chiark / gitweb /
keys/: Support the EdDSA signature schemes from catcrypt(1).
authorMark Wooding <mdw@distorted.org.uk>
Thu, 26 May 2016 08:26:09 +0000 (09:26 +0100)
committerMark Wooding <mdw@distorted.org.uk>
Sun, 14 May 2017 17:19:08 +0000 (18:19 +0100)
keys/tripe-keys.conf.5.in
keys/tripe-keys.in
keys/tripe-keys.master

index 0b488f0..e993ad2 100644 (file)
@@ -261,7 +261,7 @@ dh  dsa
 ec     ecdsa
 _
 .TE
-.ne 10
+.ne 12
 .TP
 .I sig-genalg
 Key-generation algorithm for signing key.  Default depends on
@@ -280,9 +280,11 @@ rsapcs1    rsa
 rsapss rsa
 ecdsa  ec
 eckcdsa        ec
+ed25519        ed25519
+ed448  ed448
 _
 .TE
-.ne 8
+.ne 10
 .TP
 .I sig-param
 Signature-key generation parameters.  Default depends on
@@ -299,6 +301,8 @@ dh  \-LS \-b3072 \-B256
 dsa    \-b3072 \-B256
 rsa    \-b3072
 ec     \-Cnist-p256
+ed25519        \fInone
+ed448  \fInone
 _
 .TE
 .TP
index f40f396..787336f 100644 (file)
@@ -262,11 +262,15 @@ def conf_defaults():
                                        'rsapkcs1': 'rsa',
                                        'rsapss': 'rsa',
                                        'ecdsa': 'ec',
-                                       'eckcdsa': 'ec'}[conf['sig']]),
+                                       'eckcdsa': 'ec',
+                                       'ed25519': 'ed25519',
+                                       'ed448': 'ed448'}[conf['sig']]),
                ('sig-param', lambda: {'dh': '-LS -b3072 -B256',
                                       'dsa': '-b3072 -B256',
                                       'ec': '-Cnist-p256',
-                                      'rsa': '-b3072'}[conf['sig-genalg']]),
+                                      'rsa': '-b3072',
+                                      'ed25519': '',
+                                      'ed448': ''}[conf['sig-genalg']]),
                ('sig-hash', '${hash}'),
                ('sig-expire', 'forever'),
                ('fingerprint-hash', '${hash}')]:
index 01e094b..35b868c 100644 (file)
@@ -37,6 +37,7 @@
 ## Signature scheme to use for signing/verifying repository archives.
 # sig = dsa
 # sig = ecdsa
+# sig = ed25519
 
 ## How recently an archive must have been signed to be valid.
 # sig-fresh = always