Open
Conversation
Motivation: Many Linux distros (notably Ubuntu and Debian) use ed25519 keys by default. I want to add support for this to Swift-nio-ssh Modifications: I have added support for Ed25519 keys and algorithm in specific new files for this, in addition to updating the Package.swift file and new testfiles that test the changes. Result: After this change, Ed25519 support will be available in Swift-nio-ssh.
…to ed25519-key-and-algo-support
Lukasa
requested changes
Dec 15, 2025
| // | ||
| // This source file is part of the SwiftNIO open source project | ||
| // | ||
| //===----------------------------------------------------------------------===// |
Contributor
There was a problem hiding this comment.
This header isn't correct: please provide the complete header block.
| // swift-nio-ssh | ||
| // | ||
| // Created by Simon Bruce-Cassidy on 08/12/2025. | ||
| // |
Contributor
There was a problem hiding this comment.
This doesn't look like it belongs.
|
|
||
| // If the Ed25519 representation is not directly available, throw for now. | ||
| // Replace this with the appropriate internal initializer for your codebase. | ||
| throw NIOSSHError.protocolViolation(protocolName: "ssh-ed25519", violation: "ed25519 key construction not implemented") |
Contributor
There was a problem hiding this comment.
This function doesn't actually work.
| @@ -0,0 +1,106 @@ | |||
| import Foundation | |||
|
|
|||
| public enum OpenSSHKey { | |||
Contributor
There was a problem hiding this comment.
Why are we declaring a new namespace here?
| @@ -0,0 +1,106 @@ | |||
| import Foundation | |||
Contributor
There was a problem hiding this comment.
License header file is missing.
| name: "swift-nio-ssh", | ||
| platforms: [ | ||
| .macOS(.v10_15), | ||
| .macOS(.v14), |
Contributor
There was a problem hiding this comment.
There doesn't appear to be any motivating reason for this change.
| /// - Parameter pem: The PEM text including BEGIN/END OPENSSH PRIVATE KEY markers. | ||
| /// - Returns: Ed25519Components (seed + public key) | ||
| /// - Throws: If the key is not in the expected format or is encrypted. | ||
| public static func decodeEd25519Unencrypted(fromPEM pem: String) throws -> Ed25519Components { |
Contributor
There was a problem hiding this comment.
It would be useful to demonstrate that this does work. Can you wire up a unit test here?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Summary
• Adds support for Ed25519 keys and signatures across the relevant SSH message types and validation paths.
• Enables using Ed25519 for user and host keys, including reading, validating, and using Ed25519-signed certificates where applicable.
• Keeps backward compatibility with existing RSA/ECDSA flows.
Scope of changes
• Key handling: Accept and validate Ed25519 public/private keys and signatures.
• Certificate handling: Parse and validate Ed25519-certified keys where supported.
• Tests: Extend coverage to include Ed25519 keys/certificates and signatures; all tests pass locally.
Rationale
• Ed25519 is widely adopted for SSH due to its strong security properties, small key sizes, and performance.
• Adding Ed25519 aligns with modern SSH usage and improves interoperability with common SSH tooling.
Compatibility
• No breaking changes to existing APIs.
• Existing key types (e.g., ECDSA, RSA) remain fully supported.
Testing
• Ran:
• swift build -v
• swift test -v
• Verified new Ed25519 test cases (load/serialize, validation, certificate parsing/validation) pass.
• No regressions observed in existing test suites.
Notes
• If maintainers prefer, I can add a brief README note listing supported key/signature algorithms (now including Ed25519).