Use ECC instead of RSA - Githubissues

ez-org / eznode

✨ A simple pruning-friendly setup for a personal bitcoin full node

https://ezno.de

MIT License

55 stars 7 forks source link

Use ECC instead of RSA #14

Closed emanuelb closed 3 years ago

emanuelb commented 3 years ago

RSA is used in: https://github.com/ez-org/eznode/blob/59a5766c5a97a7659160d5445d2f5226326e80c2/nginx/selfsigned.sh#L9-L13

and in dropbear/run file and related: https://github.com/ez-org/eznode/blob/59a5766c5a97a7659160d5445d2f5226326e80c2/.travis.yml#L38

Generating ECC keys (Ed25519 better if possible) instead result in better performance.

also the -subj '/' should be replaced with more relevant or meaningful subject.

shesek commented 3 years ago

Changed to EC keys in 3926187a0e266ecade8d86c9ada08ea266c60710 and 794b5034fbd71c484c3f4b5087cf41ca4e1df44c.

also the -subj '/' should be replaced with more relevant or meaningful subject.

I intentionally didn't want to use a unique subject common name that would identify the server as running bitcoin-related software. Using the minimally valid subject seemed like a good choice (hopefully used elsewhere too, so not too identifying).

In any case, I made it configurable via a new SELFSIGNED_SUBJECT environment variable in e142dc845e4ec30fff390107c259099aa3402b2c.

emanuelb commented 3 years ago

Using the minimally valid subject seemed like a good choice (hopefully used elsewhere too, so not too identifying).

good idea in general, worth to look for common subjects in dataset of scarping of SSL certs over the internet (in case there better default then /) like: https://www.eff.org/observatory or more newer projects, I don't know what the default/common name other projects with same consideration are using.

Anyway closing this issue as it's fixed (RSA changed to ECC & new SELFSIGNED_SUBJECT environment variable)