Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ED25519 support #443

Closed
tambry opened this issue May 25, 2021 · 5 comments
Closed

ED25519 support #443

tambry opened this issue May 25, 2021 · 5 comments

Comments

@tambry
Copy link

tambry commented May 25, 2021
edited
Loading

  1. openssl genpkey -algorithm ED25519 -out test.key
  2. ruby -e "require 'openssl'; OpenSSL::PKey::EC.new('test.key')" fails with "invalid curve name"

The failure is somewhat expected as ED25519 keys aren't EC keys (they don't have a choice of curves) and this holds also for X25519, X448 and ED448.

This is preventing me from using an internal ED25519-based CA with Puppet.

Say I were interested in implementing them (or at least ED25519) would it be just appropriate to create more key types for each, analogous to the existing ones?
@rhenium
Copy link
Member

rhenium commented May 25, 2021

Yes, OpenSSL handles Ed25519 separately in the EVP layer - EVP_PKEY_ED25519 vs EVP_PKEY_EC, so it doesn't belong to OpenSSL::PKey::EC.

Basic support for Ed25519 and X25519 is implemented by #370/#329 (please see the test code for Ed25519/X25519 example). It's currently only in master and not part of a release yet.

@rhenium rhenium closed this as completed Sep 27, 2021
@marek22k
Copy link

marek22k commented Aug 9, 2022

When will it be part of the release?

@rhenium
Copy link
Member

rhenium commented Aug 11, 2022

This is part of openssl v3.0.0.

https://github.com/ruby/openssl/blob/d36e6e5ef70917c5cb8f58a0c27f9eb6e583dc9a/History.md#notable-changes

@marek22k
Copy link

marek22k commented Aug 11, 2022
edited
Loading

What am I doing wrong? It doesn't seem to be working somehow.

$openssl genpkey -algorithm ed25519 -out private.pem
$irb
3.1.2 :001 > require "openssl"
 => true 
3.1.2 :002 > OpenSSL::VERSION
 => "3.0.0" 
3.1.2> key = OpenSSL::PKey::EC.new File.read "test.pem"
(irb):4:in `initialize': incorrect pkey type: ED25519 (OpenSSL::PKey::DSAError)
        from (irb):4:in `new'                                                 
        from (irb):4:in `<main>'                                              
        from /home/bandura/.rvm/rubies/ruby-3.1.2/lib/ruby/gems/3.1.0/gems/irb-1.4.1/exe/irb:11:in `<top (required)>'                                         
        from /home/bandura/.rvm/rubies/ruby-3.1.2/bin/irb:25:in `load'        
        from /home/bandura/.rvm/rubies/ruby-3.1.2/bin/irb:25:in `<main>'

Ah, I see the problem:

$ruby -ropenssl -ve'puts OpenSSL::OPENSSL_VERSION, OpenSSL::OPENSSL_LIBRARY_VERSION'
ruby 3.1.2p20 (2022-04-12 revision 4491bb740a) [x86_64-linux]
OpenSSL 1.1.1n  15 Mar 2022
OpenSSL 1.1.1n  15 Mar 2022

@joshcooper
Copy link
Contributor

I submitted #804 to allow requests to be signed using ED25519

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@joshcooper @rhenium @tambry @marek22k