Skip to content

init-pki: Introduce configurable cryptography #1397

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 6 commits into
base: master
Choose a base branch
from
Open

init-pki: Introduce configurable cryptography #1397

wants to merge 6 commits into from

Conversation

TinCanTech
Copy link
Collaborator

init-pki can now create a preconfigured 'vars' file, to use Elliptic curve or Edwards curve cryptography.

These options can be used to configure init-pki, in the following order:

  • init-pki curve-name: Acepted values any Elliptic or Edwards curve
    'curve-name' will preset algorithm.

  • init-pki algorithm: Acepted values ec or ed
    'algorithm' will opportunistically preset 'curve-name'

Command options take priority over Global options

  • Global option --curve
  • Global option --use-algo

@TinCanTech
init-pki: Introduce configurable cryptography
a8da392 
init-pki can now create a preconfigured 'vars' file, to use Elliptic curve
or Edwards curve cryptography.

These options can be used to configure init-pki, in the following order:

* init-pki curve-name: Acepted values any Elliptic or Edwards curve
  'curve-name' will preset algorithm.
* init-pki algorithm: Acepted values ec or ed
  'algorithm' will opportunistically preset 'curve-name'

Command options take priority over Global options
* Global option --curve
* Global option --use-algo

Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech TinCanTech self-assigned this Oct 6, 2025
@TinCanTech TinCanTech added this to the v3.2.5 milestone Oct 6, 2025
@TinCanTech TinCanTech linked an issue Oct 6, 2025 that may be closed by this pull request
Consider switching default from RSA to EC #1387
Open
@TinCanTech
ChangeLog: init-pki: Introduce configurable cryptography
fe9d03e 
Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech
Fold build_ecparam_file() into verify_algo_params()
7669cc7 
Generate an EC parameters file only when a tmp-dir exists and
only for algorithm 'ec'.

Allow a user supplied EC parameters file as $EASYRSA_ALGO_PARAMS.

Remove build_ecparam_file().

Signed-off-by: Richard T Bonhomme <[email protected]>
@TinCanTech TinCanTech force-pushed the init-pki-ec-ed-v2-auto-vars branch from e286272 to 7669cc7 Compare October 7, 2025 19:45
@TinCanTech TinCanTech linked an issue Oct 7, 2025 that may be closed by this pull request
peer-fingerprint mode: Allow show-cert to be used #1398
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@TinCanTech TinCanTech

Labels
documentation Feature request MAJOR CHANGE
Projects
None yet
Milestone
v3.2.5
Development

Successfully merging this pull request may close these issues.

peer-fingerprint mode: Allow show-cert to be used Consider switching default from RSA to EC
1 participant
@TinCanTech