Support for ECC keys (and not just RSA)

#1

When configuring the server after installation, we get to create or import a private key/public key pair for authentication but the type is fixed to DSA / RSA 2048 bit.
Why can’t we use ed25519 to create our private keys. AFAIK ed25519 has about the same strength as RSA 3000-bit and it is faster. Or, is there still software out there without support for ed25519?

I mean: we’re talking about a password safe, right?
If the private key is cracked, all your other passwords are too.
So why not go for the stronger & faster algorithm?

Or am I missing something?

Checklist
[x] I have read intro post: About the Installation Issues category
[x] I have read the tutorials, help and searched for similar issues
[ ] I provide relevant information about my server (component names and versions, etc.)
[ ] I provide a copy of my logs and healthcheck
[ ] I describe the steps I have taken to trouble shoot the problem
[ ] I describe the steps on how to reproduce the issue

admin edit: renaming this as a feature request.

0 Likes

#2

Hello @Aard,

The setup wizard in passbolt is misleading, DSA is actually not used, only RSA (you can see that when you donwload the key and inspect them). As far as I know the RSA 2048 is still considered safe. It is the NIST recommendation and the GnuPG default. Mailvelope has a RSA 4096 default, which makes sense since emails have a longer life than passwords. It is possible for you to import a longer RSA key already.

We have support built in the front end to support other algorithms supported by Openpgp.js. The issue is with the server component. It is not a small feat to officially support multiple operating systems, php version, gnupg, etc.

This is something we could work on if there is a demand from the community.

0 Likes

#3

Hi Remy,

Thank you for your reply.
The subject does only mention RSA, so I understood that DSA wasn’t used. It’s shown as a string on the web page like that.

I’m not a security expert, I only wanted to share what I found on the internet with the community.
I googled on the difference between the auth types and even though as you said, RSA 2048 is not yet ‘weak’, I give you that much, only the fact that it is recommended by NIST, seems enough a reason for many to not use it at all ;-).
Some say plain and simple: Nist cannot be trusted (you can find it here)
Others remain more political correct but do say the same thing: http://security.stackexchange.com/a/46781

Openpgp.js supports ed25519 from v3.0 but it cannot be selected for key creation nor imported. So I understand the issue is on the server side and considered to be a feature request.
That’s fine by me. I just hope more people also find this important and back me up with this request then.

Thank you.

1 Like

#4

@Aard thank you for sharing your opinion in a productive way.

0 Likes

closed #5

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.

0 Likes