I generate a ED25519 key using OpenSSL: openssl genpkey -algorithm ED25519 -out key_ed25519.pem After that I extracted the public key: openssl pkey -in key_ed25519.pem -pubout -out public_ed25519.pem And then I try to get the SSH public key to put on authorized_keys: ssh-keygen -i -m PKCS8 -f public_ed25519.pem The error was: do_convert_from_pkcs8: unsupported pubkey type 1087 So I think ssh-keygen can't convert a ED25519 public key. The expected result was something like: ssh-ed25519 AAAA... I found a tool called sshpk (https://www.npmjs.com/package/sshpk) which converts correctly: sshpk-conv public_ed25519.pem -t ssh The output is what I should expect.
Created attachment 3433 [details] support reading PKCS8 Ed25519 keys OpenSSH doesn't currently support reading or writing Ed25519 keys in any format other than the OpenSSH native key format. Not all libcrypto implementations support Ed25519 keys, in particular LibreSSL does not. This patch adds support for reading PKCS8 Ed25519 keys on recent OpenSSL, but it can't be upstreamed until LibreSSL supports these keys too.
*** Bug 3298 has been marked as a duplicate of this bug. ***
Patch providing basic support of Ed25519 keys via PKCS#11 tokens: https://github.com/openssh/openssh-portable/pull/230
Created attachment 3525 [details] hello moto
(In reply to Damien Miller from comment #1) > it can't be upstreamed until LibreSSL supports these > keys too. Should this be re-evaluated now that LibreSSL supports ed25519 with 3.7.0 released Dec 12, 2022? https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.7.0-relnotes.txt