maxgoedjen
commented
2 years ago @icemanreddy currently the only key type that the SEP can generate (at least, as far as I'm aware) are ECDSA keys. If that changes, I plan to support those new types (I'm personally pretty interested in Curve25519 keys, but while they're supported in general on macOS, the SEP doesn't support them currently).
In terms of the "considered insecure" bit – IMO it's a bit conspiracy-theorist-ish – basically there's some concern that American security agencies may have backdoored it. Honestly, it's possible that's true, but In the event that your threat model includes "attacks from nation states" I can't say I'd recommend Secretive anyway. Overall my my feeling is if it's good enough for Apple, it's good enough for any use case I could have for it.
Is it possible to choose different algorithms while generating the keys ? Is "ecdsa-sha2-nistp256" considered secure ?I have seen online content which labels this algorithm insecure
Ref: https://www.smartftp.com/en-us/support/kb/2725 https://materials.rangeforce.com/tutorial/2020/02/13/SSH-Audit/#:~:text=For%20example%2C%20the%20ecdsa%2Dsha2,SafeCurves%20website%20for%20more%20information.