Page MenuHomeFreeBSD
Differential D54473

checkkey.sh: Add EDDSA algo (RFC8032)
ClosedPublic
Actions

Authored by pouria on Sat, Jan 3, 1:43 PM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Jan 20, 10:35 PM
Unknown Object (File)
Mon, Jan 19, 2:01 PM
Unknown Object (File)
Sun, Jan 18, 1:15 AM
Unknown Object (File)
Thu, Jan 15, 9:21 PM
Unknown Object (File)
Thu, Jan 15, 10:45 AM
Unknown Object (File)
Mon, Jan 12, 12:22 AM
Unknown Object (File)
Sat, Jan 10, 12:55 AM
Unknown Object (File)
Thu, Jan 8, 3:15 PM
View All 12 Files
Subscribers
siva

Details

Reviewers
des
markj
Commits
R9:169c613a70b8: checkkey.sh: Add EDDSA algo (RFC8032)
Summary

This fixes the UNKNOWN type returned by checkkey.sh
The EDDSA (22) has a dedicated standard (RFC8032),
and is also allowed for use in RFC9580 which obsoletes RFC4880.

Test Plan

To test you can use a key with algorithm number 22:

% ./documentation/tools/checkkey.sh C7E57F23C24F542D
key C7E57F23C24F542D: EDDSA

Diff Detail

Repository
R9 FreeBSD doc repository
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

pouria requested review of this revision.Sat, Jan 3, 1:43 PM
pouria created this revision.
Harbormaster completed remote builds in B69588: Diff 168957.Sat, Jan 3, 1:43 PM
pouria added a comment.Sat, Jan 3, 1:52 PM

Why don't we allow new committers to use curve algorithms?
I can see that there are multiple ed25519 keys currently in use by committers, as reported by ./doc/documentation/tools/pgpkeyreport.
However, committer's guide states that checkkey.sh must be used to ensure the key is valid.
The checkkey.sh script does not allow committers to use curve algorithms. Is this ok or should we write an exception for curve algorithms?

des accepted this revision.Sat, Jan 3, 8:48 PM

There is no reason not to allow EDDSA. It just did not yet exist when this script was written.

This revision is now accepted and ready to land.Sat, Jan 3, 8:48 PM
pouria added inline comments.Sat, Jan 3, 10:34 PM
documentation/tools/checkkey.sh
194

@des I can add an exception here for ECC/ECDSA/EDDSA algorithms to avoid returning badkey error to users if you want.

pouria mentioned this in D54638: new committer (src): Pouria Mousavizadeh Tehrani (pouria).Sat, Jan 10, 7:31 PM
siva added a subscriber: siva.Sun, Jan 11, 11:51 PM
siva added inline comments.
documentation/tools/checkkey.sh
194

Found this review by making the same local change myself. Yes, you will need to add a line here for EDDSA) ;;

pouria updated this revision to Diff 169941.Sat, Jan 17, 12:44 PM

Avoid returning badkey error for EDDSA.

This revision now requires review to proceed.Sat, Jan 17, 12:44 PM
Harbormaster completed remote builds in B69945: Diff 169941.Sat, Jan 17, 12:44 PM
This revision was not accepted when it landed; it landed in state Needs Review.Sun, Jan 18, 8:15 AM
Closed by commit R9:169c613a70b8: checkkey.sh: Add EDDSA algo (RFC8032) (authored by pouria). · Explain Why
This revision was automatically updated to reflect the committed changes.
pouria added a commit: R9:169c613a70b8: checkkey.sh: Add EDDSA algo (RFC8032).

Revision Contents
Changeset List

PathSize
documentation/
tools/
2 lines

Diff 169989

View Options

documentation/tools/checkkey.sh

Loading...