EdDSA Keys and Signatures

The Edwards-curve Digital Signature Algorithm (EdDSA) scheme uses a variant of the Schnorr signature based on twisted Edwards curves. EdDSA is designed to be faster than existing digital signature schemes without sacrificing security. For more information, refer to RFC 8032: Edwards-Curve Digital Signature Algorithm (EdDSA).

EJBCA supports EdDSA signature keys and you can create a Certificate Authority (CA) using EdDSA keys both using the EJBCA Admin UI and the CLI (bin/ejbca.sh ca init). For more information, see Managing CAs.

The following provides information on EdDSA Keys and Signatures.

Generated Keys and Certificates

When generating a CA in EJBCA, up to three keys and certificates are generated:

  • A CA signing keypair and certificate
  • An encryption keypair, used for encrypting key recovery information
  • An OCSP signer keypair and certificate

When using EdDSA keys, the CA signing keypair and the OCSP signer keypair will be the EdDSA keytype you select when creating the CA. The CA signing and OCSP signing certificate will be signed using your selected signature algorithm. The encryption keypair will always be RSA, using 1024 or 2048 bit key length. It uses the key length set in the CA UI or 2048 bit by default using the CLI.

Using EdDSA with an HSM

Currently, there is no HSM support for EdDSA. While some HSMs support EdDSA using custom PKCS#11 mechanisms, standardized support for EdDSA will be available in PKCS#11v3 and may be available in the future for HSM using other APIs (for example REST based such as Azure, AWS or GCP).

Note that the keyEncryptKey cannot be EdDSA, but should be an RSA key. An HSM must therefore support both EdDSA and RSA keys.

EdDSA Algorithms

EJBCA supports the following EdDSA algorithms, also supported by BouncyCastle.

EdDSA keysEdDSA signature algorithm




Creating Client Certificates

You can also issue normal requests for client certificates using EdDSA keys.

All certificates signed by an EdDSA CA will naturally use EdDSA signatures, regardless of the client keys are RSA, ECDSA, or EdDSA.

When batch generating client keys using the CLI command bin/ejbca.sh batch, you configure the type of client keys that will be generated in the file conf/batchtool.properties. The possible parameters are described in the properties file. If using the implicitlyCA facility the same parameters as configured for the CA in conf/cesecore.properties are used. For more information on the implicitlyCA facility, see ECDSA Keys and Signatures or refer to the Bouncy Castle documentation on Using the Bouncy Castle Provider's ImplicitlyCA Facility.