On 25/03/18 12:46, Jeremy Harris wrote: > On 25/03/18 02:05, Viktor Dukhovni wrote: >>> Is there a way yet to get the raw public-key out, >>> documented or not? As you may guess, this is for DKIM. >> >> Not sure what format DKIM wants the key in, but if it is SKPI >> in base64 form > > It is not. The _raw_ pubkey, base64'd is what is wanted. > No ASN.1 wrapping; that's why I said "raw". > I just had the exact same conversation off-list... To generate an Ed25519 private key: $ openssl genpkey -algorithm ed25519 -outform PEM -out test25519.pem OpenSSL does not support outputting only the raw key from the command line. You *can* get it in SubjectPublicKeyInfo format which, for an Ed25519 key will always consist of 12 bytes of ASN.1 header followed by 32 bytes of raw key. Therefore to get a base64 encoded raw public key: $ openssl pkey -outform DER -pubout -in test25519.pem | tail -c +13 | openssl base64 Matt -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
