ssh-agent decrypt

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



moronic monday (pst) question time.

this may have been covered elsewhere, and emphatically shot down (and
if so, I apologize), but I'm interested in using ssh-agent to decrypt
data.

ssh certificates are the most secure user auth token we have, and even
though ssh certs aren't chainable, we routinely use them to assert
identity to things other than ssh (eg. if you can present a cert
that's signed by a known ca, and you can prove you have the private
key that belongs to the cert, we know who you are).

So it'd be nice to be able to give some data back to the client,
encrypted with the client's pubkey, that the client could then ask the
ssh-agent to decrypt using the corresponding private key. in the past,
we've generated a new keypair and sent the new pubkey with the
request, but that's a little clunky and it's as tightly bound to "one
source of truth" as if we could just rely on the key from the cert.

I'm guessing there's a dead simple reason something like this isn't
supported already. like, maintenance of code that only a weenie like
me would use or that it would enable some new class of cryto attacks
or something.

Cheers,
peter
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux