EdDSA using PEM keys generated by OpenSSL Ed25519

[igor-davidov]

I needed interoperable private/public keypair to use with EdDSA and different languages (for JWT).
So I landed on Python first and used keys generated by OpenSSL

.\openssl.exe genpkey -algorithm ed25519 -out test-priv.pem
.\openssl.exe pkey -in test-priv.pem -pubout -out test-pub.pem

This works nice with python implementation PyJWT

Then I loaded this library and realized I should use Sodium like this

$keypair = sodium_crypto_sign_keypair();
$secret = sodium_crypto_sign_secretkey($keypair);
$public = sodium_crypto_sign_publickey($keypair);

This works fine with PHP.

How can I convert PEM keys to be compatible with binary output of Sodium?
Or is it possible to convert Sodium generated keys to PEM format?

I would appreciate you or anyones help on this! Thank you

p.s. I am thinking switching to ECDSA if this will help me find more support withing JWT libraries for different languages.

[lcobucci]

@igor-davidov I'm honestly clueless on how to make OpenSSL and libsodium to understand each other. I've found jedisct1/libsodium#963 that mentions a few interesting things.

Maybe @Slamdunk or even @jedisct1 can help out?

[igor-davidov]

Thank you - will take a look!

[jedisct1]

The easiest way to go would be to convert to the DER format. Once you get that, bytes 16 to 48 are the seed, that you can pass to crypto_sign_seed_keypair() to get the key pair.

[igor-davidov]

I figured out that OpenSSL private key has just an ASN.1 header on top - which can be removed to get raw byte data foolishly thinking I could use that one with this library.

What I figured out is that different systems have different implementations for producing ed25519 and they can be 32bit (openssl) and 64bit (sodium). Systems using different implementations cannot use keys between themselves.

Regretfully I have to choose another signing mechanism...

[igor-davidov]

I am satisfied with using ECDSA.
By the way - when doing Composer install "lcobucci\jwt\src\JwtFacade.php" was missing for some reason...

[Slamdunk]

I am satisfied with using ECDSA.

EdDSA keys are better 😉

@jedisct1 suggestion is easy:

$ openssl genpkey -algorithm ed25519 -out test-priv.pem
$ openssl pkey -in test-priv.pem -pubout -out test-pub.pem
$ openssl pkey -in test-priv.pem -outform DER | tail -c 32 > test-priv.binary
$ openssl pkey -pubin -in test-pub.pem -outform DER | tail -c 32 > test-pub.binary
$ cat <<'EOF' | php
<?php
var_dump(
    file_get_contents("test-pub.binary")
    ===
    sodium_crypto_sign_publickey(
        sodium_crypto_sign_seed_keypair(
            file_get_contents("test-priv.binary")
        )
    )
);
EOF

Standard input code:7:
bool(true)

when doing Composer install "lcobucci\jwt\src\JwtFacade.php" was missing for some reason

It's still unreleased

[igor-davidov]

Thanks @Slamdunk. From what I understand is that signing using Sodium generated keys won't correspond to signing using PEMs generated by OpenSSL. I was looking for platform that would allow me to manage signing process using one key pair.
For example if I produce OpenSSL keys and someone implements Sodium and sends me token I will validate it using OpenSSL as I have chosen that one. Correct me if I'm wrong and thanks for your time.

[Slamdunk]

From what I understand is that signing using Sodium generated keys won't correspond to signing using PEMs generated by OpenSSL.

That wouldn't make any sense, OpenSSL and Sodium operations are the same:

$ openssl pkeyutl -sign -inkey test-priv.pem -rawin -in /etc/hostname -out hostname-openssl-signature.binary
$ cat <<'EOF' | php
<?php
var_dump(
    file_get_contents("hostname-openssl-signature.binary")
    ===
    sodium_crypto_sign_detached(
        file_get_contents("/etc/hostname"),
        sodium_crypto_sign_secretkey(
            sodium_crypto_sign_seed_keypair(
                file_get_contents("test-priv.binary")
            )
        )
    )
);
EOF

Standard input code:9:
bool(true)

[igor-davidov]

I understand that Sodium vs OpenSSL are two Ed25519 implementations with NaCl implementation storing private scalar as part of private key - I understand they are same RFC implementation.

I will try and test it. Thank you again - for me Sodium documentation wasn't initially very helpful.

[igor-davidov]

This works with Sodium and OpenSSL key now. Thank you @Slamdunk !!

Generate keys

openssl genpkey -algorithm ed25519 -out test-priv.pem
openssl pkey -in test-priv.pem -pubout -out test-pub.pem
openssl pkey -in test-priv.pem -outform DER | tail -c 32 > test-priv.binary
openssl pkey -pubin -in test-pub.pem -outform DER | tail -c 32 > test-pub.binary

Note: You can also cut key using PHP on the fly.
$private_binary_der_key = file_get_contents($private_der_key_path, false, null, -32);

Sign JWT / Sodium / Lcobucci-JWT

$secretkey = sodium_crypto_sign_secretkey(
    sodium_crypto_sign_seed_keypair(
        file_get_contents('testkeys/test-priv.binary')
    )
);
$key   = InMemory::base64Encoded(
    base64_encode($secretkey)
);
$token = (new JwtFacade())->issue(
    new Eddsa(),
    $key,
    static fn (
        Builder $builder,
        DateTimeImmutable $issuedAt
    ): Builder => $builder
        ->issuedBy('https://api.my-awesome-app.io')
        ->permittedFor('https://client-app.io')
        ->expiresAt($issuedAt->modify('+10 minutes'))
);
print_r($token->toString());

Decode using PyJWT / OpenSSL PEM / Python

import jwt
with open("test-pub.pem","r") as f:
    public_key = f.read()
decoded = jwt.decode(encoded, public_key, audience="https://client-app.io", algorithms=["EdDSA"])
print(decoded)

Validate JWT / Sodium / Lcobucci-JWT
I thought this may help someone so I'm adding it to cover the whole process.

// get JWT string from previously generated $token using private key
$jwt = $token->toString();
// get public key from keypair 
$publickey = sodium_crypto_sign_publickey(
    sodium_crypto_sign_seed_keypair(
        file_get_contents('testkeys/test-priv.binary')
    )
);
$key = InMemory::base64Encoded(
    base64_encode($publickey)
);
$parsed_token = (new JwtFacade())->parse(
    $jwt,
    new Constraint\SignedWith(new Eddsa(), $key),
    new Constraint\StrictValidAt(
        new FrozenClock(new DateTimeImmutable())
    ),
    new Constraint\IssuedBy('https://api.my-awesome-app.io')
);
print_r($parsed_token->claims()->all());