Billy Brumley bbrumley at
Wed Nov 17 19:40:22 UTC 2021

> # Generate a new Ed25519 key pair:
> $ openssl genpkey -algorithm ed25519 -out ed25519-key.pem
> # Extract its public key:
> $ openssl pkey -in ed25519-key.pem -pubout ed25519-key-public.pem
> # Confirm the public key:
> $ openssl pkey -pubin -in ed25519-key-public.pem
> This uses the PEM header "BEGIN PUBLIC KEY", but it's an ECC public key in PEM format.

That's an ed25519 key. Not an ECC key. They are different formats, at
both the OID and asn1 structure levels.

> This version of OpenSSL doesn't recognize "BEGIN EC PUBLIC KEY", but it'd be trivial to script copying the key to a temporary file and editing the PEM header and footer.

I don't think that's what's happening here. They are likely different
formats, when you look at the asn1 structure.


More information about the openssl-users mailing list