Commit 820ccf7c authored by Ondřej Surý's avatar Ondřej Surý Committed by Daniel Salzman

Update the documentation with Ed25519 configuration

parent af6ba4f8
......@@ -27,6 +27,7 @@ support.
* -
- Key generate
- Key import
- ED25519 256-bit
- ECDSA 256-bit
- ECDSA 384-bit
- RSA 1024-bit
......@@ -39,6 +40,7 @@ support.
- |no|
- |no|
- |no|
- |no|
- |yes|
- |yes|
- |no|
......@@ -49,6 +51,7 @@ support.
- |no|
- |no|
- |no|
- |no|
- |yes|
- |yes|
- |yes|
......@@ -57,6 +60,7 @@ support.
* - `SoftHSM 2.0 <https://www.opendnssec.org/softhsm/>`_
- |yes|
- |yes|
- |no|
- |yes|
- |yes|
- |yes|
......@@ -67,6 +71,7 @@ support.
* - `Trustway Proteccio NetHSM <http://www.bull.com/fr/cybers%C3%A9curit%C3%A9-trustway-proteccio-nethsm>`_
- |yes|
- ECDSA only
- |no|
- |yes|
- |yes|
- |yes|
......@@ -77,6 +82,7 @@ support.
.. in progress: key ID checks have to be disabled in code
* - `Yubikey NEO <https://www.yubico.com/products/yubikey-hardware/yubikey-neo/>`_
- |no|
- |no|
- |no|
- |yes|
......@@ -98,6 +104,9 @@ however the supported operations may be limited (e.g. private key import).
* -
- `Numbers <https://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml#dns-sec-alg-numbers-1>`_
- GnuTLS version
* - ED25519
- 15
- 3.6.0 or newer
* - ECDSA
- 13, 14
- 3.4.8 or newer
......
......@@ -421,8 +421,8 @@ Let's use the Single-Type Signing scheme with two algorithms. Run:
.. code-block:: console
$ keymgr myzone.test. generate algorithm=RSASHA256 size=1024
$ keymgr myzone.test. generate algorithm=ECDSAP256SHA256 size=256
$ keymgr myzone.test. generate algorithm=ECDSAP256SHA256
$ keymgr myzone.test. generate algorithm=ED25519
And reload the server. The zone will be signed.
......
......@@ -548,7 +548,7 @@ policy:
keystore: STR
manual: BOOL
single\-type\-signing: BOOL
algorithm: dsa | rsasha1 | dsa\-nsec3\-sha1 | rsasha1\-nsec3\-sha1 | rsasha256 | rsasha512 | ecdsap256sha256 | ecdsap384sha384
algorithm: dsa | rsasha1 | dsa\-nsec3\-sha1 | rsasha1\-nsec3\-sha1 | rsasha256 | rsasha512 | ecdsap256sha256 | ecdsap384sha384 | ed25519
ksk\-size: SIZE
zsk\-size: SIZE
ksk\-shared: BOOL
......@@ -605,7 +605,7 @@ An algorithm of signing keys and issued signatures.
A length of newly generated KSK or
CSK keys.
.sp
\fIDefault:\fP 1024 (dsa*), 2048 (rsa*), 256 (ecdsap256*), 384 (ecdsap384*)
\fIDefault:\fP 1024 (dsa*), 2048 (rsa*), 256 (ecdsap256), 384 (ecdsap384), 256 (ed25519)
.SS zsk\-size
.sp
A length of newly generated ZSK keys.
......
......@@ -622,7 +622,7 @@ DNSSEC policy configuration.
keystore: STR
manual: BOOL
single-type-signing: BOOL
algorithm: dsa | rsasha1 | dsa-nsec3-sha1 | rsasha1-nsec3-sha1 | rsasha256 | rsasha512 | ecdsap256sha256 | ecdsap384sha384
algorithm: dsa | rsasha1 | dsa-nsec3-sha1 | rsasha1-nsec3-sha1 | rsasha256 | rsasha512 | ecdsap256sha256 | ecdsap384sha384 | ed25519
ksk-size: SIZE
zsk-size: SIZE
ksk-shared: BOOL
......@@ -687,6 +687,9 @@ An algorithm of signing keys and issued signatures.
*Default:* ecdsap256sha256
.. NOTE::
Ed25519 algorithm is only available when compiled with GnuTLS 3.6.0+.
.. _policy_ksk-size:
ksk-size
......@@ -695,7 +698,7 @@ ksk-size
A length of newly generated :abbr:`KSK (Key Signing Key)` or
:abbr:`CSK (Combined Signing Key)` keys.
*Default:* 1024 (dsa*), 2048 (rsa*), 256 (ecdsap256*), 384 (ecdsap384*)
*Default:* 1024 (dsa*), 2048 (rsa*), 256 (ecdsap256), 384 (ecdsap384), 256 (ed25519)
.. _policy_zsk-size:
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment