> # Generate a new Ed25519 key pair: > $ openssl genpkey -algorithm ed25519 -out ed25519-key.pem > > # Extract its public key: > $ openssl pkey -in ed25519-key.pem -pubout ed25519-key-public.pem > > # Confirm the public key: > $ openssl pkey -pubin -in ed25519-key-public.pem > > This uses the PEM header "BEGIN PUBLIC KEY", but it's an ECC public key in > PEM format.
That's an ed25519 key. Not an ECC key. They are different formats, at both the OID and asn1 structure levels. > This version of OpenSSL doesn't recognize "BEGIN EC PUBLIC KEY", but it'd be > trivial to script copying the key to a temporary file and editing the PEM > header and footer. I don't think that's what's happening here. They are likely different formats, when you look at the asn1 structure. BBB
