
32 bytes of raw key. Therefore to get a base64 encoded raw public key:
$ openssl pkey -outform DER -pubout -in test25519.pem | tail -c +13 |
openssl base64
Matt
More information about the openssl-users
mailing list