Wow, thanks for the detailed reply!
Actually I am a master student and my teacher wants me to figure out the use of ed25519. So I went to see openssl.
I thought ed25519 can sign messages so I tried the dgst command. Now I know that I was wrong.
Anyway, thank you again!
Viktor Dukhovni <openssl-users@xxxxxxxxxxxx> 于2020年4月22日周三 上午1:35写道:
On Tue, Apr 21, 2020 at 05:48:19PM +0800, yang berlin wrote:
> I want to use ed25519 in openssl.
Why? What actual real-world purpose do you have for ed25519?
> The problem I met is: I can use "speed ed25519" to test the speed of
> ed25519, but when I use "dgst -ed25519", it tells me that "dgst:
> Unrecognized flag Ed25519".
That's because "ed25519" is not a digest algorithm, it is a public key
algorithm. You can use it to sign messages, but not to compute message
digests.
> So could you please help me to learn how to use ed25519 correctly?
That question has no answer. Whether a use of "ed25519" is correct or
incorrect depends on the security protocol in which it is to be used,
and whether that protocol is appropriate to security requirements of
the application using it.
If you're just playing with ed25519, you can generate ed25519 keys with:
$ openssl genpkey -algorithm ed25519 -out privkey.pem
You can extract just the public key via:
$ openssl pkey -in privkey.pem -pubout -out pubkey.pem
You can generate an ed25519 self-signed public key certificate with:
$ openssl req -key privkey.pem -new \
-x509 -subj "/CN=$(uname -n)" -days 36500 -out pubcert.pem
You can use the key and certificate with s_client, and s_server
via the "-key" and "-cert" arguments.
You can also sign and/or encrypt messages with ed25519 using cms(1),
but you may not be ready to dive into cms.
Low-level public and private key operations are possible via pkeyutl(1).
While the dgst(1) command supports signing message digests with various
public key signature algorithms, ed25519 is not one of these:
-sign filename
Digitally sign the digest using the private key in "filename". Note
this option does not support Ed25519 or Ed448 private keys. Use the
pkeyutl command instead for this.
See the pkeyutl(1) manpage.
Don't assume that some use of encryption implies any gain in security.
It could be mere security theatre. For actual security you need to
apply a robust protocol that matches the application's security
requirements.
--
Viktor.