Is “Ed25519” what you need? It’s not available in JDK 11. See https://bugs.openjdk.java.net/browse/JDK-8199231.
—Max > On Aug 28, 2020, at 9:55 AM, Anders Rundgren <[email protected]> > wrote: > > On 2020-08-28 15:41, Weijun Wang wrote: >> What version of java are you using and what’s your command to generate the >> key pair? > > Hi Max, > > While waiting for JDK 15, I'm currently using JDK11 and BC but the question > is really about the Signature object specification. > > KeyPairGenerator kpg = KeyPairGenerator.getInstance("X25519") > KeyPair kp = kpg.generateKeyPair(); > > A self-signed X25519 certificate would require that a X25519 key is useful as > a signature key. > > Note: I'm not proposing such a feature, I'm just trying to understand :) > > Regards, > Anders >> Thanks, >> Max >>> On Aug 28, 2020, at 7:03 AM, Anders Rundgren >>> <[email protected]> wrote: >>> >>> Hi Crypto Experts, >>> >>> Please pardon my ignorance regarding curve25519, but I ran into problems >>> [*] trying to recreate the sample certificate: >>> https://urldefense.com/v3/__https://tools.ietf.org/html/rfc8410*section-10.2__;Iw!!GqivPVa7Brio!OMTnVBdbrt8MuV8YwHsti8iuWLk2QE3C6FGAQeBoMJj9pIBQiRO6cbcSLzY8F_90TQ$ >>> >>> It seems that the certificate is signed with a key intended for ECDH. >>> Question: is Java's "Signature" object supposed to accept X25519 keys? >>> >>> Personally I don't see any use of a self-signed encryption certificate so >>> maybe this is just a bad example...kind of edge case. >>> >>> Regards, >>> Anders Rundgren >>> >>> *] java.security.InvalidKeyException: cannot identify EdDSA private key >
