Security/Guidelines/Key Management: Difference between revisions

Jump to navigation Jump to search

Security/Guidelines/Key Management (view source)

Revision as of 21:23, 23 October 2014

52 bytes added ,  23 October 2014
→‎Generation
Line 85: Line 85:
$ ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa_mozilla_$(date +%Y-%m-%d) -C "Mozilla key for xyz"
$ ssh-keygen -t rsa -b 4096 -f ~/.ssh/id_rsa_mozilla_$(date +%Y-%m-%d) -C "Mozilla key for xyz"


# ECDSA keys are only compatible with OpenSSH 5.7+
$ ssh-keygen -t ecdsa -b 384 -f ~/.ssh/id_rsa_mozilla_$(date +%Y-%m-%d) -C "Mozilla key for xyz"
$ ssh-keygen -t ecdsa -b 384 -f ~/.ssh/id_rsa_mozilla_$(date +%Y-%m-%d) -C "Mozilla key for xyz"
</source>
</source>
=== Protection of User Keys ===
=== Protection of User Keys ===
As SSH keys are rarely renewed the minimum recommended settings are higher than other keys. If you follow a strict key renewal period of '''less than 2 years''', it is reasonable to use RSA 2048 bits or ECDSA 224 bits keys.
As SSH keys are rarely renewed the minimum recommended settings are higher than other keys. If you follow a strict key renewal period of '''less than 2 years''', it is reasonable to use RSA 2048 bits or ECDSA 224 bits keys.
Ulfr
Confirmed users
529

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1027716"

Navigation menu