questions on using ed25519

Wed Apr 22 08:22:13 UTC 2020

Hello, I checked the pkeyutl manpage, but it says that
-The Ed25519 and Ed448 signature algorithms are not supported by this
utility. They accept non-hashed input, but this utility can only be used to
sign hashed input.
So what command should I use to simply sign or encrypt a message with
ed25519 or x25519? I also checked the cms manpage, if I use this command
the result will be in MIME format.
Besides, I used the speed command and it will test the sign and verify the
speed of ed25519, I just want to know what command will do this sign and
verify operation.

Viktor Dukhovni <openssl-users at dukhovni.org> 于2020年4月22日周三 上午1:35写道：

> On Tue, Apr 21, 2020 at 05:48:19PM +0800, yang berlin wrote:
>
> > I want to use ed25519 in openssl.
>
> Why?  What actual real-world purpose do you have for ed25519?
>
> > The problem I met is: I can use "speed ed25519" to test the speed of
> > ed25519, but when I use "dgst -ed25519", it tells me that "dgst:
> > Unrecognized flag Ed25519".
>
> That's because "ed25519" is not a digest algorithm, it is a public key
> algorithm.  You can use it to sign messages, but not to compute message
> digests.
>
> > So could you please help me to learn how to use ed25519 correctly?
>
> That question has no answer.  Whether a use of "ed25519" is correct or
> incorrect depends on the security protocol in which it is to be used,
> and whether that protocol is appropriate to security requirements of
> the application using it.
>
> If you're just playing with ed25519, you can generate ed25519 keys with:
>
>     $ openssl genpkey -algorithm ed25519 -out privkey.pem
>
> You can extract just the public key via:
>
>     $ openssl pkey -in privkey.pem -pubout -out pubkey.pem
>
> You can generate an ed25519 self-signed public key certificate with:
>
>     $ openssl req -key privkey.pem -new \
>         -x509 -subj "/CN=$(uname -n)" -days 36500 -out pubcert.pem
>
> You can use the key and certificate with s_client, and s_server
> via the "-key" and "-cert" arguments.
>
> You can also sign and/or encrypt messages with ed25519 using cms(1),
> but you may not be ready to dive into cms.
>
> Low-level public and private key operations are possible via pkeyutl(1).
>
> While the dgst(1) command supports signing message digests with various
> public key signature algorithms, ed25519 is not one of these:
>
>        -sign filename
>            Digitally sign the digest using the private key in "filename".
> Note
>            this option does not support Ed25519 or Ed448 private keys. Use
> the
>            pkeyutl command instead for this.
>
> See the pkeyutl(1) manpage.
>
> Don't assume that some use of encryption implies any gain in security.
> It could be mere security theatre.  For actual security you need to
> apply a robust protocol that matches the application's security
> requirements.
>
> --
>     Viktor.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200422/8cc1446b/attachment.html>