Support ED25519 in dgraph cert

[daidoji]

Experience Report

Tried to use openssl ed25519 signed certificates instead of the dgraph cert RSA ones. Couldn't figure out how to do it and was recommended to file a feature request.

What you wanted to do

I want to use ED25519 over RSA due to the fact that it is considered best practice. Would be nice if this was included in dgraph cert

What you actually did

Tried to use openssl certificates to trick dgraph into accepting ED25519 signed certs but I think that PCKS1 formatted certificates are the only ones accepted by dgraph so it didn't work.

Why that wasn't great, with examples

Just would like the option to have support for current best practice.

Any external references to support your case

https://blog.cloudflare.com/ecdsa-the-digital-signature-algorithm-of-a-better-internet/
https://latacora.micro.blog/2018/04/03/cryptographic-right-answers.html
https://ed25519.cr.yp.to/

[srfrog]

@daidoji thanks for submitting this issue. A new PR #3269 adds support for ECDSA. We will use this for EdDSA support.

Ed25519 X509 support is slated for TLS 1.3, so we'll might have to revisit this again when Go adds support for it (only HTTP client supports it AFAIK).

[srfrog]

Actually, I just realized we can't use curve with Ed25519. So we'll have to wait for official Go crypto support.

[campoy]

Go now supports Ed25519

https://godoc.org/golang.org/x/crypto/ed25519

Can we work on this now?

[minhaj-shakeel]

Github issues have been deprecated.
This issue has been moved to discuss. You can follow the conversation there and also subscribe to updates by changing your notification preferences.