Skip to content
Advertisement

How to create an OpenSSH compatible ED25519 key with Bouncy Castle?

How can you create an OpenSSH ED25519 private key that can be used for SSH? The goal would be to have a key file in the same format same like you would have in .ssh/id_ed25519 for your OpenSSH client.

This is my current approach, which does not create a compatible:

JavaScript

The output looks like this:

JavaScript

.. but is unfortunately not accepted by SSH.

Advertisement

Answer

Using “Curve25519” that way gives it to you in the short Weierstrass form used by X9; this is not usable for Ed25519, which is defined to use twisted-Edwards form. Moreover cramming it through JCA’s unfortunate ECParameterSpec class gives the original X9-defined ‘explicit’ representation which is now obsolete and almost never used even for algorithms which do use Weierstrass curves. As a result the data you create is not correct for PEM type OPENSSH PRIVATE KEY; it is valid for OpenSSL’s ‘traditional’ PEM type EC PRIVATE KEY, and OpenSSL (which does still support, though not prefer, “param_enc explicit”) is able to read that content with that type, though it can’t be used to interoperate with anything else.

You need to either use JCA with algorithm “ED25519” (not “EC” “ECDSA” “ECDH” “ECMQV” etc which are all X9/SECG) something like this:

JavaScript

or since you’re already dependent on Bouncy use the lightweight API:

JavaScript
Advertisement