Implement ed25519 certificates support for sftp external storage

[tigernero79]

I currently manage several nextcloud v19 and v18 distributions on which I have activated the module for storing external folders, and often I find myself managing this module with rsa key authentication, it is possible to also give it authentication with public / private signature certificates also with elliptic curve certificates see keys ed25519? currently, as can also be seen from the attached authentication via sftp, it is possible only by using private or public key rsa non ed25519 or ecdsa

[kesselb]

You tried to use a certificate ed25519 and it does not work?

[tigernero79]

nextcloud itself generates a public key that I have to copy to a file and then feed it to the ssh configuration file, and that key it generates is only rsa and not ed25519

[kesselb]

cc @nextcloud/security

[nickvergessen]

Doesn't look like there are related php modules available by default

[kesselb]

We have to wait for phpseclib/phpseclib#1309 which is planned for phpseclib 3.

[tigernero79]

in fact it could also leave rsa as valid certificates for ssh, this would lead me to have sftp folders also in active localhost. but i have everything in ed25519 on my server and you wanted to avoid reusing rsa. the parameters that I have in ssh server are the following:

HostKeyAlgorithms ssh-ed25519,sk-ssh-ed25519@openssh.com,ecdsa-sha2-nistp256,sk-ecdsa-sha2-nistp256@openssh.com

there are also ed25519-sk for hw tokens, but I don't want so much it would be enough for me to recognize nectcloud the ed25519 certificates for sftp protocol

[kesselb]

The library used to generated the rsa keys does not support ed25519 yet. We have to wait for an update.

A workaround could be to use "RSA private key" and generate the required keys yourself.

[tigernero79]

you mean I can use the rsa private key entry to put the private key ed25519 in it? or anyway I have to use a private rsa key?

[kesselb]

rsa private key entry to put the private key ed25519 in it

I think so. For any further questions https://help.nextcloud.com.

[Constey]

There is a new version of phpseclib in version 3.0 that supports those new ciphers as of: https://github.com/phpseclib/phpseclib / https://github.com/phpseclib/phpseclib/releases
Is there any schedule when this gets updated?

[nickvergessen]

We updated to 2.0.30 recently:
nextcloud/3rdparty#592

3.0 seems to support php 5.6.1 or later so when there is no other lib depending on it anyone could look into an update

[szaimen]

I suppose this issue is still valid?

[Constey]

I suppose this issue is still valid?

Yes still open (checked on 21.0.3) it uses old phpseclib 2.

[didierm]

• NC v29 still uses phpseclib 2.0.45 (v2.0.47 available since 02/2024), while the phpseclib 3.0.x branch, with ed25519 support, has been released in 12/2020.
• default crypto policies in recent RHEL versions have dropped support for short keys (such as RSA 1024-bit , as used by NC SFTP up to now), for security reasons
• pending a NC phpseclib library upgrade, RSA keys with 1024-bit key length, as required by current NC, can be re-enabled following the procedure in https://access.redhat.com/solutions/7062327 (login required). This weakens system security.

Is it reasonable to assume this issue to be a NextCloud security issue, and hence warranting some more attention ?

[szaimen]

FYI @sorbaugh

[didierm]

Any chance of getting a phpseclib upgrade in NC30 (beta), and maybe allowing us to manually apply non-obsolete cryptographic keypairs, pending any related UI changes ?

I fully appreciate and endorse NC's commitment to data integrity and security.
Unfortunately, it is a tad ironic that we are forced to apply an algorithm with a key length which was deprecated 14 years ago , and which even Microsoft (!) is actively phasing out.

[didierm]

I guess NC30.0.0 is still on phpseclib v2.0.45.

Is there by any chance a timeline for chore(deps): Bump phpseclib/phpseclib from 2.0.45 to 3.0.37 ?