[PATCH v2] dropbear: Enable Ed25519 for normal devices
hauke at hauke-m.de
Sun Jul 26 11:20:26 EDT 2020
On 7/25/20 11:06 PM, Paul Spooren wrote:
> The Ed25519 key pairs are much shorter than RSA pairs and are supported
> by default in OpenSSH. Looking at websites explaining how to create new
> SSH keys, many suggest using Ed25519 rather than RSA, however consider
> the former as not yet widely established. OpenWrt likely has a positive
> influence on that development.
> As enabling Ed25519 is a compile time option, it is currently not
> possible to install the feature via `opkg` nor select that option in an
> Due to the size impact of **12kB** the option should only be enabled for
> devices with `!SMALL_FLASH`.
> This approach seems cleaner than splitting `dropbear` into two packages
> like `dropbear` and `dropbear-ed25519`.
Can we deactivate something else?
> Signed-off-by: Paul Spooren <mail at aparcar.org>
> * Add storage impact to commit message
> * Increase package release
> package/network/services/dropbear/Config.in | 2 +-
> package/network/services/dropbear/Makefile | 2 +-
> 2 files changed, 2 insertions(+), 2 deletions(-)
> diff --git a/package/network/services/dropbear/Config.in b/package/network/services/dropbear/Config.in
> index 3de4189e08..2836229043 100644
> --- a/package/network/services/dropbear/Config.in
> +++ b/package/network/services/dropbear/Config.in
> @@ -51,7 +51,7 @@ config DROPBEAR_ECC_FULL
> config DROPBEAR_ED25519
> bool "Ed25519 support"
> - default n
> + default y if !SMALL_FLASH
Will this work reliable?
When we build dropbear with the SDK the SMALL_FLASH option is not set
and the resulting binary would be shared between small and normal targets.
> This enables the following public key algorithm:
> diff --git a/package/network/services/dropbear/Makefile b/package/network/services/dropbear/Makefile
> index 0a9b5c0a99..e92ead2ff8 100644
> --- a/package/network/services/dropbear/Makefile
> +++ b/package/network/services/dropbear/Makefile
> @@ -9,7 +9,7 @@ include $(TOPDIR)/rules.mk
> PKG_SOURCE_URL:= \
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 488 bytes
Desc: OpenPGP digital signature
More information about the openwrt-devel