[pbs-devel] [PATCH proxmox-backup v2 12/12] auth: use auth-api when generating keys and generate ec keys

[Stefan Sterz]

this commit switches pbs over to generating ed25519 keys when
generating new auth api keys. this also removes the last direct
usages of openssl here and further unifies key handling in the auth
api.

Signed-off-by: Stefan Sterz <s.sterz at proxmox.com>
---
 src/auth_helpers.rs | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/src/auth_helpers.rs b/src/auth_helpers.rs
index bbe3001d..cb745eeb 100644
--- a/src/auth_helpers.rs
+++ b/src/auth_helpers.rs
@@ -2,7 +2,6 @@ use std::path::PathBuf;
 use std::sync::OnceLock;
 
 use anyhow::Error;
-use openssl::rsa::Rsa;
 
 use pbs_config::BackupLockGuard;
 use proxmox_auth_api::{HMACKey, PrivateKey, PublicKey};
@@ -49,26 +48,22 @@ pub fn generate_auth_key() -> Result<(), Error> {
         return Ok(());
     }
 
-    let rsa = Rsa::generate(4096).unwrap();
-
-    let priv_pem = rsa.private_key_to_pem()?;
+    let key = proxmox_auth_api::PrivateKey::generate_ec()?;
 
     use nix::sys::stat::Mode;
 
     replace_file(
         &priv_path,
-        &priv_pem,
+        &key.private_key_to_pem()?,
         CreateOptions::new().perm(Mode::from_bits_truncate(0o0600)),
         true,
     )?;
 
-    let public_pem = rsa.public_key_to_pem()?;
-
     let backup_user = pbs_config::backup_user()?;
 
     replace_file(
         &public_path,
-        &public_pem,
+        &key.public_key_to_pem()?,
         CreateOptions::new()
             .perm(Mode::from_bits_truncate(0o0640))
             .owner(nix::unistd::ROOT)
-- 
2.39.2