How to import a ed25519 private key into Yubi HSM 2

Question

I am trying to import a openssl generated ed25519 key into Yubi HSM 2 I am following the steps described here: https://developers.yubico.com/yubihsm-shell/yubihsm-wrap.html

echo -en '\x00\x11\x22\x33\x44\x55\x66\x77\x88\x99\xaa\xbb\xcc\xdd\xee\xff' >wrap.key

yubihsm-shell -p password -a put-wrap-key -i 20 -c all --delegated all --informat bin --in wrap.key

openssl genpkey -algorithm Ed25519 -out ed25519key.pem

yubihsm-wrap -a ed25519 -c sign-eddsa -d 1,2,5 --id 30 --label ED25519_Key --in ed25519key.pem --wrapkey wrap.key --out private.yhw

yubihsm-shell -p password -a put-wrapped --wrap-id 20 --in private.yhw

Finally my error is Malformed command / invalid data

There seem to be no indication that wrapping ed25519 key are not supported by Yubi HSM 2.

Is there something wrong in my process or it is simply not supported?

Answer 1

Although ed25519 meets the general requirements, there has been no follow up on FIPS 186-4 as of yet. NIST has not issued a certification.

[https://csrc.nist.gov/csrc/media/publications/fips/186/4/final/documents/comments-received-fips186-4-december-2015.pdf]

If / when they do it will likely be supported.