ED25519 support

[tambry]

1. openssl genpkey -algorithm ED25519 -out test.key
2. ruby -e "require 'openssl'; OpenSSL::PKey::EC.new('test.key')" fails with "invalid curve name"

The failure is somewhat expected as ED25519 keys aren't EC keys (they don't have a choice of curves) and this holds also for X25519, X448 and ED448.

This is preventing me from using an internal ED25519-based CA with Puppet.

Say I were interested in implementing them (or at least ED25519) would it be just appropriate to create more key types for each, analogous to the existing ones?

[rhenium]

Yes, OpenSSL handles Ed25519 separately in the EVP layer - EVP_PKEY_ED25519 vs EVP_PKEY_EC, so it doesn't belong to OpenSSL::PKey::EC.

Basic support for Ed25519 and X25519 is implemented by #370/#329 (please see the test code for Ed25519/X25519 example). It's currently only in master and not part of a release yet.

[marek22k]

When will it be part of the release?

[rhenium]

This is part of openssl v3.0.0.

https://github.com/ruby/openssl/blob/d36e6e5ef70917c5cb8f58a0c27f9eb6e583dc9a/History.md#notable-changes

[marek22k]

What am I doing wrong? It doesn't seem to be working somehow.

$openssl genpkey -algorithm ed25519 -out private.pem
$irb
3.1.2 :001 > require "openssl"
 => true 
3.1.2 :002 > OpenSSL::VERSION
 => "3.0.0" 
3.1.2> key = OpenSSL::PKey::EC.new File.read "test.pem"
(irb):4:in `initialize': incorrect pkey type: ED25519 (OpenSSL::PKey::DSAError)
        from (irb):4:in `new'                                                 
        from (irb):4:in `<main>'                                              
        from /home/bandura/.rvm/rubies/ruby-3.1.2/lib/ruby/gems/3.1.0/gems/irb-1.4.1/exe/irb:11:in `<top (required)>'                                         
        from /home/bandura/.rvm/rubies/ruby-3.1.2/bin/irb:25:in `load'        
        from /home/bandura/.rvm/rubies/ruby-3.1.2/bin/irb:25:in `<main>'

Ah, I see the problem:

$ruby -ropenssl -ve'puts OpenSSL::OPENSSL_VERSION, OpenSSL::OPENSSL_LIBRARY_VERSION'
ruby 3.1.2p20 (2022-04-12 revision 4491bb740a) [x86_64-linux]
OpenSSL 1.1.1n  15 Mar 2022
OpenSSL 1.1.1n  15 Mar 2022

[joshcooper]

I submitted #804 to allow requests to be signed using ED25519