Key selection.

2025-08-19 03:30:56 +00:00 · 2025-08-18 00:06:03 -05:00 · 2025-08-18 00:06:03 -05:00 · 6a8926f177
commit 6a8926f177
parent 7aba3c374d
3 changed files with 24 additions and 9 deletions
--- a/Sources/Packages/Sources/SecretKit/OpenSSH/OpenSSHKeyWriter.swift
+++ b/Sources/Packages/Sources/SecretKit/OpenSSH/OpenSSHKeyWriter.swift
@ -72,14 +72,16 @@ extension OpenSSHKeyWriter {
    ///   - length: The key length of the algorithm.
    /// - Returns: The OpenSSH identifier for the algorithm.
    public func curveType(for keyType: KeyType) -> String {
-        switch keyType.algorithm {
-        case .ecdsa:
+        switch (keyType.algorithm, keyType.size) {
+        case (.ecdsa, 256), (.ecdsa, 384):
            "ecdsa-sha2-nistp" + String(describing: keyType.size)
-        case .rsa:
+        case (.mldsa, 65), (.mldsa, 87):
+            "ssh-mldsa-" + String(describing: keyType.size)
+        case (.rsa, _):
            // All RSA keys use the same 512 bit hash function, per
            // https://security.stackexchange.com/questions/255074/why-are-rsa-sha2-512-and-rsa-sha2-256-supported-but-not-reported-by-ssh-q-key
             "rsa-sha2-512"
-        case .mldsa:
+        default:
            "unknown"
        }
    }
--- a/Content/PreviewStore.swift
+++ b/Content/PreviewStore.swift
@ -65,7 +65,11 @@ extension Preview {
        var name: String { "Modifiable Preview Store" }
        let secrets: [Secret]
        var supportedKeyTypes: [KeyType] {
-            [.init(algorithm: .ecdsa, size: 256)]
+            [
+                .init(algorithm: .ecdsa, size: 256),
+                .init(algorithm: .mldsa, size: 65),
+                .init(algorithm: .mldsa, size: 87),
+            ]
        }

        init(secrets: [Secret]) {
--- a/Sources/Secretive/Views/CreateSecretView.swift
+++ b/Sources/Secretive/Views/CreateSecretView.swift
@ -30,10 +30,19 @@ struct CreateSecretView<StoreType: SecretStoreModifiable>: View {
                }
                if advanced {
                    Section {
+                        VStack {
                            Picker("Key Type", selection: $keyType) {
                                ForEach(store.supportedKeyTypes, id: \.self) { option in
                                    Text(String(describing: option))
                                        .tag(option)
+                                        .font(.caption)
+                                }
+                            }
+                            if keyType?.algorithm == .mldsa {
+                                Text("Warning: ML-DSA keys are very new, and not supported by many servers yet. Please verify the server you'll be using this key for accepts ML-DSA keys.")
+                                    .padding(.horizontal, 10)
+                                    .padding(.vertical, 3)
+                                    .background(.red.opacity(0.5), in:  RoundedRectangle(cornerRadius: 5))
                            }
                        }
                        TextField("Key Attribution", text: $keyAttribution, prompt: Text("test@example.com"))