failed to load key: bio read failed

[Kautenja]

What happened?

ed25519 does not work in place of rsa in example code; instead it yields the exception:

libc++abi: terminating with uncaught exception of type jwt::error::rsa_exception: failed to load key: bio read failed

The same is true for attempting to load public keys in my experience.

How To Reproduce?

#include <iostream>
#include <jwt-cpp/jwt.h>

int main() {
	std::string rsa_priv_key = R"(-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
QyNTUxOQAAACD4VpZ6QtxaEusjkehxLfBoGx7n2hgcX5+PsWX9HtZcCQAAALhKiEx/SohM
fwAAAAtzc2gtZWQyNTUxOQAAACD4VpZ6QtxaEusjkehxLfBoGx7n2hgcX5+PsWX9HtZcCQ
AAAEC5cgaK1LeDbS1Yl1oCw6o4GYS8JzpDWv1gYa2PukytUvhWlnpC3FoS6yOR6HEt8Ggb
HufaGBxfn4+xZf0e1lwJAAAAMWNrYXV0ZW5AaXAtMTkyLTE2OC0xLTMudXMtd2VzdC0yLm
NvbXB1dGUuaW50ZXJuYWwBAgME
-----END OPENSSH PRIVATE KEY-----)";

	auto token = jwt::create()
					 .set_issuer("auth0")
					 .set_type("JWT")
					 .set_id("rsa-create-example")
					 .set_issued_at(std::chrono::system_clock::now())
					 .set_expires_at(std::chrono::system_clock::now() + std::chrono::seconds{36000})
					 .set_payload_claim("sample", jwt::claim(std::string{"test"}))
					 .sign(jwt::algorithm::ed25519("", rsa_priv_key, "", ""));

	std::cout << "token:\n" << token << std::endl;
}

Version

0.6.0

What OS are you seeing the problem on?

MacOS

What compiler are you seeing the problem on?

GCC

Relevant log output

The output of the standard example for RSA works as expected. Swapping out rsa for ed25519 fails with a newly generated key-pair

Code of Conduct

• I agree to follow this project's Code of Conduct

[Thalhammer]

ed25519 is based on elliptic curves, whereas rsa is based on prime factorization. The key types differ, meaning you can't use an rsa key with ed25519 (or really any other algorithm except pss* which is based on rsa). You need to generate a new key suitable for elliptic curves.

[Kautenja]

Ah I see. I suppose my issue then is how are these ed25519 keys supposed to be generated? The key was generated using the following which should produce an ed25519 key as far as I can tell

ssh-keygen -t ed25519 -m PEM -f jwted25519.key

[Kautenja]

I should mention the key in the example code was generated using the above command; it's not the RSA key from the original code.

[prince-chrismc]

Should be this https://stackoverflow.com/a/73118582

[prince-chrismc]

Cryptography libraries are not as interchangeable as we'd like... never tried ssh but I assume it's adding something special to know which alg to use

[Kautenja]

Oh interesting, I was unaware of that. You're totally right, the keys generated by OpenSSL 3 do work in this example and look much more like the keys that I was seeing in the test cases. Thanks for the help!