Support EdDSA/Ed25519 certificates #26
Labels
Comments
|
Hi! I'd really like to manage keypairs for wireguard in Terraform, but that would require generation of Curve25519 keys. Is this possibly on the roadmap? thanks! |
|
Go 1.13 is out, and now it supports ED25519 in it's standard library: https://golang.org/doc/go1.13#crypto/ed25519 So there's nothing in the way for terraform-provider-tls to start supporting ed25519 keys. |
invidian
referenced
this issue
in invidian/terraform-provider-tls
Oct 3, 2019
This is prerequisite to support creating ed25519 keys. Refs #26 Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com>
invidian
referenced
this issue
in invidian/terraform-provider-tls
Oct 3, 2019
This commit add support for ED25519 algorithm when generating tls_private_key resource. Closes #26 Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com>
invidian
referenced
this issue
in invidian/terraform-provider-tls
Oct 3, 2019
This commit add support for ED25519 algorithm when generating tls_private_key resource. Refs #26 Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com>
|
Created PR which adds support for generating ed25519 keys: #59. |
invidian
referenced
this issue
in invidian/terraform-provider-tls
Oct 4, 2019
This commit add support for ED25519 algorithm when generating tls_private_key resource. Refs #26 Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com>
invidian
referenced
this issue
in invidian/terraform-provider-tls
Dec 4, 2019
This commit add support for ED25519 algorithm when generating tls_private_key resource. Refs #26 Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com>
invidian
referenced
this issue
in invidian/terraform-provider-tls
Dec 5, 2019
This commit add support for ED25519 algorithm when generating tls_private_key resource. Refs #26 Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com>
invidian
referenced
this issue
in invidian/terraform-provider-tls
Dec 6, 2019
This commit add support for ED25519 algorithm when generating tls_private_key resource. Refs #26 Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com>
invidian
referenced
this issue
in invidian/terraform-provider-tls
Dec 23, 2019
This commit adds private_key_openssh attribute, which always contains private key in format, which is compatible with OpenSSH. This allows to produce ED25519 private key in OpenSSL compatible format in private_key_pem attribute and OpenSSH-compatible format in this new attribute. Other key types are the same in private_key_pem and private_key_openssh, as OpenSSH can read them. In the future, this could be changed to produce all private keys OpenSSH native format. Refs #26 Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com>
|
This was merged some time ago, but it was never released. When can we expect a release with PR#1? |
|
Any updates on this one? |
|
I am also waiting for this feature to be released. |
The PR #59 is up for 6 months now with no feedback. This is just sad. @apparentlymart maybe you could help us somehow with it? |
someara
pushed a commit
to someara/terraform-provider-tls
that referenced
this issue
Jul 27, 2020
This is prerequisite to support creating ed25519 keys. Refs hashicorp#26 Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com>
someara
pushed a commit
to someara/terraform-provider-tls
that referenced
this issue
Jul 27, 2020
This commit add support for ED25519 algorithm when generating tls_private_key resource. Refs hashicorp#26 Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com>
someara
pushed a commit
to someara/terraform-provider-tls
that referenced
this issue
Jul 27, 2020
This commit adds private_key_openssh attribute, which always contains private key in format, which is compatible with OpenSSH. This allows to produce ED25519 private key in OpenSSL compatible format in private_key_pem attribute and OpenSSH-compatible format in this new attribute. Other key types are the same in private_key_pem and private_key_openssh, as OpenSSH can read them. In the future, this could be changed to produce all private keys OpenSSH native format. Refs hashicorp#26 Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com>
invidian
referenced
this issue
in invidian/terraform-provider-tls
Aug 21, 2020
This is prerequisite to support creating ed25519 keys. Refs #26 Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com>
invidian
referenced
this issue
in invidian/terraform-provider-tls
Aug 21, 2020
This commit add support for ED25519 algorithm when generating tls_private_key resource. Refs #26 Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com>
invidian
referenced
this issue
in invidian/terraform-provider-tls
Aug 21, 2020
This commit adds private_key_openssh attribute, which always contains private key in format, which is compatible with OpenSSH. This allows to produce ED25519 private key in OpenSSL compatible format in private_key_pem attribute and OpenSSH-compatible format in this new attribute. Other key types are the same in private_key_pem and private_key_openssh, as OpenSSH can read them. In the future, this could be changed to produce all private keys OpenSSH native format. Refs #26 Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com>
invidian
referenced
this issue
in invidian/terraform-provider-tls
Nov 22, 2020
This commit add support for ED25519 algorithm when generating tls_private_key resource. Refs #26 Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com>
invidian
referenced
this issue
in invidian/terraform-provider-tls
Nov 22, 2020
This commit adds private_key_openssh attribute, which always contains private key in format, which is compatible with OpenSSH. This allows to produce ED25519 private key in OpenSSL compatible format in private_key_pem attribute and OpenSSH-compatible format in this new attribute. Other key types are the same in private_key_pem and private_key_openssh, as OpenSSH can read them. In the future, this could be changed to produce all private keys OpenSSH native format. Refs #26 Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com>
invidian
referenced
this issue
in invidian/terraform-provider-tls
Nov 22, 2020
This commit add support for ED25519 algorithm when generating tls_private_key resource. Refs #26 Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com>
invidian
referenced
this issue
in invidian/terraform-provider-tls
Nov 22, 2020
This commit adds private_key_openssh attribute, which always contains private key in format, which is compatible with OpenSSH. This allows to produce ED25519 private key in OpenSSL compatible format in private_key_pem attribute and OpenSSH-compatible format in this new attribute. Other key types are the same in private_key_pem and private_key_openssh, as OpenSSH can read them. In the future, this could be changed to produce all private keys OpenSSH native format. Refs #26 Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com>
|
Any news about implementing the ed25519 algorithm ? |
|
@PhilippeChepy have you had a look at https://registry.terraform.io/providers/invidian/tls/latest |
|
Any news on this one? |
invidian
referenced
this issue
in invidian/terraform-provider-tls
Jan 3, 2022
This commit add support for ED25519 algorithm when generating tls_private_key resource. Refs #26 Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com>
invidian
referenced
this issue
in invidian/terraform-provider-tls
Jan 3, 2022
This commit adds private_key_openssh attribute, which always contains private key in format, which is compatible with OpenSSH. This allows to produce ED25519 private key in OpenSSL compatible format in private_key_pem attribute and OpenSSH-compatible format in this new attribute. Other key types are the same in private_key_pem and private_key_openssh, as OpenSSH can read them. In the future, this could be changed to produce all private keys OpenSSH native format. Refs #26 Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com>
|
Still not supported after 3.5 years? |
|
Thank you for your time and contribution, we really appreciate it. As part of a bigger effort to add complete support for ED25519 key algorithm, I’m closing this in favor of issue #150. Please refer to the new issue for what will be included and how work will proceed. |
detro
pushed a commit
that referenced
this issue
Feb 18, 2022
This commit add support for ED25519 algorithm when generating tls_private_key resource. Refs #26 Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com>
detro
pushed a commit
that referenced
this issue
Feb 18, 2022
This commit adds private_key_openssh attribute, which always contains private key in format, which is compatible with OpenSSH. This allows to produce ED25519 private key in OpenSSL compatible format in private_key_pem attribute and OpenSSH-compatible format in this new attribute. Other key types are the same in private_key_pem and private_key_openssh, as OpenSSH can read them. In the future, this could be changed to produce all private keys OpenSSH native format. Refs #26 Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com>
detro
pushed a commit
that referenced
this issue
Feb 18, 2022
This commit add support for ED25519 algorithm when generating tls_private_key resource. Refs #26 Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com>
detro
pushed a commit
that referenced
this issue
Feb 18, 2022
This commit adds private_key_openssh attribute, which always contains private key in format, which is compatible with OpenSSH. This allows to produce ED25519 private key in OpenSSL compatible format in private_key_pem attribute and OpenSSH-compatible format in this new attribute. Other key types are the same in private_key_pem and private_key_openssh, as OpenSSH can read them. In the future, this could be changed to produce all private keys OpenSSH native format. Refs #26 Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com>
detro
pushed a commit
that referenced
this issue
Feb 22, 2022
This commit add support for ED25519 algorithm when generating tls_private_key resource. Refs #26 Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com>
detro
pushed a commit
that referenced
this issue
Feb 22, 2022
This commit adds private_key_openssh attribute, which always contains private key in format, which is compatible with OpenSSH. This allows to produce ED25519 private key in OpenSSL compatible format in private_key_pem attribute and OpenSSH-compatible format in this new attribute. Other key types are the same in private_key_pem and private_key_openssh, as OpenSSH can read them. In the future, this could be changed to produce all private keys OpenSSH native format. Refs #26 Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com>
detro
pushed a commit
that referenced
this issue
Feb 24, 2022
…151) * r/private_key: Add support for ed25519 algorithm This commit add support for ED25519 algorithm when generating tls_private_key resource. Refs #26 Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com> * r/private_key: Add private_key_openssh attribute This commit adds private_key_openssh attribute, which always contains private key in format, which is compatible with OpenSSH. This allows to produce ED25519 private key in OpenSSL compatible format in private_key_pem attribute and OpenSSH-compatible format in this new attribute. Other key types are the same in private_key_pem and private_key_openssh, as OpenSSH can read them. In the future, this could be changed to produce all private keys OpenSSH native format. Refs #26 Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com> * Utility package to marshal `crypto.PrivateKey` to OpenSSH PEM format This is a temporary solution. The content is cherry-picked from Cherry-picking from https://go-review.googlesource.com/c/crypto/+/218620. Once that is upstreamed, we can remove this and use methods from the official `x/crypto/ssh` module. * Removing `marshalED25519PrivateKey` from `util.go` in favour of the (temporary) `openssh` package * Adding type `Algorithm` to use in maps and signatures The purpose of this is to reduce the reliance on generic `string` and lean a bit more on the compiler. * Switching to use the `openssh` package for generating OpenSSH PEM formatted keys Notice the "gotchas" around ECDSA elliptic P-224 curves * Adding `public_key_fingerprint_sha256` attribute to `tls_private_key` resource * Update `tls_private_key` resource testing to reflect all the recent changes * Adding attribute `public_key_fingerprint_sha256` to `tls_public_key` data source This is necessary as the function `readPublicKey()` is shared between resources and data sources. * Updating website documentation for `tls_private_key` resource and `tls_public_key` data source. They are both getting updated as they share the `utils.go#readPublicKey()` function. * Update internal/openssh/lib_test.go (typo) Co-authored-by: kmoe <5575356+kmoe@users.noreply.github.com> * Update website/docs/r/private_key.html.md Co-authored-by: kmoe <5575356+kmoe@users.noreply.github.com> * Update internal/openssh/lib_test.go Co-authored-by: kmoe <5575356+kmoe@users.noreply.github.com> * Fixing indentation * Removing dependency on `testify` as requested by Katy Moe * Rewarding description for 2 fields * Moving "types" into "types.go" and out of "util.go" * Adding input argument validations to `tls_private_key` * Updating markdown documentation to address PR feedback * Avoided creating exported constants in `internal/openssh` library as this is a temporary solution We want to get rid of it as soon as #154 becomes actionable * Fix typo: marshall -> marshal * Adding a 'copyright header' on the 'internal/openssh/lib.go' file Co-authored-by: Mateusz Gozdek <mgozdekof@gmail.com> Co-authored-by: kmoe <5575356+kmoe@users.noreply.github.com>
jackivanov
pushed a commit
to jackivanov/terraform-provider-tls
that referenced
this issue
Aug 4, 2022
…ashicorp#151) * r/private_key: Add support for ed25519 algorithm This commit add support for ED25519 algorithm when generating tls_private_key resource. Refs hashicorp#26 Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com> * r/private_key: Add private_key_openssh attribute This commit adds private_key_openssh attribute, which always contains private key in format, which is compatible with OpenSSH. This allows to produce ED25519 private key in OpenSSL compatible format in private_key_pem attribute and OpenSSH-compatible format in this new attribute. Other key types are the same in private_key_pem and private_key_openssh, as OpenSSH can read them. In the future, this could be changed to produce all private keys OpenSSH native format. Refs hashicorp#26 Signed-off-by: Mateusz Gozdek <mgozdekof@gmail.com> * Utility package to marshal `crypto.PrivateKey` to OpenSSH PEM format This is a temporary solution. The content is cherry-picked from Cherry-picking from https://go-review.googlesource.com/c/crypto/+/218620. Once that is upstreamed, we can remove this and use methods from the official `x/crypto/ssh` module. * Removing `marshalED25519PrivateKey` from `util.go` in favour of the (temporary) `openssh` package * Adding type `Algorithm` to use in maps and signatures The purpose of this is to reduce the reliance on generic `string` and lean a bit more on the compiler. * Switching to use the `openssh` package for generating OpenSSH PEM formatted keys Notice the "gotchas" around ECDSA elliptic P-224 curves * Adding `public_key_fingerprint_sha256` attribute to `tls_private_key` resource * Update `tls_private_key` resource testing to reflect all the recent changes * Adding attribute `public_key_fingerprint_sha256` to `tls_public_key` data source This is necessary as the function `readPublicKey()` is shared between resources and data sources. * Updating website documentation for `tls_private_key` resource and `tls_public_key` data source. They are both getting updated as they share the `utils.go#readPublicKey()` function. * Update internal/openssh/lib_test.go (typo) Co-authored-by: kmoe <5575356+kmoe@users.noreply.github.com> * Update website/docs/r/private_key.html.md Co-authored-by: kmoe <5575356+kmoe@users.noreply.github.com> * Update internal/openssh/lib_test.go Co-authored-by: kmoe <5575356+kmoe@users.noreply.github.com> * Fixing indentation * Removing dependency on `testify` as requested by Katy Moe * Rewarding description for 2 fields * Moving "types" into "types.go" and out of "util.go" * Adding input argument validations to `tls_private_key` * Updating markdown documentation to address PR feedback * Avoided creating exported constants in `internal/openssh` library as this is a temporary solution We want to get rid of it as soon as hashicorp#154 becomes actionable * Fix typo: marshall -> marshal * Adding a 'copyright header' on the 'internal/openssh/lib.go' file Co-authored-by: Mateusz Gozdek <mgozdekof@gmail.com> Co-authored-by: kmoe <5575356+kmoe@users.noreply.github.com>
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Would be nice to support EdDSA/Ed25519 certificates. I tried to put together a PR, but without hackey workarounds, it looks like it's going to need some upstream changes in x509: golang/go#25355
The text was updated successfully, but these errors were encountered: