| commit | b76b9bfef1b1aece0d57e6b5d7e8c3c979d6c2e4 | |
| author | Jan Krüger <jk@jk.gs> | |
| Fri, 27 Jan 2023 18:14:49 +0000 (27 19:14 +0100) | ||
| committer | Jan Krüger <jk@jk.gs> | |
| Wed, 1 Feb 2023 11:21:21 +0000 (1 12:21 +0100) | ||
| tree | 4ce0c167f2120ae64677acde60faeef9b2bfff37 | treesnapshot (tar.gz zip) |
| parent | 0deeae164c4db3f0f6edda636adba5a3b2f4a1e0 | commitdiff |
Support Ed25519 SSH keys
As described in the config file, Ed25519 is designed to have attack
resistance similar to 128 bit symmetric encryption ciphers. This
should be an acceptable level of security for most applications, so
by default Ed25519 keys are enabled.
sshpub_validate:
* Check Ed25519 for valid format (including a check for the fixed bit
length)
* Add error reporting (not used everywhere but all callers check that
the first returned value is non-empty so they should transparently
treat the new error reports as invalid keys)
CGI:
* Extend CGI validation to accept Ed25519
* Skip bit length check for Ed25519
* Support Ed25519 display in user editor
* Make CGI output for key validation a little more detailed and
formatted... mostly because this makes the code a lot less ugly
toolbox/usertool:
* Fix regular expressions and type hashes to also accept Ed25519 keys
* Add config check for Ed25519 to `cmd_setkeys`
* Output key validation errors in `cmd_setkeys`
* Skip bit length check for Ed25519
As described in the config file, Ed25519 is designed to have attack
resistance similar to 128 bit symmetric encryption ciphers. This
should be an acceptable level of security for most applications, so
by default Ed25519 keys are enabled.
sshpub_validate:
* Check Ed25519 for valid format (including a check for the fixed bit
length)
* Add error reporting (not used everywhere but all callers check that
the first returned value is non-empty so they should transparently
treat the new error reports as invalid keys)
CGI:
* Extend CGI validation to accept Ed25519
* Skip bit length check for Ed25519
* Support Ed25519 display in user editor
* Make CGI output for key validation a little more detailed and
formatted... mostly because this makes the code a lot less ugly
toolbox/usertool:
* Fix regular expressions and type hashes to also accept Ed25519 keys
* Add config check for Ed25519 to `cmd_setkeys`
* Output key validation errors in `cmd_setkeys`
* Skip bit length check for Ed25519
| Girocco/Config.pm | diffblobblamehistory | |
| Girocco/SSHUtil.pm | diffblobblamehistory | |
| Girocco/User.pm | diffblobblamehistory | |
| toolbox/usertool.pl | diffblobblamehistory |