tsarevvv/proxmox-backup
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

auth: use auth-api when generating keys and generate ec keys

Browse Source 
this commit switches pbs over to generating ed25519 keys when
generating new auth api keys. this also removes the last direct
usages of openssl here and further unifies key handling in the auth
api.

Signed-off-by: Stefan Sterz <s.sterz@proxmox.com>
This commit is contained in:
Stefan Sterz 2024-03-06 13:36:09 +01:00 committed by Wolfgang Bumiller
parent 048a81cc55
commit 9ce3d0c88c
1 changed files with 3 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
src/auth_helpers.rs
View File

@ -2,7 +2,6 @@ use std::path::PathBuf;
use std::sync::OnceLock;
use anyhow::Error;
use openssl::rsa::Rsa;
use pbs_config::BackupLockGuard;
use proxmox_auth_api::{HMACKey, PrivateKey, PublicKey};
@ -49,26 +48,22 @@ pub fn generate_auth_key() -> Result<(), Error> {
return Ok(());
}
let rsa = Rsa::generate(4096).unwrap();
let priv_pem = rsa.private_key_to_pem()?;
let key = proxmox_auth_api::PrivateKey::generate_ec()?;
use nix::sys::stat::Mode;
replace_file(
&priv_path,
&priv_pem,
&key.private_key_to_pem()?,
CreateOptions::new().perm(Mode::from_bits_truncate(0o0600)),
true,
)?;
let public_pem = rsa.public_key_to_pem()?;
let backup_user = pbs_config::backup_user()?;
replace_file(
&public_path,
&public_pem,
&key.public_key_to_pem()?,
CreateOptions::new()
.perm(Mode::from_bits_truncate(0o0640))
.owner(nix::unistd::ROOT)