Add support for EC sertificates in addition to RSA

[13xforever]

Currently installation script generates 2048 bit RSA certificate. You can hack it a bit to generate EC-based certificate instead (e.g. secp384r1), but the shadowbox container will fail to initialize properly (no errors in log, just no answers).

Please consider to use ec by default if host supports it, as it is equally secure, but has lower resource footprint.

[bemasc]

The RSA key is only generated once on server creation, and is only used by the server manager (not the client). Have you encountered a performance problem related to this RSA key?

[13xforever]

It's just a good practice, and I am migrating all my certificates to EC-based crypto. Trust in RSA is slowly eroding in general as well. This is not super critical, but I'd like to see this implemented at least as a backup plan.

[trevj]

@13xforever We like EC keys, too. We use node-forge to generate the keypair but until recently it didn't support them - I see this might have changed: https://github.com/digitalbazaar/forge#ed25519

FYI, @YegorIevlev recently sent us a PR to increase the keysize to 4096 bits: https://github.com/Jigsaw-Code/outline-server/pull/162

[ghost]

NIST curves have severe issues, including a possible backdoor (lack of rigidity): https://safecurves.cr.yp.to/

We should wait for Curve25519 certificates.

Do you think I need to try making Curve25519 SSH key generation code (generating Curve25519 keys and wrapping them in SSH key format)?

[trevj]

@YegorIevlev I think we'd be open to a PR changing the keys to ED25519, as described here: https://github.com/digitalbazaar/forge#ed25519

[ghost]

@trevj We don't need the entire node-forge for that. The minimum required code to generate a keypair is much smaller.

[trevj]

@YegorIevlev If we don't need it, great - we love to receive pull requests :-)