Upgrade your SSH Keys to the new Ed25519 standard
## Why should you upgrade?
Your ssh key is most probably half a decade or more old, as with all technlologies, cryptographic algorithms evolve and all of them become less secure with time as vulnerabilites are discovered, or computing power increases. Good SysOps and DevOps often rotate their keys and you should too!
See all the benefits of Ed25519 here: https://ed25519.cr.yp.to
## You need to upgrade right now if:
- your key was generated using *DSA* you need to upgrade right now
- your key was generated using *RSA* less than 3072bit length
- your key was generated using *ECDSA*
Ed25519 is the public-key algorithm you should use today.
## How to generate your key:
I like to have custom names for my keys, and I also add relevant information to key comments like: role, name and e-mail. The `-o 100` option, increases the brute force resistance of your key by increasing the KDF rounds.
ssh-keygen -o -a 100 -t ed25519 -f ~/.ssh/zeno.popovici.ed25519 -C "Graffino Member :: Zeno Popovici (firstname.lastname@example.org)"
Don't forget to provide a *strong password* for your key.
## Deploy (macOS)
You can now deploy your key. First, you need to add it to your keychain like this:
ssh-add -K ~/.ssh/zeno.popovici.ed25519
On macOS, to copy your public key to the clipboard and paste it into GitHub or other services you're using, just issue:
pbcopy < ~/.ssh/zeno.popovici.ed25519.pub
24 Jul 2020
« Back to post