3

I'm trying to write and read a PEM file that contains both a PublicKey and PrivateKey for Ed25519 in Java 15.

However it's not clear if the PEM format supports this, or exactly how to do it using the standard Java libraries (JCA). Most of the examples seem to use RSA.

What is the correct way to do this? Or is there a better approach?

mikera
  • 105,238
  • 25
  • 256
  • 415
  • 1
    The typical ED25519-key (private and public one) is just a 32 byte long byte array and there is no "PEM" format in use. For a better exchange and/or storage you can encode the key data in Base64 to get a string format. Of course, you can wrap that string with a "---BEGIN PRIVATE KEY---" but that may be not exchangeable with externals. BTW: it's good to know that Java 15 now supports Ed25519 out of the box, for my tests I needed to use Bouncy Castle as provider. – Michael Fehr Feb 10 '21 at 10:05
  • Thanks, confirms my suspicion that it isn't directly supported by the format. Is there a better, standard format for storing a key pair that is exchangeable? – mikera Feb 10 '21 at 10:16
  • Usually just the key bytes were exchanged and in most cases I've seen its done using simple Base64-encoding. – Michael Fehr Feb 10 '21 at 10:37
  • 4
    @MichaelFehr - As far as I know there is nothing against formatting Ed25519 keys in X.509/SPKI (public) or PKCS#8 (private) and thus encoding them as PEM (or DER). OpenSSL generates such formatted keys, e.g. (e.g. `openssl genpkey -algorithm Ed25519 -out <...>` for the private key). – Topaco Feb 10 '21 at 10:51
  • @Topaco: good to know - I've never seen an ED25519 in that form, thanks. – Michael Fehr Feb 10 '21 at 11:43
  • @Topaco my openssl (LibreSSL 2.8.3) says `Algorithm ed25519 not found` – Chris Pierce Jan 25 '22 at 15:59

0 Answers0