Skip to content

Commit fa1a448

Browse files
committed
Add initial ed25519 notes and example
Signed-off-by: Daniel Bevenius <daniel.bevenius@gmail.com>
1 parent cb4cb70 commit fa1a448

6 files changed

Lines changed: 99 additions & 0 deletions

File tree

edcurve25519/input.txt

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
bajja

edcurve25519/signature.bin

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
9J�QJ��SϚt1q�\�ŷ��P�<뾷��l�sO/8���`Xc!�:�bޣ�#5�1���

edcurve25519/test.pem

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
-----BEGIN PRIVATE KEY-----
2+
MC4CAQAwBQYDK2VwBCIEIMa3vX1jnn7GD98BgrTjiY31PJcF+PEFjTk3rDFkQm3F
3+
-----END PRIVATE KEY-----

edcurve25519/test.pub

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
-----BEGIN PUBLIC KEY-----
2+
MCowBQYDK2VwAyEAhgxyCkD8+P/7mZSIESrq1Hq0ekaujrDo29f6rzOBPyQ=
3+
-----END PUBLIC KEY-----

edcurve25519/verify.js

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,6 @@
1+
const fs = require('fs');
2+
const crypto = require('crypto');
3+
const pub = crypto.createPublicKey(fs.readFileSync('test.pub'));
4+
const input = fs.readFileSync('input.txt');
5+
const signature = fs.readFileSync('signature.bin');
6+
console.log('verify successful: ', crypto.verify(null, input, pub, signature));

notes/ed25519.md

Lines changed: 85 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,85 @@
1+
## Ed25519
2+
"Normal" Weirstrass curves like NIST P-256, which are used with Elliptic curve
3+
cryptography have a number of corner/edge cases which can make them slow, and
4+
also make implementations more difficult which can lead to implementations
5+
vulnerabilties.
6+
7+
Curve25519 was developed by Daniel J Bernstein in 2006.
8+
Edward Twisted Curve 25519. There are several benifits to using ed25519 like
9+
higher performance, smaller private key and public keys, simpler to implemement,
10+
resistant to timing attacks.
11+
12+
The prime used is 2²⁵⁵-19 (which I think is where the number in the name of this
13+
curve comes from).
14+
15+
[Curve25519](http://cr.yp.to/ecdh/curve25519-20060209.pdf)
16+
17+
Signatures can fit into 64 bytes.
18+
19+
20+
### Creating a key
21+
```console
22+
$ openssl genpkey -algorithm ED25519 -out test.pem
23+
```
24+
```console
25+
$ openssl pkey -in test.pem -text
26+
-----BEGIN PRIVATE KEY-----
27+
MC4CAQAwBQYDK2VwBCIEIMa3vX1jnn7GD98BgrTjiY31PJcF+PEFjTk3rDFkQm3F
28+
-----END PRIVATE KEY-----
29+
ED25519 Private-Key:
30+
priv:
31+
c6:b7:bd:7d:63:9e:7e:c6:0f:df:01:82:b4:e3:89:
32+
8d:f5:3c:97:05:f8:f1:05:8d:39:37:ac:31:64:42:
33+
6d:c5
34+
pub:
35+
86:0c:72:0a:40:fc:f8:ff:fb:99:94:88:11:2a:ea:
36+
d4:7a:b4:7a:46:ae:8e:b0:e8:db:d7:fa:af:33:81:
37+
3f:24
38+
```
39+
And we can inspect the asn1 format using the following command:
40+
```console
41+
$ openssl asn1parse -i -in test.pem
42+
0:d=0 hl=2 l= 46 cons: SEQUENCE
43+
2:d=1 hl=2 l= 1 prim: INTEGER :00
44+
5:d=1 hl=2 l= 5 cons: SEQUENCE
45+
7:d=2 hl=2 l= 3 prim: OBJECT :ED25519
46+
12:d=1 hl=2 l= 34 prim: OCTET STRING [HEX DUMP]:0420C6B7BD7D639E7EC60FDF0182B4E3898DF53C9705F8F1058D3937AC3164426DC5
47+
```
48+
We can see that the public key is not in there but instead it gets generated by
49+
the `pkey` command, and if we think back at EC this should just be taking the
50+
generator point added to it self, private key (integer) number of times.
51+
The OBJECT :ED25519 is the
52+
[object identifier](https://oid-rep.orange-labs.fr/get/1.3.101.112), 1.3.101.112.
53+
54+
55+
```console
56+
$ openssl pkey -in test.pem -pubout -out test.pub
57+
$ cat test.pub
58+
-----BEGIN PUBLIC KEY-----
59+
MCowBQYDK2VwAyEAhgxyCkD8+P/7mZSIESrq1Hq0ekaujrDo29f6rzOBPyQ=
60+
-----END PUBLIC KEY-----
61+
$ openssl asn1parse -i -in test.pub
62+
0:d=0 hl=2 l= 42 cons: SEQUENCE
63+
2:d=1 hl=2 l= 5 cons: SEQUENCE
64+
4:d=2 hl=2 l= 3 prim: OBJECT :ED25519
65+
9:d=1 hl=2 l= 33 prim: BIT STRING
66+
```
67+
This is in [spki format](./spki.md).
68+
69+
```console
70+
$ export LD_LIBRARY_PATH=~/work/security/openssl_build_master/lib64/:$LD_LIBRARY_PATH
71+
$ ~/work/security/openssl_build_master/bin/openssl pkeyutl -in input.txt -sign -rawin -inkey test.pem > signature.bin
72+
```
73+
The signature consists of two 256 bit numbers, R and S
74+
```console
75+
$ cat signature.bin | xxd
76+
00000000: 394a a651 4ac4 d053 cf9a 7431 71d3 5cf3 9J.QJ..S..t1q.\.
77+
00000010: c5b7 c2d1 1e15 5002 d73c ebbe b7a7 aa6c ......P..<.....l
78+
00000020: a218 734f 2f38 c3d9 d860 5863 21ef 3a0f ..sO/8...`Xc!.:.
79+
00000030: 1bd9 62de a38c 0323 35b7 31ab 159d 9805 ..b....#5.1.....
80+
```
81+
We can verify this (using the public key):
82+
```console
83+
$ ~/work/security/openssl_build_master/bin/openssl pkeyutl -verify -sigfile signature.bin -in input.txt -rawin -pubin -inkey test.pub
84+
Signature Verified Successfully
85+
```

0 commit comments

Comments
 (0)