mirror of
https://github.com/slackhq/nebula.git
synced 2025-01-25 17:48:25 +00:00
a56a97e5c3
Fixes #8. `nebula-cert ca` now supports encrypting the CA's private key with a passphrase. Pass `-encrypt` in order to be prompted for a passphrase. Encryption is performed using AES-256-GCM and Argon2id for KDF. KDF parameters default to RFC recommendations, but can be overridden via CLI flags `-argon-memory`, `-argon-parallelism`, and `-argon-iterations`.
25 lines
528 B
Go
25 lines
528 B
Go
package cert
|
|
|
|
import (
|
|
"testing"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"golang.org/x/crypto/argon2"
|
|
)
|
|
|
|
func TestNewArgon2Parameters(t *testing.T) {
|
|
p := NewArgon2Parameters(64*1024, 4, 3)
|
|
assert.EqualValues(t, &Argon2Parameters{
|
|
version: argon2.Version,
|
|
Memory: 64 * 1024,
|
|
Parallelism: 4,
|
|
Iterations: 3,
|
|
}, p)
|
|
p = NewArgon2Parameters(2*1024*1024, 2, 1)
|
|
assert.EqualValues(t, &Argon2Parameters{
|
|
version: argon2.Version,
|
|
Memory: 2 * 1024 * 1024,
|
|
Parallelism: 2,
|
|
Iterations: 1,
|
|
}, p)
|
|
}
|