Ed25519 private keys can be generated by doing openssl genpkey -algorithm ed25519 -outform PEM -out private.pem. My question is... using OpenSSL is there a way to get the public key from the private key?
With RSA private keys you can do openssl rsa -in private.pem -pubout. That gives a key that corresponds to SubjectPublicKeyInfo in RFC5280 (at least it did for me).
But how could I get a similar public key for Ed25519 keys? I guess I could generate a CSR with the private key and get it from the CSR but that seems like a lot of work. Certainly it's a lot more work then running a single command...
1 Answer
The formatting is identical to the RSA command, but uses the pkey command instead:
openssl pkey -in private.pem -pubout
-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEABhjHE6AOa33q2JGlVk9OjICRp2S6d9nUJh0Xr6PUego=
-----END PUBLIC KEY-----You can also do this to view the algorithm that was detected from the private key file, as well as the raw bytes of the keys:
openssl pkey -in private.pem -pubout -text
-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEABhjHE6AOa33q2JGlVk9OjICRp2S6d9nUJh0Xr6PUego=
-----END PUBLIC KEY-----
ED25519 Private-Key:
priv: 55:a9:89:ff:76:ae:c9:4f:51:dd:ee:63:80:a5:ae: e7:4a:e9:1d:a6:99:85:a3:09:38:04:a7:12:1c:10: 7b:71
pub: 06:18:c7:13:a0:0e:6b:7d:ea:d8:91:a5:56:4f:4e: 8c:80:91:a7:64:ba:77:d9:d4:26:1d:17:af:a3:d4: 7a:0a