Hello. Thanks to Hanno Böck (known from ossec and more) i was pointed to my falsely published ED25519 DKIM key. Until now that simply was the complete ED25519 public key, just like for RSA, instead of extracting the actual "bitstring data" from the standardized ASN.1 container, which starts at offset 16 (or -offset=12 if you use "openssl asn1parse -noout -out -" aka the binary blob).
I realize that RFC 8463 says repeatedly that the base64-encoded representation of an ED25519 key is 44 bytes, and that the examples go for this. Still there is no wording that the entire ASN.1 structure shall be thrown away. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) _______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim