Login/Register
Generating public ed25519 key with OpenSSL
Asked Answered
Solved opensslkey-paired25519
H

2

18

I'm using this command to generate private ed25519 key:

openssl genpkey -algorithm ed25519 -out private.pem

and this is the example result:

-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIAYIsKL0xkTkAXDhUN6eDheqODEOGyFZ04jsgFNCFxZf
-----END PRIVATE KEY-----

So then I want to generate a public key based on this private key and I do it like this:

openssl pkey -in private.pem -out public.pem

but with this command I still get a private key that looks like this:

-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIAYIsKL0xkTkAXDhUN6eDheqODEOGyFZ04jsgFNCFxZf
-----END PRIVATE KEY-----

Additionally, this private and "public" key is not 32-bytes, but 64. What's wrong with my command?

Hymeneal answered 7/5, 2022 at 10:37 Comment(5)
The -pubout option is missing.Reames
Ooh thanks. But do you know why this is 60 bytes long instead of 32? Likewise, the private key is 64 bytes long instead of 32.Hymeneal
Your public key has the X.509/SPKI format. The raw key contained in it is 32 bytes in size, check the key in an ASN.1 parser e.g. lapo.it/asn1js. Similarly, the same applies to the private key having the PKCS#8 formatReames
What are you see is a Base64 encoded ASN.1 certificate (called PEM format). You can generate the cert in raw binary format: openssl genpkey -algorithm ed25519 -outform DER -out test25519.der. The resulted file is 48 bytes. Now you can use keystore-explorer.org then click Examine Certificate, chose the cert (pem or der), no any password so just click Enter and you'll see the cert details. Click on ASN and the OCTET STRING is HEX encoded key and it's raw bytesBonucci
Also may be useful mta.openssl.org/pipermail/openssl-users/2018-March/007777.htmlBonucci
I
17

This will return the public key as a file.

openssl pkey -in private.pem -pubout -out public.pem
Isoniazid answered 24/9, 2022 at 20:34 Comment(0)
C
3

The question duplicates next gen pubkey openssl ed25519 and the answer has been given.

openssl pkey -in ed25519key.pem -pubout

Cordage answered 26/7, 2022 at 6:25 Comment(0)

© 2022 - 2024 — McMap. All rights reserved.