diff --git a/phpseclib/Crypt/Common/Formats/Keys/PKCS8.php b/phpseclib/Crypt/Common/Formats/Keys/PKCS8.php index d5a9db4e..b11325a9 100644 --- a/phpseclib/Crypt/Common/Formats/Keys/PKCS8.php +++ b/phpseclib/Crypt/Common/Formats/Keys/PKCS8.php @@ -600,12 +600,15 @@ abstract class PKCS8 extends PKCS $key = [ 'publicKeyAlgorithm' => [ - 'algorithm' => is_string(static::OID_NAME) ? static::OID_NAME : $oid, - 'parameters' => $params + 'algorithm' => is_string(static::OID_NAME) ? static::OID_NAME : $oid ], 'publicKey' => "\0" . $key ]; + if ($oid != 'id-Ed25519' && $oid != 'id-Ed448') { + $key['publicKeyAlgorithm']['parameters'] = $params; + } + $key = ASN1::encodeDER($key, Maps\PublicKeyInfo::MAP); return "-----BEGIN PUBLIC KEY-----\r\n" . diff --git a/tests/Unit/Crypt/EC/KeyTest.php b/tests/Unit/Crypt/EC/KeyTest.php index 103e4dce..56c54c22 100644 --- a/tests/Unit/Crypt/EC/KeyTest.php +++ b/tests/Unit/Crypt/EC/KeyTest.php @@ -258,18 +258,11 @@ BjoJZJZQztmlj7Qep/sf1l8= // from https://tools.ietf.org/html/draft-ietf-curdle-pkix-07#section-10.1 public function testEd25519PublicKey(): void { - $key = PublicKeyLoader::load('-----BEGIN PUBLIC KEY----- -MCowBQYDK2VwAyEAGb9ECWmEzf6FQbrBZ9w7lshQhqowtrbLDFw4rXAxZuE= ------END PUBLIC KEY-----'); - $this->assertSameNL('Ed25519', $key->getCurve()); - - // in the above key AlgorithmIdentifier has a single "child". in the - // following key it has two. The second one is ("optional") NULL. - // https://security.stackexchange.com/q/110330/15922 elaborates on - // why phpseclib is encoding the NULL as opposed to omitting it. $expected = '-----BEGIN PUBLIC KEY----- -MCwwBwYDK2VwBQADIQAZv0QJaYTN/oVBusFn3DuWyFCGqjC2tssMXDitcDFm4Q== +MCowBQYDK2VwAyEAGb9ECWmEzf6FQbrBZ9w7lshQhqowtrbLDFw4rXAxZuE= -----END PUBLIC KEY-----'; + $key = PublicKeyLoader::load($expected); + $this->assertSameNL('Ed25519', $key->getCurve()); $this->assertSameNL($expected, $key->toString('PKCS8')); }