←back to thread

Sign arbitrary data with your SSH keys

(www.agwa.name)
637 points h1x | 4 comments | 13 Nov 21 09:13 UTC | HN request time: 0s | source
Show context
tialaramex ◴[13 Nov 21 10:17 UTC] No.29208795[source]
This comes with a rationale for why this should be safe re-use of SSH keys, and OpenSSH provides, as you would hope, an explicit namespace mechanism so when fifty people re-use this they don't pollute each other's cryptographic context. In both cases this is unlike Filippo's age - which to me makes it a whole lot more attractive.

Its relationship to your identity, contextually ("this is my GitHub key, this is the one for $VolunteerProject servers, and this third one is for my local machines") makes more sense for this purpose than in age too. Signing a git commit with a key you use on gitlab for example.

replies(1): >>29210123 #
1. tptacek ◴[13 Nov 21 14:51 UTC] No.29210123[source]
This has literally nothing to do with age, which, by deliberate design, doesn't implement signing. What a strange and hostile thing to write.
replies(1): >>29210400 #
2. tialaramex ◴[13 Nov 21 15:28 UTC] No.29210400[source]
You wrote:

> This has literally nothing to do with age, which, by deliberate design, doesn't implement signing. What a strange and hostile thing to write.

But of course I never claimed age performs signing I wrote that it re-uses SSH keys without a safety rationale. Here's what age actually says about its re-use of SSH keys:

"As a convenience feature, age also supports encrypting to ssh-rsa and ssh-ed25519 SSH public keys, and decrypting with the respective private key file." -- https://github.com/FiloSottile/age#ssh-keys

So, we see age does in fact re-use SSH keys for this unrelated purpose. And we see that, unlike the OpenSSH feature described in this article, it offers no rationale for why this is safe. Filippo talked about writing such a rationale but ultimately there isn't one provided.

Ordinary users shouldn't try to imagine for themselves why something dangerous might be safe. In the absence of a rationale for why re-using your SSH private keys to decrypt age messages is OK, don't do it.

The article provides a rationale for OpenSSH's "sign arbitrary data" feature (a briefer one is included in the OpenSSH distribution itself) so that you can assure yourself that this is a reasonable thing to do.

replies(1): >>29213961 #
3. akerl_ ◴[13 Nov 21 23:08 UTC] No.29213961[source]
https://blog.filippo.io/using-ed25519-keys-for-encryption/
replies(1): >>29214526 #
4. tialaramex ◴[14 Nov 21 00:45 UTC] No.29214526{3}[source]
Quoting Filippo's blog post:

> What remains open for future work is checking for cross-protocol attacks

Yes. Yes it does.