Login/Register
Generate EdDSA 25519 key pair for JOSE/NODEJS
Asked Answered
Solved jwtjose
E

1

7

Here is the command I used on ubuntu 20.x to generate key pair of EdDSA 25519 for JOSE/NODEJS (14.16) app:

$ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/id-ed25519 -C myemail_address

Here is the private key generated:

-----BEGIN OPENSSH PRIVATE KEY-----
a3BlbnNzaC1rZXktdjEAAAAABG5vbmVAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACAp92w+fwodL4kaUDrNghdZScdcg54IJOO6tLpG91oeKgAAAJj71Y9w+9WP
cAAAAAtzc2gtZWQyNTUxOQAAACAp92w+awodL4kaUDrNghdZScdcg54IJOO6tLpG91oeKg
AAAEDsEfbdyx4HaM5cL1f2Ag2Knb0NDCIiuIDsm6FwR5NJESn3bD5/Ch0viRpQOs2CF1lJ
c1yDnggk47q0ukb3Wh4qAAAAFGVtY2yhYjIwMTFAZ21haWwuY29tAQ==
-----END OPENSSH PRIVATE KEY-----

The private key has 366 bytes instead of 32 bytes.

Here is the public key:

BAAAC3NzaC1lZ1I1NTE5AAAAICn3CD5/Ch0viRpQOs2CF1lJx1yDnggk47q0ukb3Wh4q myemail_address

It is 63bytes without counting email address and seems too long.

Is it the right way to generate key pair for EdDSA 25519? If it is not, what is the right way?

Escapade answered 25/3, 2021 at 15:33 Comment(1)
Here is the doc providing ed25519 key pair generation with openssl: gist.github.com/kousu/…Escapade
I
15

You can use Node.js (>= 12.0.0) for this as well.

const keypair = crypto.generateKeyPairSync(
  'ed25519', 
  {
    privateKeyEncoding: { format: 'pem', type: 'pkcs8' }, 
    publicKeyEncoding: { format: 'pem', type: 'spki' }
  }
)

console.log(keypair.privateKey)
console.log(keypair.publicKey)

There is both blocking and non-blocking API for this.

Incipit answered 26/3, 2021 at 14:50 Comment(2)
It also can promisified using: const generateKeyPair = util.promisify(crypto.generateKeyPair)Acoustic
But that is just pem format. Is there a simple way for getting openssh format.Edgardo

© 2022 - 2024 — McMap. All rights reserved.