From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id CCCB597DAE for ; Wed, 6 Mar 2024 13:36:50 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id A019B16FC1 for ; Wed, 6 Mar 2024 13:36:20 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS for ; Wed, 6 Mar 2024 13:36:19 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 08D774884F for ; Wed, 6 Mar 2024 13:36:19 +0100 (CET) From: Stefan Sterz To: pbs-devel@lists.proxmox.com Date: Wed, 6 Mar 2024 13:36:09 +0100 Message-Id: <20240306123609.164021-13-s.sterz@proxmox.com> X-Mailer: git-send-email 2.39.2 In-Reply-To: <20240306123609.164021-1-s.sterz@proxmox.com> References: <20240306123609.164021-1-s.sterz@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL -0.075 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Subject: [pbs-devel] [PATCH proxmox-backup v2 12/12] auth: use auth-api when generating keys and generate ec keys X-BeenThere: pbs-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox Backup Server development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 06 Mar 2024 12:36:50 -0000 this commit switches pbs over to generating ed25519 keys when generating new auth api keys. this also removes the last direct usages of openssl here and further unifies key handling in the auth api. Signed-off-by: Stefan Sterz --- src/auth_helpers.rs | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/src/auth_helpers.rs b/src/auth_helpers.rs index bbe3001d..cb745eeb 100644 --- a/src/auth_helpers.rs +++ b/src/auth_helpers.rs @@ -2,7 +2,6 @@ use std::path::PathBuf; use std::sync::OnceLock; use anyhow::Error; -use openssl::rsa::Rsa; use pbs_config::BackupLockGuard; use proxmox_auth_api::{HMACKey, PrivateKey, PublicKey}; @@ -49,26 +48,22 @@ pub fn generate_auth_key() -> Result<(), Error> { return Ok(()); } - let rsa = Rsa::generate(4096).unwrap(); - - let priv_pem = rsa.private_key_to_pem()?; + let key = proxmox_auth_api::PrivateKey::generate_ec()?; use nix::sys::stat::Mode; replace_file( &priv_path, - &priv_pem, + &key.private_key_to_pem()?, CreateOptions::new().perm(Mode::from_bits_truncate(0o0600)), true, )?; - let public_pem = rsa.public_key_to_pem()?; - let backup_user = pbs_config::backup_user()?; replace_file( &public_path, - &public_pem, + &key.public_key_to_pem()?, CreateOptions::new() .perm(Mode::from_bits_truncate(0o0640)) .owner(nix::unistd::ROOT) -- 2.39.2