←back to thread

Sign arbitrary data with your SSH keys

(www.agwa.name)
637 points h1x | 1 comments | 13 Nov 21 09:13 UTC | HN request time: 0.217s | source
Show context
dnamlin ◴[13 Nov 21 12:43 UTC] No.29209377[source]
Ethereum has standardized ways to formulate (off-chain) signatures for arbitrary messages [1] and Solidity structs [2]. Convenient command-line tooling is lacking currently, but some interesting twists to consider:

If you sign using a key that also controls cryptoassets, then you're incentivized to keep the key safe and secure indefinitely. Contrast with tendency to lose GPG and SSH keys after losing interest for a few years, changing jobs, etc.

Moreover, consider key revocation. The revocation mechanisms for GPG and SSH keys are not that effective, due to impracticality of publishing your revocation in a way that really ensures subsequent verifiers are alarmed. If only there were some sort of decentralized, permissionless, globally-replicated database which verifiers could check for that information...

More generally if you have a really important signature to publish, you can mint an NFT for it or otherwise inscribe it on the blockchain. There it will live, irrefutably notarized and timestamped, forever.

I explored these ideas in a weeklong side project [3] that only got to cumbersome proof-of-concept stage.

[1] https://eth.wiki/json-rpc/API#eth_sign

[2] https://eips.ethereum.org/EIPS/eip-712

[3] https://github.com/mlin/stakesign

Footnote: Bitcoin also had an arbitrary-message-signing mechanism -- commonly used on bitcointalk back in the day -- but I think it may now be ~defunct due to not keeping up with the newer address types introduced in recent years.

replies(1): >>29209398 #
Gargyle ◴[13 Nov 21 12:50 UTC] No.29209398[source]
Attaching this to cryptoassets increases your operational (more mental overhead, doesnt work with simple keybearer devices, you assume people to be lazy and bad at key management) and technical (irrevocable ethereum-bugs that can only be mitigated by chain splits) complexity.

Albeit for long-term public signatures I see the benefit in spreading the sig and revocation information from the classical tools in to as many hard to modify places as possible. Popular global databases like Ethereum and similar are good condidates for that.

And of course have the verification scheme expose inconsistencies between different key-sources and tag them with their respective power structure categories. (Lime Government, Cryptocurrency-Devs, HugeCodeHostingPlatform, CompanyBehindHugeCodeHostingPlatform, etc...)

replies(1): >>29209587 #
1. dnamlin ◴[13 Nov 21 13:35 UTC] No.29209587[source]
An Ethereum address is just a public key (which, as the owner, you also have the private key to). You can make one, and sign messages with it, without touching the blockchain or sending any assets to it. So added complexity is -necessary- only to the extent you wish to involve those additional ways you can interact with the blockchain (that you can't using GPG or SSH keys). I'm saying this in principle of course, granting the current lack of convenient utilities/CLIs for operating this way.

I would speculate that there are probably already more people who practice decent opsec for their Ethereum keys than for GPG & SSH keys. Soon it won't be close!