On Wed, Apr 22, 2020 at 01:27:03PM +0200, Nicola Tuveri wrote: > Unfortunately at the moment the command line utilities do not support > generating Ed25519 or Ed448 signatures for files. > > The reason is that in OpenSSL at the moment we only support pureEd25519, > which does not prehash the "message" to be signed, as Viktor mentioned > before. Which means no support in dgst(1), but that manpage suggests pkeyutl(1), which e.g. for RSA supports signing raw (unhashed input), but sadly the EVP_PKEY_METHOD for ed25519 has a NULL sign() member, instead, somewhat ironically, it has a digestsign() method. This is presumably to distinguish between the pure and prehash variants. Therefore, presently pkeyutl(1) indeed appears to not implement signing and verifying with ed25519, this looks doable with modest effort. -- Viktor.