Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 29 Dec 2006 08:40:14 -0700
From:      "Wesley J. Landaker" <wjl@icecavern.net>
To:        nmlug@nmlug.org
Cc:        Kelly Jones <kelly.terry.jones@gmail.com>, freebsd-questions@freebsd.org, nmosug-l@mailman.swcp.com, linuxusersgroup@googlegroups.com
Subject:   Re: [NMLUG] Signing a document with my SSH key, not a PGP key?
Message-ID:  <200612290840.19917.wjl@icecavern.net>
In-Reply-To: <26face530612290646s214e725dh2f4d5208b25aae80@mail.gmail.com>
References:  <26face530612290646s214e725dh2f4d5208b25aae80@mail.gmail.com>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
--nextPart4667300.0csv6nLc9v
Content-Type: text/plain;
  charset="ansi_x3.4-1968"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

On Friday 29 December 2006 07:46, Kelly Jones wrote:
> I want to sign a document with ~/.ssh/id_dsa so that people who have
> my public SSH key (~/.ssh/id_dsa.pub) can confirm that it's from me. I
> don't want to encrypt the document, just sign it.
>
> How can I do this? Is it a good idea? Does ssh-keysign (which is
> disabled by default) play into it?
>
> I know how to sign things using a PGP key, but was wondering if an SSH
> key would work as well?

Which you can make a signature with pretty much any public key, signing=20
things with an SSH key is a very ODD thing to do and doesn't have any=20
support infrastructure.

If you really want to do it, see=20
<http://search.cpan.org/~dbrobins/Net-SSH-Perl/lib/Net/SSH/Perl/Key/DSA.pm>=
=20
which basically just lets you wrap an SSH DSA key and sign with it. It=20
won't make pretty cleartext signatures or whatnot.

If you instead really want to have a unified SSH/OpenPGP infrastructure, yo=
u=20
could use <http://www.red-bean.com/~nemo/openssh-gpg/>; which lets you login=
=20
SSH with OpenPGP keys instead of standard SSH keys.

Or, just use the OpenPGP infrastructure for what it's meant for (encryping,=
=20
signing, web-of-trust), and use SSH keys for what they are meant for=20
(point-to-point network authentication) and if you want to correlate them,=
=20
you can sign your SSH key with your OpenPGP key.

=2D-=20
Wesley J. Landaker <wjl@icecavern.net> <xmpp:wjl@icecavern.net>
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2

--nextPart4667300.0csv6nLc9v
Content-Type: application/pgp-signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQBFlTbj8KmKTEzW49IRAv+JAJ9KKn310cMH77jGAZHArQOnoEWSBgCgg3q0
qDfnvnrKUkas8LAP9Lh0bA4=
=n7tw
-----END PGP SIGNATURE-----

--nextPart4667300.0csv6nLc9v--



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?200612290840.19917.wjl>