"Normal" Weirstrass curves like NIST P-256, which are used with Elliptic curve cryptography have a number of corner/edge cases which can make them slow, and also make implementations more difficult which can lead to implementations vulnerabilties.
Curve25519 was developed by Daniel J Bernstein in 2006. Edward Twisted Curve 25519. There are several benifits to using ed25519 like higher performance, smaller private key and public keys, simpler to implemement, resistant to timing attacks.
The prime used is 2²⁵⁵-19 (which I think is where the number in the name of this curve comes from).
Signatures can fit into 64 bytes.
$ openssl genpkey -algorithm ED25519 -out test.pem$ openssl pkey -in test.pem -text
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEIMa3vX1jnn7GD98BgrTjiY31PJcF+PEFjTk3rDFkQm3F
-----END PRIVATE KEY-----
ED25519 Private-Key:
priv:
c6:b7:bd:7d:63:9e:7e:c6:0f:df:01:82:b4:e3:89:
8d:f5:3c:97:05:f8:f1:05:8d:39:37:ac:31:64:42:
6d:c5
pub:
86:0c:72:0a:40:fc:f8:ff:fb:99:94:88:11:2a:ea:
d4:7a:b4:7a:46:ae:8e:b0:e8:db:d7:fa:af:33:81:
3f:24And we can inspect the asn1 format using the following command:
$ openssl asn1parse -i -in test.pem
0:d=0 hl=2 l= 46 cons: SEQUENCE
2:d=1 hl=2 l= 1 prim: INTEGER :00
5:d=1 hl=2 l= 5 cons: SEQUENCE
7:d=2 hl=2 l= 3 prim: OBJECT :ED25519
12:d=1 hl=2 l= 34 prim: OCTET STRING [HEX DUMP]:0420C6B7BD7D639E7EC60FDF0182B4E3898DF53C9705F8F1058D3937AC3164426DC5We can see that the public key is not in there but instead it gets generated by
the pkey command, and if we think back at EC this should just be taking the
generator point added to it self, private key (integer) number of times.
The OBJECT :ED25519 is the
object identifier, 1.3.101.112.
$ openssl pkey -in test.pem -pubout -out test.pub
$ cat test.pub
-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEAhgxyCkD8+P/7mZSIESrq1Hq0ekaujrDo29f6rzOBPyQ=
-----END PUBLIC KEY-----
$ openssl asn1parse -i -in test.pub
0:d=0 hl=2 l= 42 cons: SEQUENCE
2:d=1 hl=2 l= 5 cons: SEQUENCE
4:d=2 hl=2 l= 3 prim: OBJECT :ED25519
9:d=1 hl=2 l= 33 prim: BIT STRING This is in spki format.
$ export LD_LIBRARY_PATH=~/work/security/openssl_build_master/lib64/:$LD_LIBRARY_PATH
$ ~/work/security/openssl_build_master/bin/openssl pkeyutl -in input.txt -sign -rawin -inkey test.pem > signature.binThe signature consists of two 256 bit numbers, R and S
$ cat signature.bin | xxd
00000000: 394a a651 4ac4 d053 cf9a 7431 71d3 5cf3 9J.QJ..S..t1q.\.
00000010: c5b7 c2d1 1e15 5002 d73c ebbe b7a7 aa6c ......P..<.....l
00000020: a218 734f 2f38 c3d9 d860 5863 21ef 3a0f ..sO/8...`Xc!.:.
00000030: 1bd9 62de a38c 0323 35b7 31ab 159d 9805 ..b....#5.1.....We can verify this (using the public key):
$ ~/work/security/openssl_build_master/bin/openssl pkeyutl -verify -sigfile signature.bin -in input.txt -rawin -pubin -inkey test.pub
Signature Verified Successfully