[PATCH v2] dropbear: Enable Ed25519 for normal devices

Paul Spooren mail at aparcar.org
Sat Jul 25 17:06:21 EDT 2020

The Ed25519 key pairs are much shorter than RSA pairs and are supported
by default in OpenSSH. Looking at websites explaining how to create new
SSH keys, many suggest using Ed25519 rather than RSA, however consider
the former as not yet widely established. OpenWrt likely has a positive
influence on that development.

As enabling Ed25519 is a compile time option, it is currently not
possible to install the feature via `opkg` nor select that option in an

Due to the size impact of **12kB** the option should only be enabled for
devices with `!SMALL_FLASH`.

This approach seems cleaner than splitting `dropbear` into two packages
like `dropbear` and `dropbear-ed25519`.

Signed-off-by: Paul Spooren <mail at aparcar.org>
* Add storage impact to commit message
* Increase package release

 package/network/services/dropbear/Config.in | 2 +-
 package/network/services/dropbear/Makefile  | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/package/network/services/dropbear/Config.in b/package/network/services/dropbear/Config.in
index 3de4189e08..2836229043 100644
--- a/package/network/services/dropbear/Config.in
+++ b/package/network/services/dropbear/Config.in
@@ -51,7 +51,7 @@ config DROPBEAR_ECC_FULL
 config DROPBEAR_ED25519
 	bool "Ed25519 support"
-	default n
+	default y if !SMALL_FLASH
 		This enables the following public key algorithm:
diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile
index 0a9b5c0a99..e92ead2ff8 100644
--- a/package/network/services/dropbear/Makefile
+++ b/package/network/services/dropbear/Makefile
@@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk

More information about the openwrt-devel mailing list