vstakhov
commented
1 year ago I have checked the issue and I see no easy way to reach this goal preserving compatibility with the older versions of OpenSSL. Hence, I have no short term plans to work on this issue.
Summary
Currently, Rspamd cannot load PEM-encoded ed25519 keys and thinks they are RSA keys. Now that OpenSSL supports ed25519, I believe there are no benefits in using a custom and non-portable key format for ed25519 keys.
Here's an error when I try to specify PEM-encoded ed25519 key for DKIM signing:
#2922(normal) <d670be>; task; dkim_module_load_key_format: cannot load dkim key /etc/rspamd/local.d/dkim/<domain>.key: cannot extract rsa key from evp keyMotivation
I would like to automate DKIM keys generation for my domain without having the
rspamdpackage on my machine. I tried to use OpenSSL for that, which worked fine for RSA keys but not for ed25519 keys. I also do not like the fact that there are no utilities (at least to my knowledge) to convert Rspamd-generated ed25519 keys to more standard formats (or vice versa), which further complicates my automation tooling. This change might also simplify migration from other DKIM signing solutions.Describe alternatives you've considered
As far as I know, there are no other tools to generate ed25519 keys in rspamd-compatible format other than using the
rspamadm dkim_keygencommand.