DKIM: document proper Ed25519 key-generation methods; remove helper program

author: Jeremy Harris <jgh146exb@wizmail.org> 2018-03-26 13:30:13 +0100
committer: Jeremy Harris <jgh146exb@wizmail.org> 2018-03-26 13:30:13 +0100
commit: 4fe4d0b16321e3af984c3e595aaafbf60a0d0259 (patch)
tree: 574619b0aa80ff805fc0e3466887e1c3f54d2274 /doc
parent: 9604413b16bf7270395b92690ef429dca4a14eee (diff)
1 files changed, 4 insertions, 7 deletions
diff --git a/doc/doc-docbook/spec.xfpt b/doc/doc-docbook/spec.xfpt
index b65b6fe5b..814afc1eb 100644
--- a/doc/doc-docbook/spec.xfpt
+++ b/doc/doc-docbook/spec.xfpt
@@ -38967,19 +38967,16 @@ for some transition period.
 The "_CRYPTO_SIGN_ED25519" macro will be defined if support is present
 for EC keys.
 
-As of writing, producing EC key materials is not well supported
-by the major libraries.  OpenSSL 1.1.1 and GnuTLS 3.6.0 can create private keys:
+OpenSSL 1.1.1 and GnuTLS 3.6.0 can create Ed25519 private keys:
 .code
 openssl genpkey -algorithm ed25519 -out dkim_ed25519.private
 certtool --generate-privkey --key-type=ed25519 --outfile=dkim_ed25519.private
 .endd
 
-To help in producing the required public key value for a DNS record
-the release package &_util/_& directory contains source for a utility
-buildable with GnuTLS 3.6.0;
-use it like this:
+To produce the required public key value for a DNS record:
 .code
-ed25519_privkey_pem_to_pubkey_raw_b64 dkim_ed25519.private
+openssl pkey -outform DER -pubout -in dkim_ed25519.private | tail -c +13 | base64
+certtool --load_privkey=dkim_ed25519.private --pubkey_info --outder | tail -c +13 | base64
 .endd
 .wen
author	Jeremy Harris <jgh146exb@wizmail.org>	2018-03-26 13:30:13 +0100
committer	Jeremy Harris <jgh146exb@wizmail.org>	2018-03-26 13:30:13 +0100
commit	4fe4d0b16321e3af984c3e595aaafbf60a0d0259 (patch)
tree	574619b0aa80ff805fc0e3466887e1c3f54d2274 /doc
parent	9604413b16bf7270395b92690ef429dca4a14eee (diff)