Closed hojothum closed 2 years ago
Apologies, meant to include the BC version. It's pulled from Maven repos:
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<version>1.69</version>
</dependency>
<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcpkix-jdk15on</artifactId>
<version>1.69</version>
</dependency>
BouncyCastle is outputting the Private key in the format described by RFC 5958, as can be seen by the initial integer (version) field being 1 rather than 0.
RFC 5958 obsoletes RFC 5208 which describes the version 0 format, which it appears is the only one supported by openSSL.
You can request BouncyCastle to output the old v0 format that is acceptable to openSSL by setting the system property org.bouncycastle.pkcs8.v1_info_only. This results in a pem file that is acceptable to openSSL. Just add -Dorg.bouncycastle.pkcs8.v1_info_only=true to the VM options of your process.
Perfect. Thank you for educating me on what's going on underneath and for the solution via VM param.
Running the test application with java -Dorg.bouncycastle.pkcs8.v1_info_only=true ...
This now works:
/usr/local/opt/openssl@1.1/bin/openssl pkey -in /tmp/bc_ed25519_sk.pem -text
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEICxled/CNt2EpNiK2vCbFSbpcIFi7fr1pKmq7WC2LtOJ
-----END PRIVATE KEY-----
ED25519 Private-Key:
priv:
2c:65:79:df:c2:36:dd:84:a4:d8:8a:da:f0:9b:15:
26:e9:70:81:62:ed:fa:f5:a4:a9:aa:ed:60:b6:2e:
d3:89
pub:
7d:b6:d4:54:f8:7d:37:bc:4a:e7:82:d7:42:49:9d:
49:fa:28:79:04:73:5d:0f:b6:0f:2d:a6:e1:f5:6f:
ed:5f
/usr/local/opt/openssl@1.1/bin/openssl asn1parse -in /tmp/bc_ed25519_sk.pem
0:d=0 hl=2 l= 46 cons: SEQUENCE
2:d=1 hl=2 l= 1 prim: INTEGER :00
5:d=1 hl=2 l= 5 cons: SEQUENCE
7:d=2 hl=2 l= 3 prim: OBJECT :ED25519
12:d=1 hl=2 l= 34 prim: OCTET STRING [HEX DUMP]:04202C6579DFC236DD84A4D88ADAF09B1526E9708162EDFAF5A4A9AAED60B62ED389
When generating ed25519 key-pairs in Java, using BC, and then writing them out to PEM files for use with OpenSSL, we have encountered error messages when OpenSSL tries to read the key files.
Code for generating the keys and exporting to PEM file:
OpenSSL (1.1.1l & 3.0.0) attempt to parse PEM from Java:
v1.1.1l
Local build of v3.0.0 tag:
There seems to be a clear difference in the ASN.1 encoding when comparing the PEM output of OpenSSL to that of Java. Maybe that implies that the ASN.1 encoding produced by BouncyCastle is incompatible with what OpenSSL is expecting for ed25519 keys?
Verifying OpenSSL can handle ed25519 internally:
The same strategy can be used to export PEM files from Java/BC for ECDSA keys and it works as expected: