It's been a while and there's been some progress, so here's an update:
* cryptography 2.6 has been released with X25519 and Ed25519 support.
* Ubuntu 18.04 has been updated to OpenSSL 1.1.1.
* I've pushed PRs to Twisted (https://twistedmatrix.com/trac/ticket/9681 and https://twistedmatrix.com/trac/ticket/9682) to begin the process of being able to write OpenSSH's newish (v1) private key format, which is the only format OpenSSH supports for Ed25519 keys; while this isn't strictly needed in order to support Ed25519 as a server, doing this first makes the patch series much more manageable.
Still to do:
* Finish support for writing OpenSSH v1 private keys (https://twistedmatrix.com/trac/ticket/9683).
* Add curve25519-sha256 key exchange support to Twisted. (I have a tested branch for this, waiting on the items above.)
* Add Ed25519 key support to Twisted. (I have a tested branch for this, waiting on the items above.)
* Either:
* Upgrade Ubuntu 18.04 to OpenSSL 1.1.1b or newer (1.1.1 had a signature verification bug: https://github.com/openssl/openssl/issues/7693), and upgrade the relevant Launchpad production systems from Ubuntu 16.04 to 18.04, which may be tractable; or:
* Add a fallback mechanism to Twisted allowing it to support Ed25519 keys using PyNaCl or similar if a sufficient version of OpenSSL isn't installed.
* Wait for a Twisted release with all this in it, and upgrade Launchpad to it. We're on a relatively recent version at the moment, so this part should be easy enough.
It's been a while and there's been some progress, so here's an update:
* cryptography 2.6 has been released with X25519 and Ed25519 support. /twistedmatrix. com/trac/ ticket/ 9681 and https:/ /twistedmatrix. com/trac/ ticket/ 9682) to begin the process of being able to write OpenSSH's newish (v1) private key format, which is the only format OpenSSH supports for Ed25519 keys; while this isn't strictly needed in order to support Ed25519 as a server, doing this first makes the patch series much more manageable.
* Ubuntu 18.04 has been updated to OpenSSL 1.1.1.
* I've pushed PRs to Twisted (https:/
Still to do:
* Finish support for writing OpenSSH v1 private keys (https:/ /twistedmatrix. com/trac/ ticket/ 9683). /github. com/openssl/ openssl/ issues/ 7693), and upgrade the relevant Launchpad production systems from Ubuntu 16.04 to 18.04, which may be tractable; or:
* Add curve25519-sha256 key exchange support to Twisted. (I have a tested branch for this, waiting on the items above.)
* Add Ed25519 key support to Twisted. (I have a tested branch for this, waiting on the items above.)
* Either:
* Upgrade Ubuntu 18.04 to OpenSSL 1.1.1b or newer (1.1.1 had a signature verification bug: https:/
* Add a fallback mechanism to Twisted allowing it to support Ed25519 keys using PyNaCl or similar if a sufficient version of OpenSSL isn't installed.
* Wait for a Twisted release with all this in it, and upgrade Launchpad to it. We're on a relatively recent version at the moment, so this part should be easy enough.