Support ED25519 in dgraph cert

Moved from GitHub dgraph/2642

Posted by daidoji:

Experience Report

Tried to use openssl ed25519 signed certificates instead of the dgraph cert RSA ones. Couldn’t figure out how to do it and was recommended to file a feature request.

What you wanted to do

I want to use ED25519 over RSA due to the fact that it is considered best practice. Would be nice if this was included in dgraph cert

What you actually did

Tried to use openssl certificates to trick dgraph into accepting ED25519 signed certs but I think that PCKS1 formatted certificates are the only ones accepted by dgraph so it didn’t work.

Why that wasn’t great, with examples

Just would like the option to have support for current best practice.

Any external references to support your case

https://latacora.micro.blog/2018/04/03/cryptographic-right-answers.html
https://ed25519.cr.yp.to/

srfrog commented :

@daidoji thanks for submitting this issue. A new PR #3269 adds support for ECDSA. ~We will use this for EdDSA support.~

Ed25519 X509 support is slated for TLS 1.3, so we’ll might have to revisit this again when Go adds support for it (only HTTP client supports it AFAIK).

srfrog commented :

Actually, I just realized we can’t use curve with Ed25519. So we’ll have to wait for official Go crypto support.

campoy commented :

Go now supports Ed25519

Can we work on this now?