Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Storing the keys as sha256 fingerprints limits functionality #3

Open
wizardishungry opened this issue Dec 26, 2024 · 3 comments
Open

Storing the keys as sha256 fingerprints limits functionality #3

wizardishungry opened this issue Dec 26, 2024 · 3 comments
Assignees
@skariel
Labels
enhancement New feature or request

Comments

@wizardishungry
Copy link
Contributor

wizardishungry commented Dec 26, 2024
edited
Loading

Hi, interesting project –

Storing user keys in the database as sha256 limits what could be done with keys in the future. For example, if one wanted to add a get authorized_keys <email> command, you are not able to generate an authorized_keys entry for a key from the sha256. I would suggest storing it in the DB as gossh.MarshalAuthorizedKey(s.PublicKey()).

I know this uses more storage space, but it one-to-one with the information available in PublicKey, which can be fully reconstructed using gossh.ParseAuthorizedKey. I'm not sure what your plans are for this project & I would not write a PR that obsoletes your current user data without a clear migration path.

Beyond simply writing authorized_keys, it would be possible to use this as CA – but that's getting a little ahead of myself.
@skariel
Copy link
Owner

skariel commented Dec 26, 2024

Thanks for the thoughtful feedback! I agree that storing the full public key data would enable more functionality like generating authorized_keys entries or potential CA features.

I think we can implement this without obsoleting existing user data. New commands that require the full key data could fail gracefully when encountering users who only have the sha256, displaying an error message that explains the missing data. We could also add commands allowing users to upload their full public key if it's not present in the database.

These kinds of growing pains are expected as the project evolves, and graceful degradation would let us add new features while maintaining compatibility with existing users.

@skariel skariel added the enhancement New feature or request label Dec 26, 2024
@skariel skariel self-assigned this Dec 26, 2024
@snosratiershad
Copy link
Contributor

We could also add commands allowing users to upload their full public key if it's not present in the database.

@skariel, I think it's better to ask them to re-register instead of calling a new command, new register funcionality should be store full key.

@skariel
Copy link
Owner

skariel commented Jan 13, 2025
edited
Loading

yes, it will store full keys. It would be fine not to implement functionality to upload the key and instead ask users to register again if they fail to use some functionality requiring the full key. However I would not like to ask everybody to re-register immediately

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@skariel skariel

Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@wizardishungry @skariel @snosratiershad