Import/export in raw format of Ed25519 private keys

[vlovich]

The spec is a little ambiguous with respect to how raw Ed25519 import/export should be handled. NodeJS allows raw import/export of Ed25519 private keys. I can't tell if this is an erratum in their implementation or an intentional difference from how ECDSA/ECDH work (no raw export for private keys). Similarly, the wording in the explainer document is awkwardly worded, at least to my reading.

For key serialization and deserialization, the supported formats include the raw format for X25519 public keys as an array of raw bytes, as well as the SPKI, the PKCS#8, and the JWK formats for the public or/and the private X25519 or Ed25519 keys.

Since raw is explicitly excluded as a X25519 thing, does this mean that the raw format isn't supported for Ed25519?

[armfazh]

As was mentioned above, both ECDH and ECDSA signatures prevent from exporting private keys in raw format. This requirement could be extended to X25519, X448, ED25519, Ed448, if they are considered to be added in the standard.

[guest271314]

Am I missing something or is Node.js implementation of Ed25519 exclusive to Node.js? I have been trying to substitute Web Cryptography and/or polyfill code for node:crypto yet keep getting errors.

[vlovich]

It's also available on Cloudflare Workers/workerd.

https://github.com/cloudflare/workerd/blob/fbf4764e0d131eab0898c0b48685415eecda662d/src/workerd/api/crypto.c%2B%2B#L119

[guest271314]

@vlovich FWIW This is what I wound up doing using Web Cryptography API. The same code works using node, deno, and bun.

Generate private and public keys: https://github.com/guest271314/webbundle/blob/main/generateWebCryptoKeys.js

import { writeFileSync } from "node:fs";
import { webcrypto } from "node:crypto";
const algorithm = { name: "Ed25519" };
const encoder = new TextEncoder();
const cryptoKey = await webcrypto.subtle.generateKey(
  algorithm,
  true, /* extractable */
  ["sign", "verify"],
);
const privateKey = JSON.stringify(
  await webcrypto.subtle.exportKey("jwk", cryptoKey.privateKey),
);
writeFileSync("./privateKey.json", encoder.encode(privateKey));
const publicKey = JSON.stringify(
  await webcrypto.subtle.exportKey("jwk", cryptoKey.publicKey),
);
writeFileSync("./publicKey.json", encoder.encode(publicKey));

Import private and public keys: https://github.com/guest271314/webbundle/blob/main/index.js#L11-L29

const privateKey = fs.readFileSync("./privateKey.json");
const publicKey = fs.readFileSync("./publicKey.json");
// https://github.com/tQsW/webcrypto-curve25519/blob/master/explainer.md
const cryptoKey = {
  privateKey: await webcrypto.subtle.importKey(
    "jwk",
    JSON.parse(decoder.decode(privateKey)),
    algorithm.name,
    true,
    ["sign"],
  ),
  publicKey: await webcrypto.subtle.importKey(
    "jwk",
    JSON.parse(decoder.decode(publicKey)),
    algorithm.name,
    true,
    ["verify"],
  ),
};