GnuTLS and Ed25519

From: Alice Wonder <>
Date: Wed, 19 Dec 2018 10:00:59 -0800

Hi -

OpenDKIM 2.11.0 Beta2 w/ patch from

Built against GnuTLS 3.6.5 / Nettle 3.4.1

It works beautifully with rsa-sha256

If I try ed25519-sha256 I get an error:

opendkim.service: main process exited, code=killed, status=6/ABRT

This is what private key looks like (yes I'm aware this one is now no
longer usable):


I can use certtool from GnuTLS to generate a self-signed cert from the
private key so I know GnuTLS is able to work with it.

My question of course is, does OpenDKIM expect Ed25519 private keys to
be in a different format than base64 encoded ANS.1 DER?

Or is it an issue with the build? Or support just not finished yet?

Playing around I tried a private key file with just a base64 encoding of
the raw bytes, and in that case OpenDKIM doesn't crash but I do get an
obvious error from GnuTLS function stating it can't import it.

Any suggestions appreciated. Mainly I'm just looking to be able to test
validation, but I have to be able to sign to have something to test
validation with ;)
Received on Wed Dec 19 2018 - 18:01:15 PST

This archive was generated by hypermail 2.3.0 : Thu Dec 20 2018 - 06:00:00 PST