Get public and private key from PEM ed25519 in C#

Question

I have private key generated by: openssl genpkey -algorithm ed25519 -out private.pem and it looks like this:

-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VwBCIEINTZWUEn/Jt6TV9OxGxjD+6CtqKB3MtcJdFAzFUg3fk/
-----END PRIVATE KEY-----

I also have a public key generated by: openssl pkey -in private.pem -out public.pem and it looks like this:

-----BEGIN PUBLIC KEY-----
MCowBQYDK2VwAyEAPBDjfKgiUSIjVLrvsR+pxw5i9unTpr8S5BL04T13r6w=
-----END PUBLIC KEY-----

And now I don't know, how can I get public and private keys from these PEM's in C#? In my previous question: Generating public ed25519 key with OpenSSL I found out that the public key is in X509/SPKI format and the private key is in PKCS#8 format. But how to get right keys from these formats in C#? I tried with the X509Certificate2 class but got nothing.

I guess this would work using functions : https://learn.microsoft.com/en-us/dotnet/api/system.security.cryptography.rsacryptoserviceprovider?view=net-6.0 — JoelCrypto, May 07 '22 at 13:15

Topaco · Accepted Answer · 2022-05-07T16:26:39.587

Ed25519 can be implemented on .NET with e.g. BouncyCastle and runs on both .NET Framework and .NET Core.

BouncyCastle also provides a way to directly import PEM keys using the PemReader class.

Example:

using Org.BouncyCastle.Crypto;
using Org.BouncyCastle.Crypto.Parameters;
using Org.BouncyCastle.Crypto.Signers;
using Org.BouncyCastle.OpenSsl;
using System;
using System.IO;
using System.Text;

...

//
// Signing
//

// Import private key
string ed25519pkcs8 = @"-----BEGIN PRIVATE KEY-----
                        MC4CAQAwBQYDK2VwBCIEIAYIsKL0xkTkAXDhUN6eDheqODEOGyFZ04jsgFNCFxZf
                        -----END PRIVATE KEY-----";
PemReader pemReaderPrivate = new PemReader(new StringReader(ed25519pkcs8));
Ed25519PrivateKeyParameters ed25519pkcs8Parameters = (Ed25519PrivateKeyParameters)pemReaderPrivate.ReadObject();

// Sign
byte[] dataToSign = Encoding.UTF8.GetBytes("The quick brown fox jumps over the lazy dog");
ISigner signer = new Ed25519Signer();
signer.Init(true, ed25519pkcs8Parameters);
signer.BlockUpdate(dataToSign, 0, dataToSign.Length);
byte[] signature = signer.GenerateSignature();
Console.WriteLine("Signature: " + Convert.ToBase64String(signature)); // Signature: MTAK9rOibXN1RBOP3O6cRf7Dut1wS6pdz9xM11NIMjg/G0vEusn0piL1iTUcVZvfPNr4PHZSsjp6qX9HkCKRCw==

//
// Verifying
//

// Import public key
string ed25519x509 = @"-----BEGIN PUBLIC KEY-----
                      MCowBQYDK2VwAyEA3mcwgf2DrWLR3mQ6l2d59bGU6qUStwQrln2+rKlKxoA=
                      -----END PUBLIC KEY-----";
PemReader pemReaderPublic = new PemReader(new StringReader(ed25519x509));
Ed25519PublicKeyParameters ed25519x509Parameters = (Ed25519PublicKeyParameters)pemReaderPublic.ReadObject();

// Verify
ISigner verifier = new Ed25519Signer();
verifier.Init(false, ed25519x509Parameters);
verifier.BlockUpdate(dataToSign, 0, dataToSign.Length);
bool verified = verifier.VerifySignature(signature);
Console.WriteLine("Verification: " + verified); // Verification: True

with the output:

Signature: MTAK9rOibXN1RBOP3O6cRf7Dut1wS6pdz9xM11NIMjg/G0vEusn0piL1iTUcVZvfPNr4PHZSsjp6qX9HkCKRCw==
Verification: True

Seems like signing is working fine. But why, when I want to verify the PASETO token, it turns out that "The token signature is not valid"? I do it like this: https://pastebin.com/B0srZA3n — Szyszka947, May 07 '22 at 16:43
@Szyszka947 - Well, this is really a new question that is beyond the scope of this question and can't be answered in comments. Please post the linked code from the comment in your new question, along with the missing type definitions and an identification of the libraries used so that the code is executable and the problem can be reproduced, s. [MCVE](https://stackoverflow.com/help/minimal-reproducible-example). Thx. — Topaco, May 07 '22 at 17:09
Can you explain the verifier.BlockUpdate(dataToSign, 0, dataToSign.Length); in the Verify block above? Does the verifier have to know dataToSign so that it can check that it was signed correctly? — Brian THOMAS, Apr 05 '23 at 17:31
@BrianTHOMAS - *...Does the verifier have to know dataToSign...* Yes. Verification requires the data to be verified, the signature, and the public key. — Topaco, Apr 05 '23 at 19:30
Thank you. Your code works perfectly - but I'd modified it and broken it, so I was going through it line by line to see what I'd changed. — Brian THOMAS, Apr 06 '23 at 07:59

Get public and private key from PEM ed25519 in C#

1 Answers1