nik/easyrsa
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Default settings: Make default Edwards curve ED25519

Browse Source 
Perform hierarchial decision for elliptic curve name.

Default curves per algorithm:
* 'ec' Elliptic curve name 'secp384r1' (Unchanged)
* 'ed' Edwards curve name 'ed25519' (Changed)

Signed-off-by: Richard T Bonhomme <tincantech@protonmail.com>
This commit is contained in:
Richard T Bonhomme 2022-12-28 17:15:40 +00:00
parent 6ac84dc2aa
commit 48a74fbca0
No known key found for this signature in database
GPG Key ID: 2D767DB92FB6C246
1 changed files with 22 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

31
easyrsa3/easyrsa
View File

@ -4182,18 +4182,19 @@ verify_algo_params() {
# Create the required ecparams file
easyrsa_openssl ecparam -name "$EASYRSA_CURVE" \
-out "$EASYRSA_ALGO_PARAMS" 1>/dev/null || die "\
Failed to generate ecparam file (permissions?) when writing to:
$EASYRSA_ALGO_PARAMS"
-out "$EASYRSA_ALGO_PARAMS" \
1>/dev/null || die "\
Failed to generate ecparam file (permissions?) at:
* $EASYRSA_ALGO_PARAMS"
;;
ed)
# Verify Edwards curve
easyrsa_openssl genpkey -algorithm "$EASYRSA_CURVE" \
> /dev/null || \
die "Edwards Curve $EASYRSA_CURVE not found."
> /dev/null || die "\
Edwards Curve $EASYRSA_CURVE not found."
;;
*) die "\
Alg '$EASYRSA_ALGO' is invalid: must be 'rsa', 'ec' or 'ed'"
Alg '$EASYRSA_ALGO' is invalid: Must be 'rsa', 'ec' or 'ed'"
esac
} # => verify_algo_params()
@ -4372,9 +4373,21 @@ Sourcing the vars file and building certificates will probably fail ..'
set_var EASYRSA_REQ_EMAIL me@example.net
set_var EASYRSA_REQ_OU "My Organizational Unit"
set_var EASYRSA_ALGO rsa
set_var EASYRSA_KEY_SIZE 2048
set_var EASYRSA_CURVE secp384r1
set_var EASYRSA_EC_DIR "$EASYRSA_PKI/ecparams"
case "$EASYRSA_ALGO" in
rsa)
set_var EASYRSA_KEY_SIZE 2048
;;
ec)
set_var EASYRSA_CURVE secp384r1
set_var EASYRSA_EC_DIR "$EASYRSA_PKI/ecparams"
;;
ed)
set_var EASYRSA_CURVE ed25519
;;
*) die "Unknown algorithm '$EASYRSA_ALGO'"
esac
set_var EASYRSA_CA_EXPIRE 3650
set_var EASYRSA_CERT_EXPIRE 825 # new default of 36 months
set_var EASYRSA_CERT_RENEW 90