I thought it wasn’t advisable to use Ed25519 for signing arbitrary files? It’s at least not advisable to sign large files due to the multi-pass nature of signature generation, per RFC 8032 (sec 8.7). Where do you draw the line on “large”?
I’d assume they’re using Ed25519ph (pre-hash) with a context (the -n file namespace), but I can’t find the source for ssh-keygen with a quick search to confirm. But then again, it’s also not advisable to share keys between Ed25519 and Ed25519ph, which the author would be doing...
I’d assume they’re using Ed25519ph (pre-hash) with a context (the -n file namespace), but I can’t find the source for ssh-keygen with a quick search to confirm. But then again, it’s also not advisable to share keys between Ed25519 and Ed25519ph, which the author would be doing...