1. 30
    1. 15

      With all due respect, this is probably a redundant effort.

      Upstream OpenSSH has been working on adding signatures via ssh-keygen -Y starting in 8.0:

      • ssh-keygen(1): add an experimental lightweight signature and verification ability. Signatures may be made using regular ssh keys held on disk or stored in a ssh-agent and verified against an authorized_keys-like list of allowed keys. Signatures embed a namespace that prevents confusion and attacks between different usage domains (e.g. files vs email).
      1. 3

        Thank you for sharing this feature, although, I’m starting to think that this kind of feature makes ssh-keygen a tool that does things I don’t expect it to do….

        1. 3

          That’s a reasonable point, maybe suggest they spin it out into something like ssh-sign on the mailing list.

    2. 2

      See also https://github.com/jschauma/jass which is on similar lines.

      1. 1

        You may also be interested in age, which is in the process of being written by a cryptography engineer at Google.