1. 27
  1.  

  2. 15

    With all due respect, this is probably a redundant effort.

    Upstream OpenSSH has been working on adding signatures via ssh-keygen -Y starting in 8.0:

    • ssh-keygen(1): add an experimental lightweight signature and verification ability. Signatures may be made using regular ssh keys held on disk or stored in a ssh-agent and verified against an authorized_keys-like list of allowed keys. Signatures embed a namespace that prevents confusion and attacks between different usage domains (e.g. files vs email).
    1. 3

      Thank you for sharing this feature, although, I’m starting to think that this kind of feature makes ssh-keygen a tool that does things I don’t expect it to do….

      1. 3

        That’s a reasonable point, maybe suggest they spin it out into something like ssh-sign on the mailing list.

    2. 2

      See also https://github.com/jschauma/jass which is on similar lines.

      1. 1

        You may also be interested in age, which is in the process of being written by a cryptography engineer at Google.