Currently, it's not possible to import or export a raw private X25519, Ed25519, ECDH or ECDSA key.
The spec says raw is "An unformatted sequence of bytes. Intended for secret keys." However, in the mentioned asymmetric algorithms it's actually used to import and export public keys. And unlike with pkcs8, spki and jwk, there's no natural way to tell from the format name and/or data whether it's a private or a public key.
So, we could introduce a raw-private key format for importing and exporting raw private keys.
Conversely, we could introduce raw-public for importing and exporting raw public keys, and deprecate the usage of raw for that purpose.
To complete the trio, we could introduce raw-secret for importing and exporting raw secret keys, and deprecate raw entirely.
(In the future, when we add ML-KEM, we may also want raw-seed to import/export the private key seed.)
Currently, it's not possible to import or export a raw private X25519, Ed25519, ECDH or ECDSA key.
The spec says
rawis "An unformatted sequence of bytes. Intended for secret keys." However, in the mentioned asymmetric algorithms it's actually used to import and export public keys. And unlike withpkcs8,spkiandjwk, there's no natural way to tell from the format name and/or data whether it's a private or a public key.So, we could introduce a
raw-privatekey format for importing and exporting raw private keys.Conversely, we could introduce
raw-publicfor importing and exporting raw public keys, and deprecate the usage ofrawfor that purpose.To complete the trio, we could introduce
raw-secretfor importing and exporting raw secret keys, and deprecaterawentirely.(In the future, when we add ML-KEM, we may also want
raw-seedto import/export the private key seed.)