helper functions to more correctly marshal curve 25519 public keys

cert/cert.go

@@ -58,6 +58,9 @@ type Certificate interface {
 	// PublicKey is the raw bytes to be used in asymmetric cryptographic operations.
 	PublicKey() []byte
 
+	// PublicKeyPem is the value of PublicKey marshalled to PEM
+	PublicKeyPem() []byte
+
 	// Curve identifies which curve was used for the PublicKey and Signature.
 	Curve() Curve
 

cert/cert_v1.go

@@ -83,6 +83,10 @@ func (c *certificateV1) PublicKey() []byte {
 	return c.details.publicKey
 }
 
+func (c *certificateV1) PublicKeyPem() []byte {
+	return marshalCertPublicKeyToPEM(c)
+}
+
 func (c *certificateV1) Signature() []byte {
 	return c.signature
 }

cert/cert_v2.go

@@ -114,6 +114,10 @@ func (c *certificateV2) PublicKey() []byte {
 	return c.publicKey
 }
 
+func (c *certificateV2) PublicKeyPem() []byte {
+	return marshalCertPublicKeyToPEM(c)
+}
+
 func (c *certificateV2) Signature() []byte {
 	return c.signature
 }

cert/pem.go

@@ -54,6 +54,21 @@ func UnmarshalCertificateFromPEM(b []byte) (Certificate, []byte, error) {
 
 }
 
+func marshalCertPublicKeyToPEM(c Certificate) []byte {
+	switch c.Curve() {
+	case Curve_CURVE25519:
+		if c.IsCA() {
+			return pem.EncodeToMemory(&pem.Block{Type: Ed25519PublicKeyBanner, Bytes: c.PublicKey()})
+		} else {
+			return pem.EncodeToMemory(&pem.Block{Type: X25519PublicKeyBanner, Bytes: c.PublicKey()})
+		}
+	case Curve_P256:
+		return MarshalPublicKeyToPEM(Curve_P256, c.PublicKey())
+	default:
+		return nil
+	}
+}
+
 func MarshalPublicKeyToPEM(curve Curve, b []byte) []byte {
 	switch curve {
 	case Curve_CURVE25519: