> On Nov 17, 2021, at 16:49, Michael Wojcik <michael.woj...@microfocus.com> > wrote: > >> From: Michael Wojcik >> Sent: Wednesday, 17 November, 2021 14:22 >> To: openssl-users@openssl.org >> Subject: RE: “EC PUBLIC KEY” >> >>> From: openssl-users <openssl-users-boun...@openssl.org> On Behalf Of >> Billy >>> Brumley >>> Sent: Wednesday, 17 November, 2021 12:40 >>> To: openssl-users@openssl.org >>> Subject: Re: “EC PUBLIC KEY” >>> >>> That's an ed25519 key. Not an ECC key. They are different formats, at >>> both the OID and asn1 structure levels. >> >> Oh, of course you're right. Apologies. > > Further on this, I'd like to know where the OP got a file with a "BEGIN EC > PUBLIC KEY" header. Various discussions elsewhere (including one from this > list in 2017) cast doubt on the existence of any such beast. > > The PEM header "BEGIN EC PRIVATE KEY" is used by the OpenSSL "traditional" > format for EC private keys. EC private keys in PKCS#8 format (in PEM format) > use "BEGIN PRIVATE KEY" because PKCS#8 includes metadata about the key type. > > Public keys all use "BEGIN PUBLIC KEY" (in PEM format) because, if I > understand correctly, they're all in SPKI (SubjectPublicKeyInfo) format, as > specified in RFC 5280 (PKIX Certificate and CRL Profile); and SPKI also > includes key-type metadata. > > If someone does have a file with a "BEGIN EC PUBLIC KEY" PEM header, it would > be interesting to see it, or at least the output from openssl asn1parse, and > to know where it came from.
It came from my own (very incomplete) crypto implementation. (https://github.com/FGasper/p5-Crypt-Perl) It looks like I just had the wrong idea about EC public keys back-when. Funny thing is that the “EC PUBLIC KEY” that I was outputting is the same structure as a normal SPKI ECC public key; I just had the wrong header (and, when parsing, thought there were 2 formats to check for). Thank you, all! -FG
