Optionally replace Chacha8Poly1305 with Aes256Gcm#65
Merged
Conversation
robin-nitrokey
added
the
skip-publish-check
0x0ece
approved these changes
May 31, 2026
robin-nitrokey
force-pushed
the
credential-id-format
branch
from
704e1cc to
6f704a6
Compare
Contributor
sosthene-nitrokey
left a comment
sosthene-nitrokey
left a comment
There was a problem hiding this comment.
Nit: I would prefer "version" instead of "format", but all is good.
It would be nice to also have tests that updating without reset doesn't lead to failing to parse existing credentials.
sosthene-nitrokey
approved these changes
Jun 1, 2026
daringer
approved these changes
Jun 1, 2026
Currently, the credential encoding and decoding is located in different parts of the codebase. This patch introduces the CredentialIdVersion to unify all relevant code in one place. It also introduces the KeyEncryptionKey and KeyWrappingKey helper types to ensure that these keys are only used for the designated steps and cannot be confused with any other key.
This patch adds the credential_id_version field to Config, making it possible to select the credential ID version for new credentials. To avoid invalidating existing credentials, this value is only used on the first boot or after a factory reset.
robin-nitrokey
force-pushed
the
credential-id-format
branch
from
6f704a6 to
2eba541
Compare
Member
Author
|
Updated to use the trussed-core release and renamed |
robin-nitrokey
force-pushed
the
credential-id-format
branch
from
2eba541 to
5457b01
Compare
robin-nitrokey
removed
the
skip-publish-check
robin-nitrokey
force-pushed
the
credential-id-format
branch
from
5457b01 to
4c38096
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The goal of this PR is to optionally replace Chacha8Poly1305 with Aes256Gcm. This is implemented in three steps:
CredentialIdFormatenum (whereV1is the existing implementation with Chacha8).CredentialIdFormat::V2is added, replacing Chacha8 with Aes256Gcm. The runner can select the format that is used for new credentials (default:V1). To avoid invalidating existing credentials, this value is only applied if the state is empty, i. e. on the first boot or after a reset.FirmwareVersionstruct is added to make the firmware version configurable based on the current credential ID format.Depends on: