Convert eddsa public key fro PEM to DER

Robert Moskowitz rgm at
Wed Aug 14 12:21:03 UTC 2019

On 8/14/19 6:22 AM, Matt Caswell wrote:
> On 14/08/2019 11:06, Robert Moskowitz wrote:
>> I googled how to convert a PEM public key to DER and only found examples for RSA
>> keys.  Mine are ed25519.  I thought it would be a simple algorithm substitution:
>> $ openssl ed25519 -pubin -inform PEM -in $dir/private/intermediate.key.pem\
>>>    -outform DER -out $dir/private/intermediate.key.der
>> Invalid command 'ed25519'; type "help" for a list.
>> So since my other commands use -algorithm, I tried:
>> $ openssl -algorithm $algorithm -pubin -inform PEM -in
>> $dir/private/intermediate.key.pem\
>>>    -outform DER -out $dir/private/intermediate.key.der
>> Invalid command '-algorithm'; type "help" for a list.
>> So what is the command to convert an ed25519 public key from DER to PEM.  The
>> command I used to create the key was:
>>     openssl genpkey -aes256 -algorithm ed25519\
>>         -outform pem -out $dir/private/intermediate.key.pem
> Firstly, that command creates a private key not a public key.

The what does the following say:

$    openssl pkey -inform $format\
 >        -in $dir/private/intermediate.key.pem -text -noout
Enter pass phrase for 
ED25519 Private-Key:

> So if you want to convert the above *private* key into DER then:
> openssl pkey -in ed25519.pem -out ed25519.der -outform DER
> If on the other hand you want to read the above *private* key and output the
> associated *public* key in DER then:
> openssl pkey -in ed25519.pem -out ed25519-pub.der -outform DER -pubout

Yes. thanks.  That works.

> Matt

More information about the openssl-users mailing list