PEM_write_ed25519
Damien Miller
djm at mindrot.org
Fri May 17 12:28:21 AEST 2024
On Thu, 16 May 2024, Anabelle VanDenburgh wrote:
> For no particular reason, i'm looking to convert my ed25519 private key to
> pem. A user on stackoverflow suggested running `ssh-keygen -p -f
> path/to/your/key -m pem` [^1], which errors, printing `do_convert_to_pem:
> unsupported key type ED25519`. Looking at the corresponding line in source, it
> seems that only RSA, DSA, & ECDSA keys can be converted to pem.[^2] With new
> keys defaulting to ED25519 as of [1.471][^3], are there plans to add support
> for exporting ed25519 to pem?
Nobody has asked before, so it wasn't planned. It will probably be trivial
to implement once https://github.com/djmdjm/openssh-wip/pull/27 is merged.
BTW if your keys have passphrases then the PEM format is usually weaker
than OpenSSH's native private key format. The OpenSSH format uses a
KDF (key derivation function) that is considerably more resistant to
offline cracking that anything that was available in PEM*
-d
* at least when I last checked.
More information about the openssh-unix-dev
mailing list