-
Notifications
You must be signed in to change notification settings - Fork 19
Support non RSA keys #6
Comments
#9 adds support for ECDSA keys. The problem with ed25519 is that Go doesn't support EdDSA certificates (yet): golang/go#25355. According to the milestone tag, support is supposed to be added in Go 1.12, although it's already pretty late in the process (the beta was released in mid December already), so it might not make it. |
Is there any way to explicitly include the libp2p key type in the certificate? I'm worried about future extensions where we have multiple key types that map to the same wire format in TLS1.3. |
There's also the intersection between this and libp2p/specs#111. We may need to be able to encode additional metadata. |
I'm not sure I fully understand the whole discussion of libp2p/specs#111, but wouldn't using arbitrary keys and hash functions (as opposed to those supported by TLS) mean that we can't use certificate-based authentication at all? |
We just need to be able to derive:
We should still be able to use certificates, we just need to transmit enough information to get 1 which will allow us to derive 2. |
How exactly would we derive the libp2p key? Since you're highlighting libp2p key, I'm assuming that it might be different from the key used in the certificate. |
I mean the key as defined in https://github.com/libp2p/go-libp2p-crypto/. For now, we're fine. However, with libp2p/specs#111, we'll add a new field (to indicate the hash algorithm we're using to generate the peer ID) to https://github.com/libp2p/go-libp2p-crypto/blob/master/pb/crypto.proto. We'll need to somehow include this in the key we send with TLS. |
That sounds doable. We'll define a new |
My thinking is:
That way, we always preserve all additional keys. Note: Relates to https://github.com/libp2p/go-libp2p-crypto/issues/51. |
So, js-libp2p-crypto is currently using node-forge. It looks like adding an extension should be fairly straightforward. |
Fixed by #20. |
E.g., ed25519.
The text was updated successfully, but these errors were encountered: