diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index a5db618..e632f07 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -199,8 +199,6 @@ jobs: # Sanity check that the binary runs - name: genrsa run: ~/inst/bin/dropbearkey -t rsa -f testrsa - - name: gendss - run: ~/inst/bin/dropbearkey -t dss -f testdss - name: genecdsa256 run: ~/inst/bin/dropbearkey -t ecdsa -f testec256 -s 256 - name: genecdsa384 diff --git a/default_options.h b/default_options.h index 43efcd2..6207f2e 100644 --- a/default_options.h +++ b/default_options.h @@ -127,26 +127,28 @@ IMPORTANT: Some options will require "make clean" after changes */ /* Hostkey/public key algorithms - at least one required, these are used * for hostkey as well as for verifying signatures with pubkey auth. - * Removing either of these won't save very much space. * RSA is recommended. - * DSS may be necessary to connect to some systems though - * is not recommended for new keys. + * * See: RSA_PRIV_FILENAME and DSS_PRIV_FILENAME */ #define DROPBEAR_RSA 1 -/* RSA key generation will be faster with bundled libtommath + +/* DSS may be necessary to connect to some systems but is not + * recommended for new keys (1024 bits is small, and it uses SHA1). + * RSA key generation will be faster with bundled libtommath * if DROPBEAR_DSS is disabled. - * https://github.com/mkj/dropbear/issues/174#issuecomment-1267374858 - */ -#define DROPBEAR_DSS 1 + * https://github.com/mkj/dropbear/issues/174#issuecomment-1267374858 */ +#define DROPBEAR_DSS 0 /* ECDSA is significantly faster than RSA or DSS. Compiling in ECC * code (either ECDSA or ECDH) increases binary size - around 30kB * on x86-64. * See: ECDSA_PRIV_FILENAME */ #define DROPBEAR_ECDSA 1 + /* Ed25519 is faster than ECDSA. Compiling in Ed25519 code increases * binary size - around 7,5kB on x86-64. * See: ED25519_PRIV_FILENAME */ #define DROPBEAR_ED25519 1 + /* SK_ECDSA/SK_ED25519 allows u2f security keys for public key auth. * This is currently server-only. */ #define DROPBEAR_SK_ECDSA 1