Thanks you Damien, this will help a lot. Authenticated key exchange. Yes. It will be tricky. I am going to use a library with a trusted implementation and just do the 'plumbing'. The keys unfortunately are in a new format. I am going to start with a very ugly solution (some base64 serialization) and do not know if I will ever need to get more serious. If I iterate on this format and move towards standardization or something, I'll definitely reach out. Both directions, but the primary application is client->server. The last question about playing nicely with existing auth is a good question. I have no idea. I think I will 'hack it on' first and iterate toward something better. The name of the cipher is Yuan-Li IBE authenticated key agreement. Best, Ross _______________________________________________ openssh-unix-dev mailing list openssh-unix-dev@xxxxxxxxxxx https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev