dehydrated
dehydrated copied to clipboard
dehydrated-io
ECDSA Support
I did not see a parameter to support the request of ECDSA certs from ACMEv2. Am I missing something?
Thanks, Jeff
It's KEY_ALGO.
On 1/29/22 14:13, Jeff Sani wrote:
I did not see a parameter to support the request of ECDSA certs from ACMEv2. Am I missing something?
Thanks, Jeff
— Reply to this email directly, view it on GitHub https://github.com/dehydrated-io/dehydrated/issues/863, or unsubscribe https://github.com/notifications/unsubscribe-auth/AJO74S3YQIC3VFJ72AAXKPTUYRRCBANCNFSM5NDMTSTQ. Triage notifications on the go with GitHub Mobile for iOS https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675 or Android https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.
You are receiving this because you are subscribed to this thread.KEY_Message ID: @.***>
Ok thanks - I see that:
Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1
#KEY_ALGO=secp384r1
But it is still not clear to me. RSA is obvious, I presume prime256v1 and secp384ri are EC+DSA? With Certbot, this is simply --key-type ecdsa or rsa.
prime256v1 is a 256 bit curve used with ecdsa. Secp3841 is a 384 bit curve.
Looks like certbot uses prime256v1 if you choose ecdsa and do not specify a curve.
Choosing the curve for ecdsa is kind of analogous to choosing key length for rsa.
On Jan 29, 2022, at 16:07, Jeff Sani @.***> wrote:
Ok thanks - I see that:
Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1
#KEY_ALGO=secp384r1
But it is still not clear to me. RSA is obvious, I presume prime256v1 and secp384ri are EC+DSA? With Certbot, this is simply --key-type ecdsa or rsa.
— Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android. You are receiving this because you commented.
So in domains_txt.md: https://github.com/dehydrated-io/dehydrated/blob/master/docs/domains_txt.md
It has:
then add a config file certs/star_service_example_org_rsa/config with the value
KEY_ALGO="rsa" or respectively
KEY_ALGO="ecdsa"
but in the config example, it is:
Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1
#KEY_ALGO=secp384r1
is ecdca as an option deprecated?
That may be a doc bug. I’m not sure if ecdsa was ever a valid option there, but it definitely isn’t now.
On Jan 31, 2022, at 13:05, Jeff Sani @.***> wrote:
So in domains_txt.md: https://github.com/dehydrated-io/dehydrated/blob/master/docs/domains_txt.md
It has:
then add a config file certs/star_service_example_org_rsa/config with the value
KEY_ALGO="rsa" or respectively
KEY_ALGO="ecdsa"
but in the config example, it is:
Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1
#KEY_ALGO=secp384r1
is ecdca as an option deprecated?
— Reply to this email directly, view it on GitHub, or unsubscribe. Triage notifications on the go with GitHub Mobile for iOS or Android. You are receiving this because you commented.
The reference to ecdsa in https://github.com/dehydrated-io/dehydrated/blob/master/docs/domains_txt.md?plain=1#L58 is a bug indeed, https://github.com/dehydrated-io/dehydrated/pull/861.
The allowed values for KEY_ALGO are listed in https://github.com/dehydrated-io/dehydrated/blob/master/dehydrated#L320.
