Ed25519 CSR -- bug or an unimplemented feature?


I created a CSR request using GNUTLS with a ed25519 private key. I am getting:
An unexpected error occurred:
The request message was malformed :: Invalid key in certificate request :: unknown key type %!s()
Please see the logfiles in /var/log/letsencrypt for more details.
“type”: “urn:acme:error:malformed”,
“detail”: “Invalid key in certificate request :: unknown key type %!s(\u003cnil\u003e)”,
“status”: 400
Is this a bug or an unimplemented feature?


EdDSA certificates are not really standardized or ready yet:

The reason that the error looks a bit funny is that the line of code that produces it has a mistake:

return berrors.MalformedError("unknown key type %s", reflect.TypeOf(key))

That %s should probably be %v.

e: opened a PR, but I noticed that the same problem seems to exists in vendored square/go-jose, not sure whether that problem is exposed in Boulder though.


@_az You’re probably correct. Will you open an issue for that line? https://github.com/letsencrypt/boulder/blob/a6597b9f120207eff192c3e4107a7e49972a0250/goodkey/good_key.go#L82

Update: the PR mentionned by @jsha: https://github.com/letsencrypt/boulder/pull/4138


Thanks for the bug report @str255, and for the PR @_az. To add a little detail: Ed25519 isn’t really ready for certificates (which is the use case described here), but for I believe it’s fully spec’ed out for use in JWK, and is a SHOULD in ACME (https://tools.ietf.org/html/rfc8555#page-12). However, Boulder doesn’t yet support it and it isn’t on an immediate roadmap.


It actually is: https://tools.ietf.org/html/rfc8410#section-10.2

Ed25519 is the algorithm for EdDSA, which can be used, in theory, for X509 certificates.

Unless with “ready” you mean the whole CA/B forum details. If so, you’re totally right of course, we aren’t that far yet.


Yep, I meant with regards to browser implementation and CA/Browser Forum Baseline Requirements. Thanks for the clarification!