Michael Wojcik Michael.Wojcik at
Wed Nov 17 17:22:17 UTC 2021

> From: openssl-users <openssl-users-bounces at> On Behalf Of
> Felipe Gasper
> Sent: Wednesday, 17 November, 2021 09:12
> To: openssl-users at
> Subject: “EC PUBLIC KEY”
> 	Does OpenSSL intend to handle EC public keys that in PEM begin
> 	I can’t find a way to output this format and am not sure if it’s
> actually defined anywhere, but it seems like a logical analogue to the
> default/legacy RSA public key format.

With 1.1.1i (which is the version of the openssl command-line utility that I happen to have on my path at the moment):

# Generate a new Ed25519 key pair:
$ openssl genpkey -algorithm ed25519 -out ed25519-key.pem

# Extract its public key:
$ openssl pkey -in ed25519-key.pem -pubout ed25519-key-public.pem

# Confirm the public key:
$ openssl pkey -pubin -in ed25519-key-public.pem

This uses the PEM header "BEGIN PUBLIC KEY", but it's an ECC public key in PEM format.

This version of OpenSSL doesn't recognize "BEGIN EC PUBLIC KEY", but it'd be trivial to script copying the key to a temporary file and editing the PEM header and footer.

Michael Wojcik

More information about the openssl-users mailing list