EdDSA Keys and Signatures

The Edwards-curve Digital Signature Algorithm (EdDSA) scheme uses a variant of the Schnorr signature based on twisted Edwards curves. EdDSA is designed to be faster than existing digital signature schemes without sacrificing security. For more information, refer to RFC 8032: Edwards-Curve Digital Signature Algorithm (EdDSA).

EJBCA supports EdDSA signature keys and you can create a Certificate Authority (CA) using EdDSA keys both using the EJBCA Admin UI and the CLI (bin/ejbca.sh ca init). For more information, see Managing CAs.

The following provides information on EdDSA Keys and Signatures.

Generated Keys and Certificates

When generating a CA in EJBCA, up to three keys and certificates are generated:

  • A CA signing keypair and certificate

  • An encryption keypair, used for encrypting key recovery information

  • An OCSP signer keypair and certificate

When using EdDSA keys, the CA signing keypair and the OCSP signer keypair will be the EdDSA keytype you select when creating the CA. The CA signing and OCSP signing certificate will be signed using your selected signature algorithm. The encryption keypair will always be RSA, using 1024 or 2048 bit key length. It uses the key length set in the CA UI or 2048 bit by default using the CLI.

Using EdDSA with an HSM

ENTERPRISE This is an EJBCA Enterprise feature.

HSM support for EdDSA is fairly new. PKCS#11 did not standardize support for EdDSA until PKCS#11v3, while most HSMs still (October 2020) are still on PKCS#11v2.40. Many HSMs however support EdDSA, extending PKCS#11v2 with EdDSA support similar to PKCS#11v3 (with various differences). EJBCA supports EdDSA on HSMs using the P11-NG PKCS#11 provider. The implementation can differ between different HSMs, and not all HSMs are necessarily supported by EJBCA.

  • The keyEncryptKey cannot be EdDSA, but should be an RSA key. An HSM must therefore support both EdDSA and RSA keys.

  • Most HSMs (and all tested HSMs) only support Ed25519 and not Ed448 yet.

EdDSA Algorithms

EJBCA supports the following EdDSA algorithms, also supported by BouncyCastle.

EdDSA keys

EdDSA signature algorithm

Ed25519

Ed25519

Ed448

Ed448

Creating Client Certificates

You can also issue normal requests for client certificates using EdDSA keys.

All certificates signed by an EdDSA CA will naturally use EdDSA signatures, regardless of the client keys are RSA, ECDSA, or EdDSA.

When batch generating client keys using the CLI command bin/ejbca.sh batch, you configure the type of client keys that will be generated in the file conf/batchtool.properties. The possible parameters are described in the properties file. If using the implicitlyCA facility the same parameters as configured for the CA in conf/cesecore.properties are used. For more information on the implicitlyCA facility, see ECDSA Keys and Signatures or refer to the Bouncy Castle documentation on Using the Bouncy Castle Provider's ImplicitlyCA Facility.

Example CSR Generation

To generate a valid sample CSR for your clients, OpenSSL can be used.

openssl genpkey -algorithm ED25519 -out ed25519.key.pem
openssl req -new -key ed25519.key.pem -out ed25519.csr.pem
openssl req -in ed25519.csr.pem -text