Convert eddsa public key fro PEM to DER

Matt Caswell matt at openssl.org
Wed Aug 14 12:42:39 UTC 2019 


On 14/08/2019 13:21, Robert Moskowitz wrote:
> 
> 
> On 8/14/19 6:22 AM, Matt Caswell wrote:
>>
>> On 14/08/2019 11:06, Robert Moskowitz wrote:
>>> I googled how to convert a PEM public key to DER and only found examples for RSA
>>> keys.  Mine are ed25519.  I thought it would be a simple algorithm substitution:
>>>
>>> $ openssl ed25519 -pubin -inform PEM -in $dir/private/intermediate.key.pem\
>>>>    -outform DER -out $dir/private/intermediate.key.der
>>> Invalid command 'ed25519'; type "help" for a list.
>>>
>>> So since my other commands use -algorithm, I tried:
>>>
>>> $ openssl -algorithm $algorithm -pubin -inform PEM -in
>>> $dir/private/intermediate.key.pem\
>>>>    -outform DER -out $dir/private/intermediate.key.der
>>> Invalid command '-algorithm'; type "help" for a list.
>>>
>>> So what is the command to convert an ed25519 public key from DER to PEM.  The
>>> command I used to create the key was:
>>>
>>>     openssl genpkey -aes256 -algorithm ed25519\
>>>         -outform pem -out $dir/private/intermediate.key.pem
>> Firstly, that command creates a private key not a public key.
> 
> The what does the following say:
> 
> $    openssl pkey -inform $format\
>>        -in $dir/private/intermediate.key.pem -text -noout
> Enter pass phrase for /home/rgm/uasca/intermediate/private/intermediate.key.pem:
> ED25519 Private-Key:
> priv:

It says in the two lines above that you have a private key. Every private key
implicitly has an associated public key with it (which is also shown below). But
the combined set is private, because it contains private data. By contrast if
you just have a public key then there is no private portion and so the whole key
is public.

Matt



>     70:71:84:2b:81:e8:78:cb:6b:9c:97:28:92:7f:72:
>     16:0a:40:fd:7b:38:e6:71:f7:2e:ad:2d:19:8e:e6:
>     cf:58
> pub:
>     a4:de:b3:3c:b7:bd:12:5b:1a:e5:ac:58:76:15:7e:
>     e8:98:2c:87:57:8b:c4:5b:98:33:d5:41:b5:e2:a4:
>     54:db
> 
> 
>>
>> So if you want to convert the above *private* key into DER then:
>>
>> openssl pkey -in ed25519.pem -out ed25519.der -outform DER
>>
>> If on the other hand you want to read the above *private* key and output the
>> associated *public* key in DER then:
>>
>> openssl pkey -in ed25519.pem -out ed25519-pub.der -outform DER -pubout
> 
> Yes. thanks.  That works.
> 
>>
>> Matt
>>
>>
>

More information about the openssl-users mailing list