Reputation: 61
How do openssl commands sign messages using ed25519
I am trying to sign data using Ed25519 algorithm in OpenSSL. I have reinstalled OpenSSL and confirmed that my OpenSSL version supports Ed25519. However, when I try to sign data using the openssl dgst command with the -ed25519 flag, I get an error message saying "Unrecognized flag ed25519". Here is the command I am using:
openssl dgst -sign <private_key_file> -ed25519 -out <signature_file> <data_file>
I have also tried using the openssl pkeyutl command to sign the data, but I get an error message saying "Error initializing context". Here is the command I am using:
openssl pkeyutl -sign -inkey <private_key_file> -keyform PEM -in <data_file> -out <signature_file> -pkeyopt digest:ed25519
I have confirmed that my private key is in PEM format and that my OpenSSL version supports Ed25519. What could be causing these errors, and how can I sign data using Ed25519 algorithm in OpenSSL?
Upvotes: 5
Views: 4414
Answers (1)
Reputation: 12898
Since v3.0.1 OpenSSL CLI supports signing with Ed25519 (see here).
Example:
# generate keys
openssl genpkey -algorithm Ed25519 -out secret.pem
openssl pkey -in secret.pem -pubout -out public.pem
# generate signature
openssl pkeyutl -sign -inkey secret.pem -out signature.bin -rawin -in message.bin
# verify signature
openssl pkeyutl -verify -pubin -inkey public.pem -rawin -in message.bin -sigfile signature.bin
Upvotes: 7
Related Questions
- How to install OpenSSL in windows 10?
- Using openssl to get the certificate from a server
- Using OpenSSL what does "unable to write 'random state'" mean?
- What is the equivelent of "openssl dgst -sha1 -sign"?
- OpenSSL apparently producing invalid key pairs for ed25519
- How to verify signature with pss padding?
- Data verification with openssl smime fails
- openSSL sign https_client certificate with CA