From c054be83eba8eb385d71f75e173ea4fd2d0856b9 Mon Sep 17 00:00:00 2001
From: Alex <git@pentive.com>
Date: Thu, 10 Aug 2023 16:19:35 -0500
Subject: [PATCH] EdDSA => ECDSA

browsers don't currently support EdDSA
---
 cwa/src/peerSync.ts                         | 2 +-
 design-decisions/example.pentive.secrets.sh | 6 ++++--
 2 files changed, 5 insertions(+), 3 deletions(-)

diff --git a/cwa/src/peerSync.ts b/cwa/src/peerSync.ts
index 9fce9f33..8dc630e8 100644
--- a/cwa/src/peerSync.ts
+++ b/cwa/src/peerSync.ts
@@ -1,7 +1,7 @@
 import { importPKCS8, SignJWT } from "jose"
 import { type UserId } from "shared"
 
-export const alg = "EdDSA"
+export const alg = "ES512"
 
 export async function getPeerToken(userId: UserId, privateKeyString: string) {
   const privateKey = await importPKCS8(privateKeyString, alg)
diff --git a/design-decisions/example.pentive.secrets.sh b/design-decisions/example.pentive.secrets.sh
index 6a9ef8bd..b3678d50 100644
--- a/design-decisions/example.pentive.secrets.sh
+++ b/design-decisions/example.pentive.secrets.sh
@@ -35,8 +35,10 @@ export developmentGithubSecret=
 export productionGithubSecret=
 
 # generate via:
-#     openssl genpkey -algorithm ed25519 -out peerSyncPrivateKey.key
-#     openssl pkey -in peerSyncPrivateKey.key -pubout -out peerSyncPublicKey.pem
+#     openssl ecparam -name secp521r1 -genkey -noout -out private.ec.key
+#     openssl pkcs8 -topk8 -nocrypt -in private.ec.key -out private.pem
+#     openssl ec -in private.pem -pubout -out public.pem
+# use public.pem and private.pem
 export developmentPeerSyncPublicKey="-----BEGIN PUBLIC KEY-----
 foo
 -----END PUBLIC KEY-----"