doc/authentication: mention ECDSA keys as recommend

[simondeziel]

No description provided.

[lxc-jenkins]

Documentation preview available at: https://linuxcontainers.org/lxd/docs/pr.10126/

[tomponline]

Do you have a reason/source for that recommendation out of interest?

[simondeziel]

Do you have a reason/source for that recommendation out of interest?

For the recommendation itself, not specifically, but in general, elliptic curve keys are recommended over RSA ones.

For the name used to refer to them, it's mostly because I've never seen those referred to as EC384 and EC being a generic term. What LXD generates is an ECDSA key using curve P-384 (the NIST curve is described in https://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf). OpenSSL refers to this curve as "secp384r1". Here's an example of a LXD generated key:

$ openssl x509 -noout -text -in cert.pem
Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            52:60:a5:fe:06:c8:00:92:c9:ad:76:68:d3:c2:0e:de
        Signature Algorithm: ecdsa-with-SHA384
        Issuer: O = linuxcontainers.org, CN = root@shell01
        Validity
            Not Before: Nov 28 21:37:28 2021 GMT
            Not After : Nov 26 21:37:28 2031 GMT
        Subject: O = linuxcontainers.org, CN = root@shell01
        Subject Public Key Info:
            Public Key Algorithm: id-ecPublicKey
                Public-Key: (384 bit)
                pub:
                    04:10:83:f2:19:0c:36:e8:d3:6b:5d:b6:c2:21:fd:
                    d4:4f:70:d4:83:70:60:3a:6e:99:e5:70:40:75:35:
                    13:f0:af:06:62:a8:a4:52:50:0f:0f:6d:65:24:40:
                    13:a3:bc:ca:56:34:2f:a4:87:a6:66:65:cf:c7:b0:
                    e5:c8:3b:8a:41:cd:b9:56:49:16:d7:2d:09:03:6d:
                    76:b3:2a:2f:b0:a3:58:6e:19:13:a0:cf:da:40:65:
                    f2:ca:bf:d5:96:a0:c4
                ASN1 OID: secp384r1
                NIST CURVE: P-384
        X509v3 extensions:
            X509v3 Key Usage: critical
                Digital Signature, Key Encipherment
            X509v3 Extended Key Usage: 
                TLS Web Server Authentication
            X509v3 Basic Constraints: critical
                CA:FALSE
            X509v3 Subject Alternative Name: 
                DNS:shell01, IP Address:127.0.0.1, IP Address:0:0:0:0:0:0:0:1
    Signature Algorithm: ecdsa-with-SHA384
         30:65:02:31:00:a9:32:87:12:fa:a4:6a:da:6d:36:02:1b:76:
         27:6a:5b:be:21:cb:a1:08:d8:7f:a6:e6:4d:f9:ea:06:de:7b:
         7c:4c:6f:6c:5f:d1:34:84:ca:71:8f:bb:39:4f:af:b9:2c:02:
         30:62:29:94:b6:02:b5:e1:18:f9:6b:d6:23:28:7d:b8:b3:94:
         b6:46:fc:6c:ff:3c:a7:b8:ff:8e:d8:5f:43:63:d9:64:11:a3:
         36:ab:81:3f:00:64:4c:00:7a:7c:f5:0a:ae

In the Subject Public Key Info section, we see the ASN1 OID and NIST CURVE names.

The terminology I've used is probably not 100% correct since there are many curves using "384 bit prime field" (see openssl ecparam -list_curves | grep 384) but it is a more common way to designate the thing ;) It also removes some ambiguity with EdDSA which I have yet to test with LXD as I ran into golang/go#47689.