Support ED25519 in dgraph cert

diggy · October 8, 2018, 8:52pm

Moved from GitHub dgraph/2642

Posted by daidoji:

Experience Report

Tried to use openssl ed25519 signed certificates instead of the dgraph cert RSA ones. Couldn’t figure out how to do it and was recommended to file a feature request.

What you wanted to do

I want to use ED25519 over RSA due to the fact that it is considered best practice. Would be nice if this was included in dgraph cert

What you actually did

Tried to use openssl certificates to trick dgraph into accepting ED25519 signed certs but I think that PCKS1 formatted certificates are the only ones accepted by dgraph so it didn’t work.

Why that wasn’t great, with examples

Just would like the option to have support for current best practice.

Any external references to support your case

https://ed25519.cr.yp.to/

diggy · April 8, 2019, 9:25pm

srfrog commented :

@daidoji thanks for submitting this issue. A new PR #3269 adds support for ECDSA. ~We will use this for EdDSA support.~

Ed25519 X509 support is slated for TLS 1.3, so we’ll might have to revisit this again when Go adds support for it (only HTTP client supports it AFAIK).

diggy · April 8, 2019, 9:37pm

srfrog commented :

Actually, I just realized we can’t use curve with Ed25519. So we’ll have to wait for official Go crypto support.

diggy · July 12, 2019, 11:55pm

campoy commented :

Go now supports Ed25519

https://godoc.org/golang.org/x/crypto/ed25519

Can we work on this now?

Topic		Replies	Views
Suggestions on TLS, defaults, and documentation Dgraph	2	461	October 8, 2018
TLS and go client Dgraph	2	1568	August 7, 2018
GraphQL support more JWT algorithms GraphQL kind:enhancement	2	516	December 1, 2020
Does Dgraph support TLS 1.3? Dgraph kind:question	0	363	January 31, 2021
Go SDK is unable to connect to dgraph cloud. x509: certificate is valid Dgraph Cloud kind:question	1	500	May 23, 2022