Add support for ed25519 SSH keys.

[jackdorland]

Hello! I'd like to request a feature that would benefit all users of Krypton.

SSH-RSA has been shown to be insecure when <4096 bits are applied. Soon enough, we may see the Fall of RSA. A new, much more safe standard named ed25519 has been developed, however Krypton cannot generate any other SSH except for RSA. This is concerning, not only because Krypton cannot generate multiple keys for you, but that RSA has been recently shown to be insecure.

Many more developers are switching to ed25519 as a result of this. If this is currently in the Krypton mobile app, I haven't been able to find it.

[agrinman]

Krypton supports ed25519 and nistp256

[jackdorland]

Where? I'm looking in the Krypton iOS app and all I can see is my already-generated 4096 bit RSA key.

[jackdorland]

I've seen this issue mentioned in krypton-ios; and yet I can't find the ability to generate a ed25519?

[agrinman]

Turn on developer mode and close and reopen settings, and if you delete the key you will be prompted.

Btw, re: rsa — that article isn’t saying rsa is broken, it’s saying most implementations have bugs. We’re using standard iOS built in primitives here. Default is rsa because a lot of ssh servers still don’t support ed25519 — ie AWS EC2 (last I checked).

[jackdorland]

Thanks; I was also wondering: In that issue from 2 years ago, it seems that multi-key support still hasn't been added. Is this being worked on?

[agrinman]

Still open issues around how to do the UI and key selection. It’s unfortunately harder than it seems and isn’t a priority right now

[jackdorland]

Do I have to completely reset Krypton? Will my TOTP reset, too?

[jackdorland]

I guess not. Thanks again;