I need a non-programmatic method for using seeds to generate ED25519 and ED448 (Goldilocks) key pairs. This means using only shell-accessible tools within OpenSSL rather than binding programmatically. While reading the documentation it seems that neither 'genpkey' nor 'pkeyutl' have a facility for using a deterministic seed to generate the keys. Maybe I am missing something. I notice that OpenSSL has the 'asn1parse' utility for reading PEM and DER formatted keys. Is there an analogue that allows to write back a new value for the secret integers in private keys? Or can I encode data with 'asn1parse' and then output it in PEM format to build a key? Trying to de-serialize and reconstruct keys outside of OpenSSL is a pain and might hinder portability and require re-writing the same code to different targets. I would rather try to find a way to use the native shell commands so I may set it and forget it. -- www.sybershock.com | sci.crypt | alt.sources.crypto | alt.lite.bulb
