OpenSSL generate ED25519 keypair C++

Question

i want to create a x509 certificate and self-sign it with a eddsa(ed25519) private key!

So I tried the following example from the documentation: https://www.openssl.org/docs/man1.1.1/man7/Ed25519.html

EVP_PKEY* server::generate_privatekey()
{
   EVP_PKEY *pkey = NULL;
   EVP_PKEY_CTX *pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519, NULL);

   if(EVP_PKEY_keygen_init(pctx) <= 0){
       std::cout << "keygen init fail\n" << std::endl;
   }
   
   //EVP_PKEY_CTX_set_ec_paramgen_curve_nid(ctx, NID_ED25519); 
   //gives return value -1 in combination with EVP_PKEY_CTX_new_id(EVP_PKEY_EC , NULL); 
   //EVP_PKEY_EC != eddsa (ecdsa/ecdh only?)
   //gives return value 0 in combination with EVP_PKEY_CTX_new_id(EVP_PKEY_ED25519 , NULL);

   if(EVP_PKEY_keygen(pctx, &pkey) <= 0){
       std::cout << "keygen fail\n" << std::endl;
   }

   //////////KEYPAIR CHECK///////////
   int chk = EVP_PKEY_check(pctx);

   if(chk == 1){
       std::cout << "key pair valid: " << chk << std::endl;
   }
   else if(chk == -2){
       std::cout << "algorithm not supported: " << chk << std::endl;
   }
   else{
       std::cout << "keypair error: " << chk << std::endl;
   }
   //////////////////////////////////

   EVP_PKEY_CTX_free(pctx);

   return pkey;
}

https://www.openssl.org/docs/man1.1.1/man3/EVP_PKEY_check.html

EVP_PKEY_check() gives return value 0 ("keypair error") !

EVP_PKEY_public_check() is same result.

I think that's why I get X509_sign() an return value 0 (failure):

string server::Generate_x509(EVP_PKEY* pkey)
{
   //////////////////////////////////////////////////////
   //set expiration = 10 years
   time_t exp;
   time(&exp);
   exp += 315360000;

   //create x509 structure
   X509* x509= X509_new();

   //set serial to 420
   if(ASN1_INTEGER_set(X509_get_serialNumber(x509), 420) == 0){
       std::cout << "asn1 set serial number fail\n" << std::endl;
   }

   //set start & expiration time
   if(X509_time_adj_ex(X509_getm_notBefore(x509), 0, 0, 0) == NULL){
       std::cout << "set time fail\n" << std::endl;
   }

   if(X509_time_adj_ex(X509_getm_notAfter(x509), 0, 0, &exp) == NULL){
       std::cout << "set end time fail\n" << std::endl;
   }

   //set public key
   if(X509_set_pubkey(x509, pkey) == 0){
       std::cout << "set pubkey fail\n" << std::endl;
   }

   //sign certificate with private key
   if(X509_sign(x509, pkey, EVP_sha512()) == 0){
       std::cout << "sign fail\n" << std::endl;
       return "Creating certificate failed...\n";
   }

   FILE*f;

   f = fopen("key.pem", "wb");

   PEM_write_PrivateKey(
       f,                          /* write the key to the file we've opened */
       pkey,                       /* our key from earlier */
       EVP_aes_256_cbc(),          /* default cipher for encrypting the key on disk */
       (unsigned char*)"aaa",      /* passphrase required for decrypting the key on disk */
       3,                          /* length of the passphrase string */
       NULL,                       /* callback for requesting a password */
       NULL                        /* data to pass to the callback */
   );
   fclose(f);

   f = fopen("cert.pem", "wb");
   PEM_write_X509(
       f,   /* write the certificate to the file we've opened */
       x509 /* our certificate */
   );
   fclose(f);

   return "Certificate created succesfully\n";
}

Everything works fine with generated RSA Key.

This example also works, but not with my parameters (See code above):

Using only 1 EVP_PKEY while generating EC keys using OpenSSL 1.1

Im using OpenSSL v1.1.1i

i hope this question isn't too stupid..

best regards

Answer 1

Posting in case anyone stumbling here has the same issue. I was able to solve this by setting the digest in X509_sign to NULL.

It doesn't specify it in the X509_sign documentation, however in the Ed25519 documentation it specifies the following:

a digest must NOT be specified when signing or verifying

Working code:

if (X509_sign(x509, pkey, NULL) {
    // failure...
}