Sign wtih RSA private key X.509 contains ed25519 public key

[ValentinBossi]

Hi First thank you for your work!

I'd like to have a root ca and a couple of intermediate ca's which signs ed25519 pubkeys in the x.509 format. I managed to have the root ca with a intermediate ca but when i add an ed25519 pubkey to the cert which should be signed with the intermediate ca its not possible, it throws an error. Im working with node and have the code on runkit which doesn't work: https://runkit.com/bossival/root-intermediate-and-entity

Thank you for your help.

[dlongley]

Unfortunately, we have not yet implemented a SubjectPublicKeyInfo/X.509 representation of ed25519 public keys. PRs are welcome!

[dugrema]

Hi, I've forked PR 851 to my own repository. I can successfully build EdDsa25519 CSRs, sign certificates and save private keys to PEM (encrypted or not). I hacked my way through all of it though, and yes that includes the SubjectPublicKeyInfo.

This all works with openssl 1.1.1f. I'm using these cert chains successfully on RabbitMQ, nginx and MongoDB for client authentication. But this is all proof of concept. Comments welcome. Looking forward to hardening and merging this code once PR 851 is resolved.

My fork : https://github.com/dugrema/forge/tree/ed25519

Note: This is not all that well integrated into pki (x509.js). Check operations in the file ed25519.js if you want to try it out (like loading, saving Ed25519 PEMs). I'd need some help/ideas on how to properly integrate into the pki module.