Hacker News new | ask | show | jobs
by rawandriddled 586 days ago
How can I use the same ed25519 key pair for minisign and age?
1 comments
some_furry 586 days ago
You can't. Age is X25519, not Ed25519.
link
rawandriddled 586 days ago
Edit: (Apologies). Thank you!

Even with "ssh-ed25519" [1]?

I looked at a ssh-ed25519 example [2] but i don't see how it can be extracted from the minisign secret key format [3], for example:

ssh-ed25519:

  ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIK0wmN/Cr3JXqmLW7u+g9pTh+wyqDHpSQEIQczXkVx9q gleb@reys.net
minisign secret key format:

  untrusted comment: minisign encrypted secret key
  RWRTY0IyNKMZZ+uqJdb8VtvSTo9EwylBlcsnitMtEyQzVLq/7tUAAAACAAAAAAAAAEAAAAAANLUi4xncsLbGKL+8y/n692Imrb9iURwzfnVfRqxqU5kAnVVrs98xMBqtIOiS63HZ3BQIGU6jpBWbX3ELCALfL/Le6UL3DunYfWqNPvhAKhlY4gQEjMzrL6ytxTFCXLGJpBSZHkK3DIQ=
[1] https://github.com/FiloSottile/age#user-content-ssh-keys

[2] https://www.unixtutorial.org/how-to-generate-ed25519-ssh-key...

[3] https://jedisct1.github.io/minisign/#secret-key-format

link
some_furry 586 days ago
It looks like age with SSH keys uses a birationally equivalent keypair.

https://github.com/FiloSottile/age/blob/176e245b3cb3ada322c2...

If you're using, for example, libsodium, you'd want the Ed25519 to X25519 functions to convert the two. (Note that you need to operate over raw bytes to do this.)

In practice, you shouldn't do this. Use different keys for different purposes!

link