questions on using ed25519

Nicola Tuveri nic.tuv at gmail.com
Wed Apr 22 20:35:46 UTC 2020 

I have to correct myself, in `master` (and very soon in the 3.0.0 alpha1
release) `pkeyutl` already has support for sign/verify files with Ed25519
keys.

```
λ /tmp/test25519/ ### Ensure OpenSSL dev build is in use for this shell
λ /tmp/test25519/ which openssl ; openssl version
/opt/openssl-master/bin/openssl
OpenSSL 3.0.0-dev xx XXX xxxx (Library: OpenSSL 3.0.0-dev xx XXX xxxx)
λ /tmp/test25519/ ### Generate Ed25519 private key
λ /tmp/test25519/ openssl genpkey -algorithm Ed25519 -out priv.pem
λ /tmp/test25519/ ### Extract pub key from private key
λ /tmp/test25519/ openssl pkey -in priv.pem -pubout -out pub.pem
λ /tmp/test25519/ ###
λ /tmp/test25519/ ### Up to this point all the commands were compatible
λ /tmp/test25519/ ### with OpenSSL 1.1.1 releases, the next one is the
λ /tmp/test25519/ ### one that requires OpenSSL 3.0.0-dev as `pkeyutl`
λ /tmp/test25519/ ### now has support for `-rawin` which is required
λ /tmp/test25519/ ### for signing/veryfing files with Ed25519 keys.
λ /tmp/test25519/ ###
λ /tmp/test25519/ ### Generate a signature `sig.dat` for the file
λ /tmp/test25519/ ### `/bin/ls` using `priv.key` private Ed25519 key;
λ /tmp/test25519/ openssl pkeyutl -sign -inkey priv.pem -out sig.dat \
    -rawin -in /bin/ls
λ /tmp/test25519/ ### Verify the file `/bin/ls` against a signature
λ /tmp/test25519/ ### `sig.dat` under the public Ed25519 key `pub.pem`.
λ /tmp/test25519/ ### Success is expected.
λ /tmp/test25519/ openssl pkeyutl -verify -pubin -inkey pub.pem \
    -rawin -in /bin/ls -sigfile sig.dat
Signature Verified Successfully
λ /tmp/test25519/ ### Verify the file `/bin/echo` against a signature
λ /tmp/test25519/ ### `sig.dat` under the public Ed25519 key `pub.pem`.
λ /tmp/test25519/ ### Failure is expected.
λ /tmp/test25519/ openssl pkeyutl -verify -pubin -inkey pub.pem \
    -rawin -in /bin/echo -sigfile sig.dat
Signature Verification Failure
```

On Wed, Apr 22, 2020, 19:12 Viktor Dukhovni <openssl-users at dukhovni.org>
wrote:

> On Wed, Apr 22, 2020 at 01:27:03PM +0200, Nicola Tuveri wrote:
>
> > Unfortunately at the moment the command line utilities do not support
> > generating Ed25519 or Ed448 signatures for files.
> >
> > The reason is that in OpenSSL at the moment we only support pureEd25519,
> > which does not prehash the "message" to be signed, as Viktor mentioned
> > before.
>
> Which means no support in dgst(1), but that manpage suggests pkeyutl(1),
> which e.g. for RSA supports signing raw (unhashed input), but sadly the
> EVP_PKEY_METHOD for ed25519 has a NULL sign() member, instead, somewhat
> ironically, it has a digestsign() method.  This is presumably to
> distinguish between the pure and prehash variants.  Therefore, presently
> pkeyutl(1) indeed appears to not implement signing and verifying with
> ed25519, this looks doable with modest effort.
>
> --
>     Viktor.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200422/400a63f7/attachment.html>

More information about the openssl-users mailing list