Hello, Is it possible to sign/verify data with the ed25519 keys of a tinc 1.1 host? More specifically, is it possible to sign a file with these keys using openssl? If so, how? If not, what program could be used, and how? Thanks and cheers, @
On Tue, Jan 26, 2016 at 07:35:10PM +0100, Anton Voyl wrote:> Is it possible to sign/verify data with the ed25519 keys of a tinc 1.1 host?In principle yes, but tinc does not offer a way to do that. Also, reusing a key for another purpose is not recommended. What do you want to do exactly?> More specifically, is it possible to sign a file with these keys using openssl? If so, how? If not, what program could be used, and how?No, because OpenSSL does not support Ed25519 keys. I don't know which tool can. Also, even though it looks like PEM encoding, the ed25519.priv file is actually just a base64 encoded dump of the raw key, there's no ASN.1 involved. I don't know if there is a standard for Ed25519 key formats. Even OpenSSH's id_ed25519 files don't contain valid ASN.1. -- Met vriendelijke groet / with kind regards, Guus Sliepen <guus at tinc-vpn.org> -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 819 bytes Desc: Digital signature URL: <http://www.tinc-vpn.org/pipermail/tinc/attachments/20160126/b8f84a80/attachment.sig>
My intention was to sign the content of export-all with the nodes' public key, which would require the corresponding private key to verify. Does this make sense ? @> Le 26 janv. 2016 ? 20:19, Guus Sliepen <guus at tinc-vpn.org> a ?crit : > >> On Tue, Jan 26, 2016 at 07:35:10PM +0100, Anton Voyl wrote: >> >> Is it possible to sign/verify data with the ed25519 keys of a tinc 1.1 host? > > In principle yes, but tinc does not offer a way to do that. Also, > reusing a key for another purpose is not recommended. What do you want > to do exactly? > >> More specifically, is it possible to sign a file with these keys using openssl? If so, how? If not, what program could be used, and how? > > No, because OpenSSL does not support Ed25519 keys. I don't know which > tool can. > > Also, even though it looks like PEM encoding, the ed25519.priv file > is actually just a base64 encoded dump of the raw key, there's no ASN.1 > involved. I don't know if there is a standard for Ed25519 key formats. > Even OpenSSH's id_ed25519 files don't contain valid ASN.1. > > -- > Met vriendelijke groet / with kind regards, > Guus Sliepen <guus at tinc-vpn.org> > _______________________________________________ > tinc mailing list > tinc at tinc-vpn.org > http://www.tinc-vpn.org/cgi-bin/mailman/listinfo/tinc