starred/dehydrated
1
0
Fork 0
mirror of https://github.com/dehydrated-io/dehydrated.git synced 2026-01-13 23:23:32 +01:00
Code Issues 79 Packages Projects Releases 10 Wiki Activity

ECDSA Support #567

New Issue
Open
opened 2025-12-29 01:27:21 +01:00 by adam · 7 comments
adam commented 2025-12-29 01:27:21 +01:00
Owner
Copy Link

Originally created by @jeffsani on GitHub (Jan 29, 2022).

I did not see a parameter to support the request of ECDSA certs from ACMEv2. Am I missing something?

Thanks,
Jeff

Originally created by @jeffsani on GitHub (Jan 29, 2022). I did not see a parameter to support the request of ECDSA certs from ACMEv2. Am I missing something? Thanks, Jeff
adam commented 2025-12-29 01:27:22 +01:00
Author
Owner
Copy Link

@bllfr0g commented on GitHub (Jan 29, 2022):

It's KEY_ALGO.

On 1/29/22 14:13, Jeff Sani wrote:

I did not see a parameter to support the request of ECDSA certs from
ACMEv2. Am I missing something?

Thanks,
Jeff


Reply to this email directly, view it on GitHub
https://github.com/dehydrated-io/dehydrated/issues/863, or
unsubscribe
https://github.com/notifications/unsubscribe-auth/AJO74S3YQIC3VFJ72AAXKPTUYRRCBANCNFSM5NDMTSTQ.
Triage notifications on the go with GitHub Mobile for iOS
https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675
or Android
https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub.

You are receiving this because you are subscribed to this
thread.KEY_Message ID: @.***>

@bllfr0g commented on GitHub (Jan 29, 2022): It's KEY_ALGO. On 1/29/22 14:13, Jeff Sani wrote: > > I did not see a parameter to support the request of ECDSA certs from > ACMEv2. Am I missing something? > > Thanks, > Jeff > > — > Reply to this email directly, view it on GitHub > <https://github.com/dehydrated-io/dehydrated/issues/863>, or > unsubscribe > <https://github.com/notifications/unsubscribe-auth/AJO74S3YQIC3VFJ72AAXKPTUYRRCBANCNFSM5NDMTSTQ>. > Triage notifications on the go with GitHub Mobile for iOS > <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> > or Android > <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>. > > You are receiving this because you are subscribed to this > thread.KEY_Message ID: ***@***.***> >
adam commented 2025-12-29 01:27:22 +01:00
Author
Owner
Copy Link

@jeffsani commented on GitHub (Jan 30, 2022):

Ok thanks - I see that:

Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1

#KEY_ALGO=secp384r1

But it is still not clear to me. RSA is obvious, I presume prime256v1 and secp384ri are EC+DSA? With Certbot, this is simply --key-type ecdsa or rsa.

@jeffsani commented on GitHub (Jan 30, 2022): Ok thanks - I see that: # Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1 #KEY_ALGO=secp384r1 But it is still not clear to me. RSA is obvious, I presume prime256v1 and secp384ri are EC+DSA? With Certbot, this is simply --key-type ecdsa or rsa.
adam commented 2025-12-29 01:27:22 +01:00
Author
Owner
Copy Link

@bllfr0g commented on GitHub (Jan 30, 2022):

prime256v1 is a 256 bit curve used with ecdsa. Secp3841 is a 384 bit curve.

Looks like certbot uses prime256v1 if you choose ecdsa and do not specify a curve.

Choosing the curve for ecdsa is kind of analogous to choosing key length for rsa.

On Jan 29, 2022, at 16:07, Jeff Sani @.***> wrote:


Ok thanks - I see that:

Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1

#KEY_ALGO=secp384r1

But it is still not clear to me. RSA is obvious, I presume prime256v1 and secp384ri are EC+DSA? With Certbot, this is simply --key-type ecdsa or rsa.


Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.
You are receiving this because you commented.

@bllfr0g commented on GitHub (Jan 30, 2022): prime256v1 is a 256 bit curve used with ecdsa. Secp3841 is a 384 bit curve. Looks like certbot uses prime256v1 if you choose ecdsa and do not specify a curve. Choosing the curve for ecdsa is kind of analogous to choosing key length for rsa. > On Jan 29, 2022, at 16:07, Jeff Sani ***@***.***> wrote: > >  > Ok thanks - I see that: > > Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1 > > #KEY_ALGO=secp384r1 > > But it is still not clear to me. RSA is obvious, I presume prime256v1 and secp384ri are EC+DSA? With Certbot, this is simply --key-type ecdsa or rsa. > > — > Reply to this email directly, view it on GitHub, or unsubscribe. > Triage notifications on the go with GitHub Mobile for iOS or Android. > You are receiving this because you commented.
adam commented 2025-12-29 01:27:23 +01:00
Author
Owner
Copy Link

@jeffsani commented on GitHub (Jan 30, 2022):

Got it thanks!

@jeffsani commented on GitHub (Jan 30, 2022): Got it thanks!
adam commented 2025-12-29 01:27:23 +01:00
Author
Owner
Copy Link

@jeffsani commented on GitHub (Jan 31, 2022):

So in domains_txt.md:
https://github.com/dehydrated-io/dehydrated/blob/master/docs/domains_txt.md

It has:

then add a config file certs/star_service_example_org_rsa/config with the value

KEY_ALGO="rsa"
or respectively

KEY_ALGO="ecdsa"

but in the config example, it is:

Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1

#KEY_ALGO=secp384r1

is ecdca as an option deprecated?

@jeffsani commented on GitHub (Jan 31, 2022): So in domains_txt.md: https://github.com/dehydrated-io/dehydrated/blob/master/docs/domains_txt.md It has: then add a config file certs/star_service_example_org_rsa/config with the value KEY_ALGO="**rsa**" or respectively KEY_ALGO="**ecdsa**" but in the config example, it is: # Which public key algorithm should be used? Supported: **rsa, prime256v1 and secp384r1** #KEY_ALGO=secp384r1 is ecdca as an option deprecated?
adam commented 2025-12-29 01:27:23 +01:00
Author
Owner
Copy Link

@bllfr0g commented on GitHub (Jan 31, 2022):

That may be a doc bug. I’m not sure if ecdsa was ever a valid option there, but it definitely isn’t now.

On Jan 31, 2022, at 13:05, Jeff Sani @.***> wrote:


So in domains_txt.md:
https://github.com/dehydrated-io/dehydrated/blob/master/docs/domains_txt.md

It has:

then add a config file certs/star_service_example_org_rsa/config with the value

KEY_ALGO="rsa"
or respectively

KEY_ALGO="ecdsa"

but in the config example, it is:

Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1

#KEY_ALGO=secp384r1

is ecdca as an option deprecated?


Reply to this email directly, view it on GitHub, or unsubscribe.
Triage notifications on the go with GitHub Mobile for iOS or Android.
You are receiving this because you commented.

@bllfr0g commented on GitHub (Jan 31, 2022): That may be a doc bug. I’m not sure if ecdsa was ever a valid option there, but it definitely isn’t now. > On Jan 31, 2022, at 13:05, Jeff Sani ***@***.***> wrote: > >  > So in domains_txt.md: > https://github.com/dehydrated-io/dehydrated/blob/master/docs/domains_txt.md > > It has: > > then add a config file certs/star_service_example_org_rsa/config with the value > > KEY_ALGO="rsa" > or respectively > > KEY_ALGO="ecdsa" > > but in the config example, it is: > > Which public key algorithm should be used? Supported: rsa, prime256v1 and secp384r1 > > #KEY_ALGO=secp384r1 > > is ecdca as an option deprecated? > > — > Reply to this email directly, view it on GitHub, or unsubscribe. > Triage notifications on the go with GitHub Mobile for iOS or Android. > You are receiving this because you commented.
adam commented 2025-12-29 01:27:24 +01:00
Author
Owner
Copy Link

@danrodrig commented on GitHub (Mar 18, 2022):

The reference to ecdsa in https://github.com/dehydrated-io/dehydrated/blob/master/docs/domains_txt.md?plain=1#L58 is a bug indeed, https://github.com/dehydrated-io/dehydrated/pull/861.

The allowed values for KEY_ALGO are listed in https://github.com/dehydrated-io/dehydrated/blob/master/dehydrated#L320.

@danrodrig commented on GitHub (Mar 18, 2022): The reference to `ecdsa` in https://github.com/dehydrated-io/dehydrated/blob/master/docs/domains_txt.md?plain=1#L58 is a bug indeed, https://github.com/dehydrated-io/dehydrated/pull/861. The allowed values for `KEY_ALGO` are listed in https://github.com/dehydrated-io/dehydrated/blob/master/dehydrated#L320.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Complicated
bug
enhancement
help wanted
pull-request
Mirrored from GitHub Pull Request
 suggestions wanted
testing
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
adam
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: starred/dehydrated#567
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?