cmd/nebula-cert/passwords.go · 282c344a776f7d02f33996447601cf39101de16f · Lincoln Thurlow / nebula

Apr 03, 2023

Add ability to encrypt CA private key at rest (#386) · a56a97e5

John Maguire authored Apr 03, 2023

Fixes #8.

`nebula-cert ca` now supports encrypting the CA's private key with a
passphrase. Pass `-encrypt` in order to be prompted for a passphrase.
Encryption is performed using AES-256-GCM and Argon2id for KDF. KDF
parameters default to RFC recommendations, but can be overridden via CLI
flags `-argon-memory`, `-argon-parallelism`, and `-argon-iterations`.

a56a97e5

Add ability to encrypt CA private key at rest (#386)

John Maguire authored Apr 03, 2023

Fixes #8.

`nebula-cert ca` now supports encrypting the CA's private key with a
passphrase. Pass `-encrypt` in order to be prompted for a passphrase.
Encryption is performed using AES-256-GCM and Argon2id for KDF. KDF
parameters default to RFC recommendations, but can be overridden via CLI
flags `-argon-memory`, `-argon-parallelism`, and `-argon-iterations`.