add ed25519 cot-artifact-signing to generic-worker
Categories
(Taskcluster :: Workers, enhancement)
Tracking
(Not tracked)
People
(Reporter: mozilla, Unassigned)
References
(Blocks 2 open bugs)
Details
Comment 1•6 years ago
•
|
||
Hi Aki. I think this bug is done, are you happy for me to close it?
One thing I noticed is that the private key file we get from generic-worker new-ed25519-keypair <FILE>
is 44 chars of base64, which I guess is a 256 bit key? (44 * 6 = 264). Is that the intended key size?
Thanks!
Comment 2•6 years ago
|
||
Also, should the bug title say "ed25519" or "ecdsa"? I'm wondering now if this bug is about replacing ed25519 for ecdsa, or whether the chosen algorithm just changed after bug creation and we just need to update the bug title...
Thanks!
Reporter | ||
Updated•6 years ago
|
Reporter | ||
Comment 3•6 years ago
|
||
(In reply to Pete Moore [:pmoore][:pete] from comment #1)
Hi Aki. I think this bug is done, are you happy for me to close it?
This is a dup of bug 1518913... we were planning on ecdsa originally, and then switched in this thread.
One thing I noticed is that the private key file we get from
generic-worker new-ed25519-keypair <FILE>
is 44 chars of base64, which I guess is a 256 bit key? (44 * 6 = 264). Is that the intended key size?
Yes. It's a 32 byte seed that results in a 64 byte key. It's tiny compared to gpg, faster, and yet more secure, because of the elliptical curve algorithm used. I base64 encode the 32byte public- and private- key portions for easier portability, which results in 44 chars of base64. Docker worker uses a 64 byte key rather than a 32 byte seed due to the tweetnacl.js implementation of ed25519, but I've checked for compatibility -- scriptworker can verify its signatures.
Reporter | ||
Comment 4•6 years ago
|
||
- compared to rsa, i supose :)
Assignee | ||
Updated•6 years ago
|
Description
•