Sample code for 30+ languages & platforms
Tcl

Get Ed25519 Key in Different Formats

See more Ed25519 Examples

Demonstrates how to get/save an Ed25519 private key to different formats.

Converting a private key from one format to another is done by loading in one format and saving/getting in another.

Note: This example requires Chilkat v9.5.0.83 or greater.

Chilkat Tcl Downloads

Tcl

load ./chilkat.dll

set success 0

# This example assumes the Chilkat API to have been previously unlocked.
# See Global Unlock Sample for sample code.

set eddsa [new_CkEdDSA]

set prng [new_CkPrng]

set privKey [new_CkPrivateKey]

# Generates a new ed25519 key and stores it in privKey.
set success [CkEdDSA_GenEd25519Key $eddsa $prng $privKey]
if {$success == 0} then {
    puts [CkEdDSA_lastErrorText $eddsa]
    delete_CkEdDSA $eddsa
    delete_CkPrng $prng
    delete_CkPrivateKey $privKey
    exit
}

# ----------------------------------------------------------
# Ed25519 PKCS1 format
# 
# This is the format created by:  openssl genpkey -algorithm X25519 -out xkey.pem
set pkcs1Base64 [CkPrivateKey_getPkcs1ENC $privKey "base64"]
puts "$pkcs1Base64"

# Sample output:  MC4CAQAwBQYDK2VuBCIEIB1mwirs+eC6XGbkjPIiZyBwQ7768uSd9v5PHOLFbIXo

# PKCS1 is a binary ASN.1 DER format.  You can examine the contents with two online tools:
# 1) Go to ASN.1 Decoder  and paste the base64 into the online form.
# 2) Or Decode Base64 ASN.1 to XML 

# The PKCS1 ASN.1 format for an Ed25519 key look like this:
#   SEQUENCE
#     INTEGER 0
#     SEQUENCE
#       OBJECT IDENTIFIER 1.3.101.110 curveX25519 (ECDH 25519 key agreement algorithm)
#     OCTET STRING 
#       OCTET STRING (32 byte) 1D66C...

# Save it directly to a file.
set success [CkPrivateKey_SavePkcs1File $privKey "qa_output/ed25519.key"]

# ----------------------------------------------------------
# Ed25519 Unencrypted PKCS8 format
# 
# For ed25519, the ASN.1 output is the same as for PKCS1.
set pkcs8Base64 [CkPrivateKey_getPkcs8ENC $privKey "base64"]
puts "$pkcs8Base64"

# PKCS8 is a binary ASN.1 DER format.  You can examine the contents with two online tools:
# 1) Go to ASN.1 Decoder  and paste the base64 into the online form.
# 2) Or Decode Base64 ASN.1 to XML 

# ----------------------------------------------------------
# Ed25519 Encrypted PKCS8 format
# 
# Note: The encrypted output cannot be examined using the above online tools because the ASN.1 is encrypted.
set password "secret"
set pkcs8EncBase64 [CkPrivateKey_getPkcs8EncryptedENC $privKey "base64" $password]
puts "$pkcs8EncBase64"

# ----------------------------------------------------------
# Ed25519 in PEM format:
# 
set ed25519Pem [CkPrivateKey_getPkcs1Pem $privKey]
puts "$ed25519Pem"

# Sample output:

# -----BEGIN PRIVATE KEY-----
# MC4CAQAwBQYDK2VuBCIEIOKPhbULJagBAi7hbRdn1f4AAzh1RqqCHqCAvau7N6yO
# -----END PRIVATE KEY-----

# ----------------------------------------------------------
# Ed25519 in JWK Format
# 
set jwk [CkPrivateKey_getJwk $privKey]

set json [new_CkJsonObject]

CkJsonObject_Load $json $jwk
CkJsonObject_put_EmitCompact $json 0
puts [CkJsonObject_emit $json]

# Sample output:
# {
#   "kty": "OKP",
#   "crv": "Ed25519",
#   "x": "SE2Kne5xt51z1eciMH2T2ftDQp96Gl6FhY6zSQujiP0",
#   "d": "O-eRXewadF0sNyB0U9omcnt8Qg2ZmeK3WSXPYgqe570",
#   "use": "sig"
# }

# In the above JWK, x is the public key, y is the private key.
# Both are 32 bytes and are base64-url encoded.

# ----------------------------------------------------------
# Ed25519 in XML Format
# 
set ed25519_xml [CkPrivateKey_getXml $privKey]
puts "$ed25519_xml"

# Sample output:  <Ed25519KeyValue>w4b/gI0zgYKgjtfWLjNfc4issmP7Qap84uesYNgEefP/WoY3jNOhOzgTYsMtOnuyGn3MdA4NZtsUXVNI1NiTlA==</Ed25519KeyValue>

# The base64 content is composed of the concatenation of the 32-byte private key with the 32-byte public key and then base64 encoded.
# In other words:  Base64(privKey || pubKey)

# ----------------------------------------------------------
# Ed25519 in Raw Hex Format
# 
set sbPubKeyHex [new_CkStringBuilder]

set privKeyHex [CkPrivateKey_getRawHex $privKey $sbPubKeyHex]

# We should have a 32-byte private key (a 64 character hex string).
puts "private key = $privKeyHex"

# We should have a 32-byte public key (a 64 character hex string).
puts "public key = [CkStringBuilder_getAsString $sbPubKeyHex]"

# Sample output:
# key type = ed25519
# size in bits = 256
# private key = d4ee72dbf913584ad5b6d8f1f769f8ad3afe7c28cbf1d4fbe097a88f44755842
# public key = 19bf44096984cdfe8541bac167dc3b96c85086aa30b6b6cb0c5c38ad703166e1

delete_CkEdDSA $eddsa
delete_CkPrng $prng
delete_CkPrivateKey $privKey
delete_CkJsonObject $json
delete_CkStringBuilder $sbPubKeyHex