You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I am testing this crate (v1.2.0) using a ED25519 key pair generated by OpenSSL 1.1.1o FIPS 3 May 2022, and checking for correct DH shared secret generation against a x25519_dalek::EphemeralSecret based key pair.
The issue I am seeing is that starting from the private key generated by OpenSSL, the pubic key generated by PublicKey::from for that private key is different from what OpenSSL generated. Am I using the APIs correctly? What is the correct way to use existing key pairs?
// Parse existing private keylet alice_priv_key = pkcs8::KeypairBytes::from_pkcs8_pem(PRIV_KEY).unwrap();// Parse existing public keylet alice_pub_key = pkcs8::PublicKeyBytes::from_public_key_pem(PUB_KEY).unwrap();// Define Alice's ed25519 pairlet alice_secret = StaticSecret::from(alice_priv_key.secret_key);let alice_public = PublicKey::from(&alice_secret);let parsed_existing_public = PublicKey::from(alice_pub_key.to_bytes());// This should not failassert_eq!(alice_public.to_bytes()[..], parsed_existing_public.to_bytes()[..]);
The complete test code
#[cfg(test)]mod tests {fninit(){let _ = env_logger::builder().is_test(true).try_init();}/* Creating the ED25519 key pairs $ openssl genpkey -algorithm ED25519 > private.pem $ openssl pkey -outform PEM -pubout -in private.pem > public.pem */staticPUB_KEY:&str = "-----BEGIN PUBLIC KEY-----MCowBQYDK2VwAyEADOuQ5lqOanpHOtLV2gqqcYuYkJrdpNueHJ7M9ejY3M0=-----END PUBLIC KEY-----";staticPRIV_KEY:&str = "-----BEGIN PRIVATE KEY-----MC4CAQAwBQYDK2VwBCIEINLDN5YuEgo6Z5G+ww0kTv33KyQrPN1O+vdeet74+cVm-----END PRIVATE KEY-----";mod test_ed25519_dh {use ed25519::pkcs8;use ed25519::pkcs8::{DecodePrivateKey,DecodePublicKey,EncodePublicKey};use rand_core::OsRng;use x25519_dalek::StaticSecret;use x25519_dalek::{EphemeralSecret,PublicKey};#[test]fntest_ed25519_dh(){super::init();// Parse existing private keyletmut alice_priv_key = pkcs8::KeypairBytes::from_pkcs8_pem(super::PRIV_KEY).unwrap();// Parse existing public keylet alice_pub_key = pkcs8::PublicKeyBytes::from_public_key_pem(super::PUB_KEY).unwrap();// Define Alice's ed25519 pairlet alice_secret = StaticSecret::from(alice_priv_key.secret_key);let alice_public = PublicKey::from(&alice_secret);// Dump the generated public key to stdout
alice_priv_key.public_key = Some(alice_public.to_bytes());let alice_public_other_form = pkcs8::PublicKeyBytes::try_from(&alice_priv_key).unwrap();
log::debug!("Alice generated public key as PEM:\n{}",
alice_public_other_form
.to_public_key_pem(base64ct::LineEnding::LF)
.unwrap());/* This is not what OpenSSL generated, shown in PUB_KEY -----BEGIN PUBLIC KEY----- MCowBQYDK2VwAyEAUSd2eTv0CdgCpnccB3re+kxjo9miMQV9Di9SFHc/PQ4= -----END PUBLIC KEY----- */let parsed_existing_public = PublicKey::from(alice_pub_key.to_bytes());// This should not failassert_eq!(
alice_public.to_bytes()[..],
parsed_existing_public.to_bytes()[..]);// Create Bob's ed25519 pairlet bob_secret = EphemeralSecret::new(OsRng);let bob_public = PublicKey::from(&bob_secret);// Define the shared secretslet alice_shared_secret = alice_secret.diffie_hellman(&bob_public);let bob_shared_secret = bob_secret.diffie_hellman(&alice_public);assert_eq!(
alice_shared_secret.as_bytes()[..],
bob_shared_secret.as_bytes()[..]);}}}
The text was updated successfully, but these errors were encountered:
I am testing this crate (
v1.2.0
) using a ED25519 key pair generated byOpenSSL 1.1.1o FIPS 3 May 2022
, and checking for correct DH shared secret generation against ax25519_dalek::EphemeralSecret
based key pair.The issue I am seeing is that starting from the private key generated by OpenSSL, the pubic key generated by
PublicKey::from
for that private key is different from what OpenSSL generated. Am I using the APIs correctly? What is the correct way to use existing key pairs?The complete test code
The text was updated successfully, but these errors were encountered: