RFC8410 (in)compatibility

Anders Rundgren anders.rundgren.net at gmail.com
Fri Aug 28 13:55:27 UTC 2020

On 2020-08-28 15:41, Weijun Wang wrote:
> What version of java are you using and what’s your command to generate the key pair?

Hi Max,

While waiting for JDK 15, I'm currently using JDK11 and BC but the question is really about the Signature object specification.

   KeyPairGenerator kpg = KeyPairGenerator.getInstance("X25519")
   KeyPair kp = kpg.generateKeyPair();

A self-signed X25519 certificate would require that a X25519 key is useful as a signature key.

Note: I'm not proposing such a feature, I'm just trying to understand :)

> Thanks,
> Max
>> On Aug 28, 2020, at 7:03 AM, Anders Rundgren <anders.rundgren.net at gmail.com> wrote:
>> Hi Crypto Experts,
>> Please pardon my ignorance regarding curve25519, but I ran into problems [*] trying to recreate the sample certificate:
>> https://tools.ietf.org/html/rfc8410#section-10.2
>> It seems that the certificate is signed with a key intended for ECDH.
>> Question: is Java's "Signature" object supposed to accept X25519 keys?
>> Personally I don't see any use of a self-signed encryption certificate so maybe this is just a bad example...kind of edge case.
>> Regards,
>> Anders Rundgren
>> *] java.security.InvalidKeyException: cannot identify EdDSA private key

More information about the security-dev mailing list