PowerShell
PowerShell
Get Ed25519 Key in Different Formats
See more Ed25519 Examples
Demonstrates how to get/save an Ed25519 private key to different formats.Converting a private key from one format to another is done by loading in one format and saving/getting in another.
Note: This example requires Chilkat v9.5.0.83 or greater.
Chilkat PowerShell Downloads
Add-Type -Path "C:\chilkat\ChilkatDotNet47-x64\ChilkatDotNet47.dll"
$success = $false
# This example assumes the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.
$eddsa = New-Object Chilkat.EdDSA
$prng = New-Object Chilkat.Prng
$privKey = New-Object Chilkat.PrivateKey
# Generates a new ed25519 key and stores it in privKey.
$success = $eddsa.GenEd25519Key($prng,$privKey)
if ($success -eq $false) {
$($eddsa.LastErrorText)
exit
}
# ----------------------------------------------------------
# Ed25519 PKCS1 format
#
# This is the format created by: openssl genpkey -algorithm X25519 -out xkey.pem
$pkcs1Base64 = $privKey.GetPkcs1ENC("base64")
$($pkcs1Base64)
# Sample output: MC4CAQAwBQYDK2VuBCIEIB1mwirs+eC6XGbkjPIiZyBwQ7768uSd9v5PHOLFbIXo
# PKCS1 is a binary ASN.1 DER format. You can examine the contents with two online tools:
# 1) Go to ASN.1 Decoder and paste the base64 into the online form.
# 2) Or Decode Base64 ASN.1 to XML
# The PKCS1 ASN.1 format for an Ed25519 key look like this:
# SEQUENCE
# INTEGER 0
# SEQUENCE
# OBJECT IDENTIFIER 1.3.101.110 curveX25519 (ECDH 25519 key agreement algorithm)
# OCTET STRING
# OCTET STRING (32 byte) 1D66C...
# Save it directly to a file.
$success = $privKey.SavePkcs1File("qa_output/ed25519.key")
# ----------------------------------------------------------
# Ed25519 Unencrypted PKCS8 format
#
# For ed25519, the ASN.1 output is the same as for PKCS1.
$pkcs8Base64 = $privKey.GetPkcs8ENC("base64")
$($pkcs8Base64)
# PKCS8 is a binary ASN.1 DER format. You can examine the contents with two online tools:
# 1) Go to ASN.1 Decoder and paste the base64 into the online form.
# 2) Or Decode Base64 ASN.1 to XML
# ----------------------------------------------------------
# Ed25519 Encrypted PKCS8 format
#
# Note: The encrypted output cannot be examined using the above online tools because the ASN.1 is encrypted.
$password = "secret"
$pkcs8EncBase64 = $privKey.GetPkcs8EncryptedENC("base64",$password)
$($pkcs8EncBase64)
# ----------------------------------------------------------
# Ed25519 in PEM format:
#
$ed25519Pem = $privKey.GetPkcs1Pem()
$($ed25519Pem)
# Sample output:
# -----BEGIN PRIVATE KEY-----
# MC4CAQAwBQYDK2VuBCIEIOKPhbULJagBAi7hbRdn1f4AAzh1RqqCHqCAvau7N6yO
# -----END PRIVATE KEY-----
# ----------------------------------------------------------
# Ed25519 in JWK Format
#
$jwk = $privKey.GetJwk()
$json = New-Object Chilkat.JsonObject
$json.Load($jwk)
$json.EmitCompact = $false
$($json.Emit())
# Sample output:
# {
# "kty": "OKP",
# "crv": "Ed25519",
# "x": "SE2Kne5xt51z1eciMH2T2ftDQp96Gl6FhY6zSQujiP0",
# "d": "O-eRXewadF0sNyB0U9omcnt8Qg2ZmeK3WSXPYgqe570",
# "use": "sig"
# }
# In the above JWK, x is the public key, y is the private key.
# Both are 32 bytes and are base64-url encoded.
# ----------------------------------------------------------
# Ed25519 in XML Format
#
$ed25519_xml = $privKey.GetXml()
$($ed25519_xml)
# Sample output: <Ed25519KeyValue>w4b/gI0zgYKgjtfWLjNfc4issmP7Qap84uesYNgEefP/WoY3jNOhOzgTYsMtOnuyGn3MdA4NZtsUXVNI1NiTlA==</Ed25519KeyValue>
# The base64 content is composed of the concatenation of the 32-byte private key with the 32-byte public key and then base64 encoded.
# In other words: Base64(privKey || pubKey)
# ----------------------------------------------------------
# Ed25519 in Raw Hex Format
#
$sbPubKeyHex = New-Object Chilkat.StringBuilder
$privKeyHex = $privKey.GetRawHex($sbPubKeyHex)
# We should have a 32-byte private key (a 64 character hex string).
$("private key = " + $privKeyHex)
# We should have a 32-byte public key (a 64 character hex string).
$("public key = " + $sbPubKeyHex.GetAsString())
# Sample output:
# key type = ed25519
# size in bits = 256
# private key = d4ee72dbf913584ad5b6d8f1f769f8ad3afe7c28cbf1d4fbe097a88f44755842
# public key = 19bf44096984cdfe8541bac167dc3b96c85086aa30b6b6cb0c5c38ad703166e1