On Tue, Apr 21, 2020 at 05:48:19PM +0800, yang berlin wrote: > I want to use ed25519 in openssl. Why? What actual real-world purpose do you have for ed25519? > The problem I met is: I can use "speed ed25519" to test the speed of > ed25519, but when I use "dgst -ed25519", it tells me that "dgst: > Unrecognized flag Ed25519". That's because "ed25519" is not a digest algorithm, it is a public key algorithm. You can use it to sign messages, but not to compute message digests. > So could you please help me to learn how to use ed25519 correctly? That question has no answer. Whether a use of "ed25519" is correct or incorrect depends on the security protocol in which it is to be used, and whether that protocol is appropriate to security requirements of the application using it. If you're just playing with ed25519, you can generate ed25519 keys with: $ openssl genpkey -algorithm ed25519 -out privkey.pem You can extract just the public key via: $ openssl pkey -in privkey.pem -pubout -out pubkey.pem You can generate an ed25519 self-signed public key certificate with: $ openssl req -key privkey.pem -new \ -x509 -subj "/CN=$(uname -n)" -days 36500 -out pubcert.pem You can use the key and certificate with s_client, and s_server via the "-key" and "-cert" arguments. You can also sign and/or encrypt messages with ed25519 using cms(1), but you may not be ready to dive into cms. Low-level public and private key operations are possible via pkeyutl(1). While the dgst(1) command supports signing message digests with various public key signature algorithms, ed25519 is not one of these: -sign filename Digitally sign the digest using the private key in "filename". Note this option does not support Ed25519 or Ed448 private keys. Use the pkeyutl command instead for this. See the pkeyutl(1) manpage. Don't assume that some use of encryption implies any gain in security. It could be mere security theatre. For actual security you need to apply a robust protocol that matches the application's security requirements. -- Viktor.