|
| 1 | +## Ed25519 |
| 2 | +"Normal" Weirstrass curves like NIST P-256, which are used with Elliptic curve |
| 3 | +cryptography have a number of corner/edge cases which can make them slow, and |
| 4 | +also make implementations more difficult which can lead to implementations |
| 5 | +vulnerabilties. |
| 6 | + |
| 7 | +Curve25519 was developed by Daniel J Bernstein in 2006. |
| 8 | +Edward Twisted Curve 25519. There are several benifits to using ed25519 like |
| 9 | +higher performance, smaller private key and public keys, simpler to implemement, |
| 10 | +resistant to timing attacks. |
| 11 | + |
| 12 | +The prime used is 2²⁵⁵-19 (which I think is where the number in the name of this |
| 13 | +curve comes from). |
| 14 | + |
| 15 | +[Curve25519](http://cr.yp.to/ecdh/curve25519-20060209.pdf) |
| 16 | + |
| 17 | +Signatures can fit into 64 bytes. |
| 18 | + |
| 19 | + |
| 20 | +### Creating a key |
| 21 | +```console |
| 22 | +$ openssl genpkey -algorithm ED25519 -out test.pem |
| 23 | +``` |
| 24 | +```console |
| 25 | +$ openssl pkey -in test.pem -text |
| 26 | +-----BEGIN PRIVATE KEY----- |
| 27 | +MC4CAQAwBQYDK2VwBCIEIMa3vX1jnn7GD98BgrTjiY31PJcF+PEFjTk3rDFkQm3F |
| 28 | +-----END PRIVATE KEY----- |
| 29 | +ED25519 Private-Key: |
| 30 | +priv: |
| 31 | + c6:b7:bd:7d:63:9e:7e:c6:0f:df:01:82:b4:e3:89: |
| 32 | + 8d:f5:3c:97:05:f8:f1:05:8d:39:37:ac:31:64:42: |
| 33 | + 6d:c5 |
| 34 | +pub: |
| 35 | + 86:0c:72:0a:40:fc:f8:ff:fb:99:94:88:11:2a:ea: |
| 36 | + d4:7a:b4:7a:46:ae:8e:b0:e8:db:d7:fa:af:33:81: |
| 37 | + 3f:24 |
| 38 | +``` |
| 39 | +And we can inspect the asn1 format using the following command: |
| 40 | +```console |
| 41 | +$ openssl asn1parse -i -in test.pem |
| 42 | + 0:d=0 hl=2 l= 46 cons: SEQUENCE |
| 43 | + 2:d=1 hl=2 l= 1 prim: INTEGER :00 |
| 44 | + 5:d=1 hl=2 l= 5 cons: SEQUENCE |
| 45 | + 7:d=2 hl=2 l= 3 prim: OBJECT :ED25519 |
| 46 | + 12:d=1 hl=2 l= 34 prim: OCTET STRING [HEX DUMP]:0420C6B7BD7D639E7EC60FDF0182B4E3898DF53C9705F8F1058D3937AC3164426DC5 |
| 47 | +``` |
| 48 | +We can see that the public key is not in there but instead it gets generated by |
| 49 | +the `pkey` command, and if we think back at EC this should just be taking the |
| 50 | +generator point added to it self, private key (integer) number of times. |
| 51 | +The OBJECT :ED25519 is the |
| 52 | +[object identifier](https://oid-rep.orange-labs.fr/get/1.3.101.112), 1.3.101.112. |
| 53 | + |
| 54 | + |
| 55 | +```console |
| 56 | +$ openssl pkey -in test.pem -pubout -out test.pub |
| 57 | +$ cat test.pub |
| 58 | +-----BEGIN PUBLIC KEY----- |
| 59 | +MCowBQYDK2VwAyEAhgxyCkD8+P/7mZSIESrq1Hq0ekaujrDo29f6rzOBPyQ= |
| 60 | +-----END PUBLIC KEY----- |
| 61 | +$ openssl asn1parse -i -in test.pub |
| 62 | + 0:d=0 hl=2 l= 42 cons: SEQUENCE |
| 63 | + 2:d=1 hl=2 l= 5 cons: SEQUENCE |
| 64 | + 4:d=2 hl=2 l= 3 prim: OBJECT :ED25519 |
| 65 | + 9:d=1 hl=2 l= 33 prim: BIT STRING |
| 66 | +``` |
| 67 | +This is in [spki format](./spki.md). |
| 68 | + |
| 69 | +```console |
| 70 | +$ export LD_LIBRARY_PATH=~/work/security/openssl_build_master/lib64/:$LD_LIBRARY_PATH |
| 71 | +$ ~/work/security/openssl_build_master/bin/openssl pkeyutl -in input.txt -sign -rawin -inkey test.pem > signature.bin |
| 72 | +``` |
| 73 | +The signature consists of two 256 bit numbers, R and S |
| 74 | +```console |
| 75 | +$ cat signature.bin | xxd |
| 76 | +00000000: 394a a651 4ac4 d053 cf9a 7431 71d3 5cf3 9J.QJ..S..t1q.\. |
| 77 | +00000010: c5b7 c2d1 1e15 5002 d73c ebbe b7a7 aa6c ......P..<.....l |
| 78 | +00000020: a218 734f 2f38 c3d9 d860 5863 21ef 3a0f ..sO/8...`Xc!.:. |
| 79 | +00000030: 1bd9 62de a38c 0323 35b7 31ab 159d 9805 ..b....#5.1..... |
| 80 | +``` |
| 81 | +We can verify this (using the public key): |
| 82 | +```console |
| 83 | +$ ~/work/security/openssl_build_master/bin/openssl pkeyutl -verify -sigfile signature.bin -in input.txt -rawin -pubin -inkey test.pub |
| 84 | +Signature Verified Successfully |
| 85 | +``` |
0 commit comments