TLDR
I want to generate an X25519 keypair and then store it in a single file for easier handling, but I cannot use a keystore like PKCS#12.
Why
OpenSSL makes it quite easy to generate a private key in PEM encoding via:
openssl genpkey -algorithm x25519 -out privatekey.pem, and then extract a public key via openssl pkey -in x25519-priv.pem -pubout -out publickey.pem.
It's also simple to generate such a keypair in Java with BouncyCastle:
KeyPairGenerator kpg = KeyPairGenerator.getInstance("X25519");
KeyPair keyPair = kpg.generateKeyPair();
PublicKey publicKey = keyPair.getPublic();
PrivateKey privateKey = keyPair.getPrivate();
That's nice and dandy, but for utility I'd like to be able to store and transfer just one file instead of two. I am writing a GUI software in Java that will accept the keypair as an input, and it's much easier and better UX to pass just one file, rather than two.
Usually, a task like this is well suited for a keystore, i.e. a PKCS#12 (.p12) file. While that could be done for Ed25519 keys tied to a self-signed certificate, it's not a solution for X25519 keys, because, unfortunately, the Java Keystore API does not support plain keypairs, only a combination of private key + certificate[chain].
PKCS#8 sounds like a miss, because by definition it's strictly dealing with private keys. Or am I wrong?
Q
What format and/or encoding can I use to store an X25519 Private Key together with Public Key in one file? Is it acceptable to just generate two PEM encoded files and then concatenate them? Is there any standard/RFC that I can follow?
