From 06a174dfe42020da6138e22c82803cbba9c66b49 Mon Sep 17 00:00:00 2001 From: Mark Wooding Date: Thu, 26 May 2016 09:26:09 +0100 Subject: [PATCH] keys/: Support the EdDSA signature schemes from catcrypt(1). --- keys/tripe-keys.conf.5.in | 8 ++++++-- keys/tripe-keys.in | 8 ++++++-- keys/tripe-keys.master | 1 + 3 files changed, 13 insertions(+), 4 deletions(-) diff --git a/keys/tripe-keys.conf.5.in b/keys/tripe-keys.conf.5.in index 0b488f07..e993ad26 100644 --- a/keys/tripe-keys.conf.5.in +++ b/keys/tripe-keys.conf.5.in @@ -261,7 +261,7 @@ dh dsa ec ecdsa _ .TE -.ne 10 +.ne 12 .TP .I sig-genalg Key-generation algorithm for signing key. Default depends on @@ -280,9 +280,11 @@ rsapcs1 rsa rsapss rsa ecdsa ec eckcdsa ec +ed25519 ed25519 +ed448 ed448 _ .TE -.ne 8 +.ne 10 .TP .I sig-param Signature-key generation parameters. Default depends on @@ -299,6 +301,8 @@ dh \-LS \-b3072 \-B256 dsa \-b3072 \-B256 rsa \-b3072 ec \-Cnist-p256 +ed25519 \fInone +ed448 \fInone _ .TE .TP diff --git a/keys/tripe-keys.in b/keys/tripe-keys.in index f40f3965..787336fa 100644 --- a/keys/tripe-keys.in +++ b/keys/tripe-keys.in @@ -262,11 +262,15 @@ def conf_defaults(): 'rsapkcs1': 'rsa', 'rsapss': 'rsa', 'ecdsa': 'ec', - 'eckcdsa': 'ec'}[conf['sig']]), + 'eckcdsa': 'ec', + 'ed25519': 'ed25519', + 'ed448': 'ed448'}[conf['sig']]), ('sig-param', lambda: {'dh': '-LS -b3072 -B256', 'dsa': '-b3072 -B256', 'ec': '-Cnist-p256', - 'rsa': '-b3072'}[conf['sig-genalg']]), + 'rsa': '-b3072', + 'ed25519': '', + 'ed448': ''}[conf['sig-genalg']]), ('sig-hash', '${hash}'), ('sig-expire', 'forever'), ('fingerprint-hash', '${hash}')]: diff --git a/keys/tripe-keys.master b/keys/tripe-keys.master index 01e094ba..35b868ce 100644 --- a/keys/tripe-keys.master +++ b/keys/tripe-keys.master @@ -37,6 +37,7 @@ ## Signature scheme to use for signing/verifying repository archives. # sig = dsa # sig = ecdsa +# sig = ed25519 ## How recently an archive must have been signed to be valid. # sig-fresh = always -- 2.11.0