{"id":278,"date":"2023-02-01T23:35:00","date_gmt":"2023-02-02T04:35:00","guid":{"rendered":"http:\/\/sycured.127.0.0.1.sslip.io\/?p=278"},"modified":"2024-01-14T12:47:18","modified_gmt":"2024-01-14T17:47:18","slug":"git-hosting-ed25519-sk","status":"publish","type":"post","link":"http:\/\/10.42.0.68:8080\/blog\/git-hosting-ed25519-sk","title":{"rendered":"Git hosting and ed25519-sk"},"content":{"rendered":"\n
Quick look if major Git hosting providers are up-to-date about security.<\/p>\n\n\n\n
The possibility of using ed25519-sk is a critical point when evaluating Git hosting.<\/p>\n\n\n\n
When you generate this type of key, you need your physical security key,<\/p>\n\n\n\n
ssh-keygen -t ed25519-sk<\/code><\/pre>\n\n\n\nYou obtain this type of output:<\/p>\n\n\n\n
Generating public\/private ed25519-sk key pair.\nYou may need to touch your authenticator to authorize key generation.\nEnter passphrase (empty for no passphrase): \nEnter same passphrase again: \nYour identification has been saved in \/home\/sycured\/.ssh\/demo_ed25519-sk\nYour public key has been saved in \/home\/sycured\/.ssh\/demo_ed25519-sk.pub\nThe key fingerprint is:\nSHA256:c3J9KE2GsDr4gXE0OYfkNqC\/ApDE5r7gP5sK2SiHUZY sycured@x9\nThe key's randomart image is:\n+[ED25519-SK 256]-+\n|.. ..+o. |\n|.+ o ++..o . |\n|= E . =o. . o |\n|.+ . * o = . |\n|+ + + S + + . |\n|.O o o = . . |\n|O = . . |\n|o+ o. |\n| .o+o |\n+----[SHA256]-----+<\/code><\/pre>\n\n\n\nThe most important part is You may need to touch your authenticator to authorize key generation.<\/strong><\/p>\n\n\n\nEach time that you want to use this key, you’ll need your physical security key (Yubikey & co) otherwise it’ll be impossible.<\/p>\n\n\n\n
For critical accounts\/repositories, it must be enforced with 1 to 3 spares stored in different safe places.
Yes, you’ll need to generate an ed25519-sk with each but it’s nothing compared to losing your access.<\/p>\n\n\n\n
Git hosting<\/h3>\n\n\n\n\u26d4 Bitbucket<\/h2>\n\n\n\n
It’s not a surprise that Bitbucket doesn’t implement it.<\/p>\n\n\n\n