Ed25519-CLI – command-line interface for the Ed25519 signature system (2024) (opens in new tab)

(lib25519.cr.yp.to)

97 pointsINGELRII2mo ago53 comments

53 comments

(2024)

My favourite part of these tools is the zany use of numbered file descriptors. `keypair` outputs the public key on fd 5 and secret key on fd 9. But signing reads the secret key on fd 8, while verification reads the public key on fd 4! Why aren't they the same?? I have to read the manpage every time.

Retr0id2mo ago

I'm curious, what do you actually use it for?

I'd have otherwise guessed that this tool mainly exists just to test lib25519. Personally I'd only ever want a library, or some higher-level tool. A CLI tool that just does raw signing feels like a weird (and footgun-shaped) middle ground.

tptacek2mo ago

This mostly exists to test lib25519 and ostensibly to build systems with shell scripts (though: few people would do that). It is a weird and footgun-shaped middle ground.

XorNot2mo ago

It's why no one has succeeded in replacing GPG: you need a lot of systems to work in order to have an actual viable one, the ability to spit out signatures from keys is required but not sufficient.

1 more reply

Fnoord2mo ago

> I'm curious, what do you actually use it for?

FTA:

> These tools allow lib25519 to be easily used from shell scripts.

I've never used ed25519-cli, but not having to use a library is nice for someone who isn't a programmer.

2 more replies

gnull2mo ago

That's such a user-hostile design decision. I can't fathom what justifies it (other than kinky taste).

Makes your commands unreadable without a manual, leaves a lot of room for errors that are quietly ignored. And forces you into using a shell that comes with its own set of gotchas, bash is not known to be a particularly good tool for security.

And to those who stay this adds flexibility: it doesn't. Those file descriptors are available under/dev/fd on linux, with named options you can do --pk /dev/fd/5. Or make a named pipe.

minitech2mo ago

> Those file descriptors are available under/dev/fd on linux, with named options you can do --pk /dev/fd/5.

If you have a procfs mounted at /proc and the open syscall to use on it, sure (and even then, it’s wasteful and adds unnecessary failure paths). Even argument parsing is yet more code to audit.

I think the design is pretty good as-is.

1 more reply

PunchyHamster2mo ago

it being option can be nice if you don't want your keys touching disk and need to pass it over to other apps.

it being default is insanity

jedahan2mo ago

I was wondering the same thing. My best guess is that is to guard against operator misuse. Like usb-a only plugging in one way. Anything that is secret will never accidentally print to stdout. String interpolation in bash with `—option $empty` might be safer than `8<$empty`. Have to explore more but yeah, this is a new pattern for me as well.

yellowapple2mo ago

Another possible factor driving the decision to use numbered file descriptors: the logic to validate that a file exists (or can exist) at a given path, is readable/writable, etc. gets punted to the shell instead of being something the program itself has to worry about.

gnull2mo ago

Those descriptors like 5 could be mapped to anything, including descriptor 1, stdout.

chuckadams2mo ago

What a strange convention. I'm partial to minisign, which works on plain old files.

tptacek2mo ago

This little CLI is not meaningfully an alternative for signify/minify. Here's a good piece on signify from its author (who also comments here):

https://www.openbsd.org/papers/bsdcan-signify.html

alfiedotwtf2mo ago

I’m guessing it’s to support the test framework it’s built with?

PunchyHamster2mo ago

support is fine. Being default is crazy

pseudohadamard2mo ago

It's djb's web site so it's a djb design. With great genius comes great different thinking.

PunchyHamster2mo ago

> It writes the public key to file descriptor 5, and then writes the secret key to file descriptor 9.

Is the project trying to compete with GPG for worst interface ? Magic numbers BAD, especially in something that will mostly be used in scripts

why-o-why2mo ago

Why not zoidbe... I mean, why not open ssh? It's literally a CLI that does every crypto operation with every primitive (except some PQC)?

tptacek2mo ago

If you mean the OpenSSL CLI, it's hard to think of a more footgun-y cryptographic tool than the one that:

* defaults to unauthenticated encryption

* buries its one authenticated mode

* requires explicit command-line nonces

* defaults to an MD5 KDF

You could probably keep going for another 10 bullets. Never use the OpenSSL CLI for anything other than TLS stuff.

coppsilgold2mo ago

You can use ssh-keygen for signing and verifying signatures.

You can also use age[1] to encrypt payloads targeting ssh public keys. And decrypt using ssh private keys.

[1] <https://github.com/FiloSottile/age>

quotemstr2mo ago

Yeah, the OpenSSL CLI sucks. So what's to be done?

Sure, we can build a 25519-specific tool with a less footgun-y interface. Fine, whatever, for that one use case.

Or we can build an alternative OpenSSL CLI that explodes OpenSSL and its numerous useful features in a general way and helps fix lots of use cases.

1 more reply

why-o-why2mo ago

Are you confusing the open openSSL library with the CLI? Absolutely none of this is true when used as a signing tool on the CLI. Seems like you just needed to rant, rather than answer my question. Which is fine: I do it to, but I was legit asking a question that you ignored and you seem to know about openSSL?

1 more reply

WiSaGaN2mo ago

I can't find the source. Anyone can point to it?

minitech2mo ago

The Download link in the header (https://lib25519.cr.yp.to/download.html).

mrbluecoat2mo ago

Sounds like the perfect place to embed credential stealing malware. Good thing they publish their code on an independent third-party public code sharing platform. Oh wait...

perching_aix2mo ago

Short of suspecting a malicious tarball, I really can't think of a reason why "publish[ing] their code on an independent third-party public code sharing platform" would be a selling point. You're getting the source code straight from the horse's mouth this way.

esseph2mo ago

> feels like a weird (and footgun-shaped) middle ground.

hmm

> It is a weird and footgun-shaped middle ground.

Oh? HMMMMM :|

j / k navigate · click thread line to collapse

53 comments

alexjurkiewicz2mo ago

(2024)

Retr0id2mo ago

I'm curious, what do you actually use it for?

tptacek2mo ago

This mostly exists to test lib25519 and ostensibly to build systems with shell scripts (though: few people would do that). It is a weird and footgun-shaped middle ground.

XorNot2mo ago

It's why no one has succeeded in replacing GPG: you need a lot of systems to work in order to have an actual viable one, the ability to spit out signatures from keys is required but not sufficient.

1 more reply

Fnoord2mo ago

> I'm curious, what do you actually use it for?

FTA:

> These tools allow lib25519 to be easily used from shell scripts.

I've never used ed25519-cli, but not having to use a library is nice for someone who isn't a programmer.

2 more replies

gnull2mo ago

That's such a user-hostile design decision. I can't fathom what justifies it (other than kinky taste).

And to those who stay this adds flexibility: it doesn't. Those file descriptors are available under/dev/fd on linux, with named options you can do --pk /dev/fd/5. Or make a named pipe.

minitech2mo ago

> Those file descriptors are available under/dev/fd on linux, with named options you can do --pk /dev/fd/5.

If you have a procfs mounted at /proc and the open syscall to use on it, sure (and even then, it’s wasteful and adds unnecessary failure paths). Even argument parsing is yet more code to audit.

I think the design is pretty good as-is.

1 more reply

PunchyHamster2mo ago

it being option can be nice if you don't want your keys touching disk and need to pass it over to other apps.

it being default is insanity

jedahan2mo ago

yellowapple2mo ago

gnull2mo ago

Those descriptors like 5 could be mapped to anything, including descriptor 1, stdout.

chuckadams2mo ago

What a strange convention. I'm partial to minisign, which works on plain old files.

tptacek2mo ago

This little CLI is not meaningfully an alternative for signify/minify. Here's a good piece on signify from its author (who also comments here):

https://www.openbsd.org/papers/bsdcan-signify.html

alfiedotwtf2mo ago

I’m guessing it’s to support the test framework it’s built with?

PunchyHamster2mo ago

support is fine. Being default is crazy

pseudohadamard2mo ago

It's djb's web site so it's a djb design. With great genius comes great different thinking.

PunchyHamster2mo ago

> It writes the public key to file descriptor 5, and then writes the secret key to file descriptor 9.

Is the project trying to compete with GPG for worst interface ? Magic numbers BAD, especially in something that will mostly be used in scripts

why-o-why2mo ago

Why not zoidbe... I mean, why not open ssh? It's literally a CLI that does every crypto operation with every primitive (except some PQC)?

tptacek2mo ago

If you mean the OpenSSL CLI, it's hard to think of a more footgun-y cryptographic tool than the one that:

* defaults to unauthenticated encryption

* buries its one authenticated mode

* requires explicit command-line nonces

* defaults to an MD5 KDF

You could probably keep going for another 10 bullets. Never use the OpenSSL CLI for anything other than TLS stuff.

coppsilgold2mo ago

You can use ssh-keygen for signing and verifying signatures.

You can also use age[1] to encrypt payloads targeting ssh public keys. And decrypt using ssh private keys.

[1] <https://github.com/FiloSottile/age>

quotemstr2mo ago

Yeah, the OpenSSL CLI sucks. So what's to be done?

Sure, we can build a 25519-specific tool with a less footgun-y interface. Fine, whatever, for that one use case.

Or we can build an alternative OpenSSL CLI that explodes OpenSSL and its numerous useful features in a general way and helps fix lots of use cases.

1 more reply

why-o-why2mo ago

1 more reply

WiSaGaN2mo ago

I can't find the source. Anyone can point to it?

minitech2mo ago

The Download link in the header (https://lib25519.cr.yp.to/download.html).

mrbluecoat2mo ago

Sounds like the perfect place to embed credential stealing malware. Good thing they publish their code on an independent third-party public code sharing platform. Oh wait...

perching_aix2mo ago

esseph2mo ago

> feels like a weird (and footgun-shaped) middle ground.

hmm

> It is a weird and footgun-shaped middle ground.

Oh? HMMMMM :|

j / k navigate · click thread line to collapse