Skip to content

change default keygen key type #760

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 3 commits into from
Feb 21, 2025
Merged

change default keygen key type #760

merged 3 commits into from
Feb 21, 2025

Conversation

tgauth
Copy link
Collaborator

@tgauth tgauth commented Nov 5, 2024

PR Summary

  • change default key type to ecdsa

@panekj
Copy link

panekj commented Nov 6, 2024

What is the reason to downgrade from better key type to the NIST one, especially since ECDSA isn't popular choice at all?

@tgauth tgauth requested a review from TravisEz13 November 12, 2024 19:07
@tgauth
Copy link
Collaborator Author

tgauth commented Nov 15, 2024

What is the reason to downgrade from better key type to the NIST one, especially since ECDSA isn't popular choice at all?

OpenSSH's ed25519 is currently hardcoded to OpenSSH's implementation, rather than being routed to OpenSSL, making it much harder to FIPS certify.
As far as CNSA (https://media.defense.gov/2022/Sep/07/2003071834/-1/-1/0/CSA_CNSA_2.0_ALGORITHMS_.PDF) is concerned, the recent update of default key from RSA 3072 to ed25519 was a downgrade, and the equivalent ECC-based signature should be at least ECDSA P-384.

@tgauth tgauth merged commit 8514f78 into PowerShell:latestw_all Feb 21, 2025
4 checks passed
@tgauth tgauth deleted the update-ssh-keygen branch February 21, 2025 19:26
@Dean-NC
Copy link

Dean-NC commented Jul 1, 2025

Where/what page mentions that ECDSA is the default on Windows? Every page I can find, including Microsoft pages, mention Ed25519 being the default. If it's going to be a different default, I believe it should be mentioned somewhere other than in source code. Thanks.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TravisEz13 TravisEz13 TravisEz13 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@tgauth @panekj @Dean-NC @TravisEz13