Unable to deal with ed25519 pk #81

xxorax · 2022-02-16T13:53:57Z

I'm desperatly trying to handle EdDSA / ed25519 private key in any library.
Most of them accept only PKCS8 format, while sshpk handle only PKCS1

Even node crypto can't import it :

const crypto = require('crypto')
const sshpk = require('sshpk')

const privkey = sshpk.generatePrivateKey('ed25519')

privkey.toBuffer('pkcs8')
// Error: Ed25519 private keys in pkcs8 format are not supported

const privkeyObj = crypto.createPrivateKey({
  key: privkey.toBuffer('pem'),
  format: 'pem',
})
// Error: error:0909006C:PEM routines:get_name:no start line

const privkeyObj = crypto.createPrivateKey({
  key: privkey.toBuffer('pkcs1'),
  format: 'der',
  type: 'pkcs1'
})
// Error: error:0D0680A8:asn1 encoding routines:asn1_check_tlen:wrong tag

Tried on node v12, v16, v17.

Thanks for help

The text was updated successfully, but these errors were encountered:

xxorax · 2022-05-25T12:20:27Z

I was able to export generated ed25519 key to pkcs8 using the ssh2 lib :

const ssh2 = require('ssh2')
const sshpk = require('sshpk')

const pkcs8 = ssh2.utils.parseKey(
      sshpk.generatePrivateKey('ed25519').toString('ssh')
).getPrivatePEM()

~~Also working with ecdsa key.~~ ecdsa need more gymnastic :

sshpk.parsePrivateKey(
  ssh2.utils.parseKey(sshpk.generatePrivateKey('ecdsa').toString('ssh')).getPrivatePEM(),
  'pem'
).toString('pkcs8')

Hard to fond... It would be more convenient to have such function here.

Thanks !

arekinath · 2022-05-26T00:34:01Z

This was missing because the support for Ed25519 in PEM in sshpk was written before RFC8410 had been finalised. There's a few little fixes that have to go into the way it's generating and parsing these before it can be enabled, but they're easy enough to do.

With ECDSA, you should just be able to do sshpk.generatePrivateKey('ecdsa').toString('pkcs8'); -- I'm not sure why you're converting it to ssh format and then back again?

xxorax · 2022-09-07T22:48:05Z

With ECDSA, you should just be able to do sshpk.generatePrivateKey('ecdsa').toString('pkcs8'); -- I'm not sure why you're converting it to ssh format and then back again?

True, and after re-rechecking, sometime there is differences 👀

The folliwng will print "test" for each pass, and will stop once pkcs8 are differents

const ssh2 = require('ssh2')
const sshpk = require('sshpk')

const test = function () {
  console.log('test')
  const privkey = sshpk.generatePrivateKey('ecdsa')

  const pkcs8 = sshpk.parsePrivateKey(
    ssh2.utils.parseKey(privkey.toString('ssh')).getPrivatePEM(),
    'pem'
  ).toString('pkcs8')

  if ( pkcs8 !== privkey.toString('pkcs8') ) {
    console.log(pkcs8)
    console.log(privkey.toString('pkcs8'))
    return false
  }
  return true
}

while(test());

Tested on node v12, v16, and v17, also tried on an other cpu. I make some stats, at the end I got ~50% of errors.

On my side I send the pkcs8 to jose.importPKCS8 , and my tests pass 100% of time with the weird convertion I mentionned before.

??? ☁️

Thanks !

bahamat linked a pull request May 30, 2022 that will close this issue

node-sshpk#81 add support for ed25519 private keys in pkcs8 #83

Closed

teutat3s mentioned this issue Oct 19, 2023

Add support for ed25519 private keys in pkcs8 #92

Merged

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Unable to deal with ed25519 pk #81

Unable to deal with ed25519 pk #81

xxorax commented Feb 16, 2022 •

edited

xxorax commented May 25, 2022 •

edited

arekinath commented May 26, 2022

xxorax commented Sep 7, 2022

Unable to deal with ed25519 pk #81

Unable to deal with ed25519 pk #81

Comments

xxorax commented Feb 16, 2022 • edited

xxorax commented May 25, 2022 • edited

arekinath commented May 26, 2022

xxorax commented Sep 7, 2022

xxorax commented Feb 16, 2022 •

edited

xxorax commented May 25, 2022 •

edited