I've been using 4096-bit RSA SSH keys for quite a few years. The RSA keys are very compatible. They've been working on various operating systems as well as on mobile devices. They are also known as being slow and potentially insecure if created with a small amount of bits, especially after the year 2013. Today, I decided to do some research to find an alternative configuration. Things have moved on since my last check. Large keys are still considered secure, however the elliptic curve cryptography has become much more popular in the recent decade.

"The primary benefit promised by elliptic curve cryptography is a smaller key size, reducing storage and transmission requirements, i.e. that an elliptic curve group could provide the same level of security afforded by an RSA-based system with a large modulus and correspondingly larger key: for example, a 256-bit elliptic curve public key should provide comparable security to a 3072-bit RSA public key."

My take on it is that if this new signature algorithm can give us similar or even better level of security (yes, its implementation is more secure than RSA) with a comparable flexibility using less resources, it is definitely time to adopt it. For anyone who is interested in a detailed explanation how exactly it works a lot of papers have been published providing mathematical rationale behind it.

Ed25519 is a digital signature scheme based on Twisted Edwards curves. Its has been added to the OpenSSH codebase on the 7th of December 2013. Since then no issue was reported against it.

The easies way to generate such an SSH key is by using the ssh-keygen command of the OpenSSH package:

ssh-keygen -t ed25519 -o -a 100

The -t ed25519 parameter is used to generate two asymmetrical keys based on the elliptic curve cryptography. The output is produced in the new RFC4716 format rather than the well known PEM and the flag -o to support it is implied by default so it can be omitted. It enforces use of a modern key derivation function (KDF) powered by combination of PBKDF2 and bcrypt. In practice this means that our keypair is more resistant to brute-force password cracking. This is especially true when combined with the -a <rounds> parameter which specifies the number of key derivation function rounds to be used. Higher the number more time it takes to unlock the key.

Time to see the result of the above command. Here is an example of my revised way of generating SSH keys along with content of the files.



ssh-keygen -t ed25519 -a 100 -C "my-key-comment" -f my-key-name
Generating public/private ed25519 key pair.
Enter passphrase (empty for no passphrase):
Enter same passphrase again:
Your identification has been saved in my-key-name.
Your public key has been saved in my-key-name.pub.
The key fingerprint is:
SHA256:GIh0NDZ6WhZLyFJxq8dpbJ7aAwfEpJdgBsgxs/5NziM my-key-comment
The key's randomart image is:
+--[ED25519 256]--+
|*@*+X            |
|==OO B           |
|.+= B .          |
|...O . o         |
| .o.B.. S        |
|  o=*.           |
|   Eo=           |
|   oo .          |
|  . ..           |
puttygen my-key-name -C "my-key-comment" -o my-key-name.ppk
Enter passphrase to load key:
ls -la my-key-name*
-rw-------  1 dan  staff  464  3 Sep 21:27 my-key-name
-rw-------  1 dan  staff  304  3 Sep 21:27 my-key-name.ppk
-rw-r--r--  1 dan  staff   96  3 Sep 21:27 my-key-name.pub
cat my-key-name
cat my-key-name.pub
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIErbaYC9ZHLEtCY3uDDl0LqRwlxLSGoHO1IBrvhzikyV my-key-comment
cat my-key-name.ppk
PuTTY-User-Key-File-2: ssh-ed25519
Encryption: aes256-cbc
Comment: my-key-comment
Public-Lines: 2
Private-Lines: 1
Private-MAC: 72102d9a0f158f653577df276fcf329b482df329