1
0
Fork 0
mirror of https://codeberg.org/tyy/aspm synced 2024-12-22 20:39:29 -07:00

Add warning about ed25519 keys and default to NIST P-256 generation

This commit is contained in:
Tyler Beckman 2024-02-28 21:17:54 -07:00
parent 86ffe01c4d
commit 25cc99e033
Signed by: Ty
GPG key ID: 2813440C772555A4

View file

@ -7,7 +7,7 @@ use argon2::{password_hash::SaltString, Argon2, PasswordHasher};
use asp::keys::{AspKey, AspKeyType}; use asp::keys::{AspKey, AspKeyType};
use clap::{Parser, ValueEnum}; use clap::{Parser, ValueEnum};
use data_encoding::BASE64_NOPAD; use data_encoding::BASE64_NOPAD;
use dialoguer::{theme::ColorfulTheme, Input, Password}; use dialoguer::{theme::ColorfulTheme, Confirm, Input, Password};
use indoc::printdoc; use indoc::printdoc;
use sea_orm::{ActiveValue, EntityTrait}; use sea_orm::{ActiveValue, EntityTrait};
@ -24,8 +24,8 @@ pub enum KeyGenerationType {
#[derive(Parser, Debug)] #[derive(Parser, Debug)]
pub struct KeysGenerateCommand { pub struct KeysGenerateCommand {
/// The type of key to generate. This must either be Ed25519, or ES256. This argument is case-insensitive. /// The type of key to generate. This must either be Ed25519, or ES256. This argument is case-insensitive.
/// It doesn't really matter that much which one is used, as they both work fine, but Ed25519 is used as a safe default. /// Because of a lack of Ed25519 support in browsers, ES256 is used as a default. By choosing an Ed25519 key, profiles may not work appropriately in browser settings.
#[clap(value_enum, default_value_t = KeyGenerationType::Ed25519, long_about, ignore_case = true)] #[clap(value_enum, default_value_t = KeyGenerationType::ES256, long_about, ignore_case = true)]
key_type: KeyGenerationType, key_type: KeyGenerationType,
/// The alias of the key to generate. This can be anything, and it can also be omitted to prompt interactively. This has no purpose other than providing a way to nicely name keys, rather than having to remember a fingerprint. /// The alias of the key to generate. This can be anything, and it can also be omitted to prompt interactively. This has no purpose other than providing a way to nicely name keys, rather than having to remember a fingerprint.
#[arg(short = 'n', long)] #[arg(short = 'n', long)]
@ -35,6 +35,16 @@ pub struct KeysGenerateCommand {
#[async_trait::async_trait] #[async_trait::async_trait]
impl AspmSubcommand for KeysGenerateCommand { impl AspmSubcommand for KeysGenerateCommand {
async fn execute(&self, state: crate::AspmState) -> Result<(), anyhow::Error> { async fn execute(&self, state: crate::AspmState) -> Result<(), anyhow::Error> {
if self.key_type == KeyGenerationType::Ed25519 {
let confirmation = Confirm::with_theme(&ColorfulTheme::default())
.with_prompt("You are creating an Ed25519 key. Before confirming, please make sure you are aware that this may not be supported in browser environments, such as being viewed on https://keyoxide.org. Are you sure you want to create an Ed25519 key?")
.default(false)
.interact()
.context("Unable to prompt on stderr")?;
if !confirmation { return Ok(()) }
}
let alias = if let Some(alias) = &self.key_alias { let alias = if let Some(alias) = &self.key_alias {
alias.clone() alias.clone()
} else { } else {