Date: Fri, 29 Dec 2006 08:40:14 -0700 From: "Wesley J. Landaker" <wjl@icecavern.net> To: nmlug@nmlug.org Cc: Kelly Jones <kelly.terry.jones@gmail.com>, freebsd-questions@freebsd.org, nmosug-l@mailman.swcp.com, linuxusersgroup@googlegroups.com Subject: Re: [NMLUG] Signing a document with my SSH key, not a PGP key? Message-ID: <200612290840.19917.wjl@icecavern.net> In-Reply-To: <26face530612290646s214e725dh2f4d5208b25aae80@mail.gmail.com> References: <26face530612290646s214e725dh2f4d5208b25aae80@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--nextPart4667300.0csv6nLc9v Content-Type: text/plain; charset="ansi_x3.4-1968" Content-Transfer-Encoding: quoted-printable Content-Disposition: inline On Friday 29 December 2006 07:46, Kelly Jones wrote: > I want to sign a document with ~/.ssh/id_dsa so that people who have > my public SSH key (~/.ssh/id_dsa.pub) can confirm that it's from me. I > don't want to encrypt the document, just sign it. > > How can I do this? Is it a good idea? Does ssh-keysign (which is > disabled by default) play into it? > > I know how to sign things using a PGP key, but was wondering if an SSH > key would work as well? Which you can make a signature with pretty much any public key, signing=20 things with an SSH key is a very ODD thing to do and doesn't have any=20 support infrastructure. If you really want to do it, see=20 <http://search.cpan.org/~dbrobins/Net-SSH-Perl/lib/Net/SSH/Perl/Key/DSA.pm>= =20 which basically just lets you wrap an SSH DSA key and sign with it. It=20 won't make pretty cleartext signatures or whatnot. If you instead really want to have a unified SSH/OpenPGP infrastructure, yo= u=20 could use <http://www.red-bean.com/~nemo/openssh-gpg/>; which lets you login= =20 SSH with OpenPGP keys instead of standard SSH keys. Or, just use the OpenPGP infrastructure for what it's meant for (encryping,= =20 signing, web-of-trust), and use SSH keys for what they are meant for=20 (point-to-point network authentication) and if you want to correlate them,= =20 you can sign your SSH key with your OpenPGP key. =2D-=20 Wesley J. Landaker <wjl@icecavern.net> <xmpp:wjl@icecavern.net> OpenPGP FP: 4135 2A3B 4726 ACC5 9094 0097 F0A9 8A4C 4CD6 E3D2 --nextPart4667300.0csv6nLc9v Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (GNU/Linux) iD8DBQBFlTbj8KmKTEzW49IRAv+JAJ9KKn310cMH77jGAZHArQOnoEWSBgCgg3q0 qDfnvnrKUkas8LAP9Lh0bA4= =n7tw -----END PGP SIGNATURE----- --nextPart4667300.0csv6nLc9v--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200612290840.19917.wjl>