mirror of
https://codeberg.org/tyy/aspm
synced 2025-01-10 09:59:29 -07:00
Add warning about ed25519 keys and default to NIST P-256 generation
This commit is contained in:
parent
86ffe01c4d
commit
25cc99e033
1 changed files with 13 additions and 3 deletions
|
@ -7,7 +7,7 @@ use argon2::{password_hash::SaltString, Argon2, PasswordHasher};
|
||||||
use asp::keys::{AspKey, AspKeyType};
|
use asp::keys::{AspKey, AspKeyType};
|
||||||
use clap::{Parser, ValueEnum};
|
use clap::{Parser, ValueEnum};
|
||||||
use data_encoding::BASE64_NOPAD;
|
use data_encoding::BASE64_NOPAD;
|
||||||
use dialoguer::{theme::ColorfulTheme, Input, Password};
|
use dialoguer::{theme::ColorfulTheme, Confirm, Input, Password};
|
||||||
use indoc::printdoc;
|
use indoc::printdoc;
|
||||||
use sea_orm::{ActiveValue, EntityTrait};
|
use sea_orm::{ActiveValue, EntityTrait};
|
||||||
|
|
||||||
|
@ -24,8 +24,8 @@ pub enum KeyGenerationType {
|
||||||
#[derive(Parser, Debug)]
|
#[derive(Parser, Debug)]
|
||||||
pub struct KeysGenerateCommand {
|
pub struct KeysGenerateCommand {
|
||||||
/// The type of key to generate. This must either be Ed25519, or ES256. This argument is case-insensitive.
|
/// The type of key to generate. This must either be Ed25519, or ES256. This argument is case-insensitive.
|
||||||
/// It doesn't really matter that much which one is used, as they both work fine, but Ed25519 is used as a safe default.
|
/// Because of a lack of Ed25519 support in browsers, ES256 is used as a default. By choosing an Ed25519 key, profiles may not work appropriately in browser settings.
|
||||||
#[clap(value_enum, default_value_t = KeyGenerationType::Ed25519, long_about, ignore_case = true)]
|
#[clap(value_enum, default_value_t = KeyGenerationType::ES256, long_about, ignore_case = true)]
|
||||||
key_type: KeyGenerationType,
|
key_type: KeyGenerationType,
|
||||||
/// The alias of the key to generate. This can be anything, and it can also be omitted to prompt interactively. This has no purpose other than providing a way to nicely name keys, rather than having to remember a fingerprint.
|
/// The alias of the key to generate. This can be anything, and it can also be omitted to prompt interactively. This has no purpose other than providing a way to nicely name keys, rather than having to remember a fingerprint.
|
||||||
#[arg(short = 'n', long)]
|
#[arg(short = 'n', long)]
|
||||||
|
@ -35,6 +35,16 @@ pub struct KeysGenerateCommand {
|
||||||
#[async_trait::async_trait]
|
#[async_trait::async_trait]
|
||||||
impl AspmSubcommand for KeysGenerateCommand {
|
impl AspmSubcommand for KeysGenerateCommand {
|
||||||
async fn execute(&self, state: crate::AspmState) -> Result<(), anyhow::Error> {
|
async fn execute(&self, state: crate::AspmState) -> Result<(), anyhow::Error> {
|
||||||
|
if self.key_type == KeyGenerationType::Ed25519 {
|
||||||
|
let confirmation = Confirm::with_theme(&ColorfulTheme::default())
|
||||||
|
.with_prompt("You are creating an Ed25519 key. Before confirming, please make sure you are aware that this may not be supported in browser environments, such as being viewed on https://keyoxide.org. Are you sure you want to create an Ed25519 key?")
|
||||||
|
.default(false)
|
||||||
|
.interact()
|
||||||
|
.context("Unable to prompt on stderr")?;
|
||||||
|
|
||||||
|
if !confirmation { return Ok(()) }
|
||||||
|
}
|
||||||
|
|
||||||
let alias = if let Some(alias) = &self.key_alias {
|
let alias = if let Some(alias) = &self.key_alias {
|
||||||
alias.clone()
|
alias.clone()
|
||||||
} else {
|
} else {
|
||||||
|
|
Loading…
Reference in a new issue