Re: ssh-agent decrypt

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 



On Tue, Nov 20, 2018 at 10:35:06AM +1100, Damien Miller wrote:
> 0) AFAIK nobody has ever asked before :)
> 1) Not all SSH key algorithms support decryption, e.g. ECDSA and Ed25519
>    are signature-only. Only RSA allows decryption without abusing the key.
> 2) It's generally frowned upon to use the same key for encryption and
>    signing.

Also note that the authentication key may be weaker than the channel
encryption key; eg an RSA2048 bit key is only the equivalent of 112 bits
of symetrical key strength.

So it's not clear this provides any advantage over just using the existing
encrypted channel.

-- 

rgds
Stephen
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev



[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux