cry/cerulean
1
1
Fork 0
Code Issues Pull requests Projects Releases 3 Packages Wiki Activity Actions

support ECDSA

Browse source
This commit is contained in:
do butterflies cry? 2026-01-21 15:38:50 +10:00
parent 2740822c2c
commit 094f74f9c2
1 changed files with 24 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

27
ceru/subcmds/new/ssh-key
View file

@ -22,12 +22,18 @@ ${BOLD}${UNDERLINE}${RED}Description${RESET}
Generates a new SSH keypair with secure defaults.
For more advanced usage run the ${BOLD}${MAGENTA}\`ssh-keygen\`${RESET} utility directly.
${BOLD}${UNDERLINE}${RED}Key Sizes${RESET}
Key sizes are specified in bits via the ${BOLD}${MAGENTA}-b|--bits${RESET} flag.
• ${BOLD}${CYAN}ECDSA keys${RESET} can only operate on elliptic curves of size: ${BOLD}${CYAN}256, 384, or 521 bits${RESET}
• ${BOLD}${CYAN}Ed25519 keys${RESET} have a ${BOLD}${MAGENTA}fixed length${RESET} so the key size is ignored
• ${BOLD}${CYAN}RSA keys${RESET} have been intentionally restricted for Cerulean to: ${BOLD}${CYAN}2048, 3072, 4096, or 8192 bits${RESET}
${BOLD}${UNDERLINE}${RED}Options${RESET}
${BOLD}${MAGENTA}-h, --help${RESET} Show this message (^_^)
${BOLD}${MAGENTA}-o, --out${RESET} Private key file name to write to (the public key is named identically but ends with ${BOLD}${MAGENTA}.pub${RESET})
${BOLD}${MAGENTA}-c, --comment${RESET} A comment or email address to write on the key
${BOLD}${MAGENTA}-t, --type${RESET} The cryptographic algorithm to use: ${BOLD}${MAGENTA}ed25519${RESET} or ${BOLD}${MAGENTA}rsa${RESET} ${BOLD}${CYAN}(default: rsa)${RESET}
${BOLD}${MAGENTA}-r, --rounds${RESET} The number of key derivation function rounds to apply ${BOLD}${CYAN}(default: 100)${RESET}
${BOLD}${MAGENTA}-t, --type${RESET} The cryptographic algorithm to use: ${BOLD}${MAGENTA}ecdsa, ed25519, rsa${RESET} ${BOLD}${CYAN}(default: ecdsa)${RESET}
${BOLD}${MAGENTA}-r, --rounds${RESET} The number of KDF rounds to apply ${BOLD}${CYAN}(default: 100)${RESET}
${BOLD}${MAGENTA}-b, --bits${RESET} The key size in bits ${BOLD}${MAGENTA}(see the \"Key Sizes\" section above) ${CYAN}(defaults: ecdsa=521, rsa=4096, ed25519=NOT-APPLICABLE)${RESET}
${BOLD}${MAGENTA}-N, --nopasswd${RESET} Do not encrypt the private key with a password
${BOLD}${MAGENTA}-H, --hardware-key${RESET} Enable the use of a secure hardware key peripheral device (ie YubiKey)"
@ -92,6 +98,21 @@ if ! isnumeric "$ROUNDS"; then
fi
case "$TYPE" in
ecdsa)
if [[ -n "$BITS" ]]; then
BITS='521'
else
# NOTE: ECDSA keys can only operate on elliptic curves
# NOTE: of sizes: 256, 384 or 521 bits
case "$BITS" in
256|384|512) true
;;
*)
throw-badval 1 "$BITS" '-b|--bits'
;;
esac
fi
;;
ed25519)
# NOTE: the value of BITS does not matter for Ed25519
# NOTE: as it operates on a fixed size elliptic curve
@ -128,7 +149,7 @@ fi
if [[ "$HWKEY" == true ]]; then
if [[ "$TYPE" == "rsa" ]]; then
echo -e "${BOLD}${MAGENTA}-H|--hardware-key${RESET} flag is not valid for ${BOLD}${MAGE}rsa${RESET} keys ${BOLD}${CYAN}(use ed25519 instead)${RESET}"
echo -e "${BOLD}${MAGENTA}-H|--hardware-key${RESET} flag is not valid for ${BOLD}${MAGENTA}RSA keys${RESET} ${BOLD}${CYAN}(use Ed25519 instead)${RESET}"
exit 1
fi
TYPE="$TYPE-sk"