Adding support for ECDSA NIST curve SSH keys

FiloSottile / age

A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.

https://age-encryption.org

BSD 3-Clause "New" or "Revised" License

15.75k stars 475 forks source link

Adding support for ECDSA NIST curve SSH keys #522

Closed fakegermano closed 3 months ago

fakegermano commented 10 months ago

As they are becoming more common in the field, This PR adds support for the use of that type of key for encryption/decryption.

This PR also makes use of the new go 1.21 ecdh package that natively implements the key exchange for elliptic curves (supports all X25519 andP256, P384 and P521).

I can also add similar PRs for the rust and typescript implementations when I have time, but let me know if I have missed something or messed something up, or If I need to add more tests :)

fakegermano commented 3 months ago

as per this: https://github.com/FiloSottile/age/issues/142 (which I discovered very late I know) I will close this MR, as it seems we do not intend to add the feature for security reasons.