Sign arbitrary data with your SSH keys

(www.agwa.name)

637 points h1x | 1 comments | 13 Nov 21 09:13 UTC | HN request time: 0s | source

Show context

pizza ◴[13 Nov 21 10:03 UTC] No.29208734[source]▶

>>29208518 (OP) #

I get that they're "public" keys, but I was surprised to learn (and from somebody other than github themselves) that ssh public keys are just available at that github.com/username.keys URL (without there being an option to disable it, it seems?). Did most people already know that? Probably fine but just surprised. Just tried searching their authentication docs [0] and I don't get any results for "public key url" either

https://docs.github.com/en/authentication?query=public+key+u...

replies(26): >>29208748 #>>29208752 #>>29208754 #>>29208768 #>>29208790 #>>29208806 #>>29208828 #>>29208856 #>>29208877 #>>29208909 #>>29208990 #>>29209073 #>>29209103 #>>29209113 #>>29209243 #>>29209399 #>>29209634 #>>29210045 #>>29210085 #>>29210460 #>>29211355 #>>29211357 #>>29211783 #>>29212241 #>>29212499 #>>29213083 #

Edmond ◴[13 Nov 21 11:35 UTC] No.29209103[source]▶

>>29208734 #

>I get that they're "public" keys

From your quote around "public", I presume you think there is some sense in which they're not really public? They are and should ALWAYS be considered PUBLIC. If you find yourself ever crafting a security solution where public keys somehow need to be private or secret, go back to the drawing board or reach out to someone with serious expertise.

There are cases where information on a certificate (which is associated with a public key)may indeed need to be protected, in that case you need to implement an information mask (via hashing) that can protect the private information, we had to do something similar with Certisfy.com certificates. But public keys should be considered public without exceptions.

replies(8): >>29209253 #>>29209264 #>>29209312 #>>29209521 #>>29209535 #>>29210485 #>>29211342 #>>29211702 #

numair ◴[13 Nov 21 12:16 UTC] No.29209253[source]▶

>>29209103 #

> If you find yourself ever crafting a security solution where public keys somehow need to be private or secret, go back to the drawing board or reach out to someone with serious expertise.

I know you’re taking the “strict teacher” approach with your comment, but you’re totally wrong. And the reason you’re wrong is, security doesn’t equal privacy. But for the “average person,” security does equal privacy, or should, so they find systems that could potentially expose their identity to be “insecure.”

In this particular case, there have been past examples of using keys to fingerprint users without their consent. Yes, it’s been super edge-case and proof-of-concept, but for a lot of people — and perhaps more importantly, in a lot of jurisdictions — leaving a personal identifier sitting around like this (without ever informing the user!) is the very opposite of a best practice.

The end result is, you should only have a key on GitHub that isn’t used anywhere else. That’s what I do, and I’m sure lots of us on this comment thread do, but there’s definitely lots of My First Coding Bootcamp people who were guided through their GitHub account installations who might not have been aware that these are keys that shouldn’t be reused elsewhere.

I would have a very different view on this if GitHub had been explicit about the use of registered keys for other services. That’s a GREAT concept, but I’m not going to trust a company with that business when they’ve just backdoored themselves into it without asking for permission. And the problem for them is, in this particular situation you need the weird paranoid privacy crowd on your side for it to work.

replies(4): >>29209298 #>>29209614 #>>29209616 #>>29210172 #

Gargyle ◴[13 Nov 21 12:28 UTC] No.29209298[source]▶

>>29209253 #

The crowd that needs privacy is also the most high stakes and vulnerable crowd. They are the people that may save civil society with a structure built by thousands of small stones. Dismissing concern in that area is inherently giving tyrants and aspiring ones power.

replies(1): >>29209323 #

numair ◴[13 Nov 21 12:33 UTC] No.29209323[source]▶

>>29209298 #

You’re clearly super well-informed about this problem space. I’d like to talk to you about this a bit more, if you’re up for it — shoot me an email (it’s in my HN bio).

replies(1): >>29209366 #

Gargyle ◴[13 Nov 21 12:41 UTC] No.29209366[source]▶

>>29209323 #

Is that sarcasm?

replies(1): >>29209384 #

numair ◴[13 Nov 21 12:45 UTC] No.29209384{3}[source]▶

>>29209366 #

Not at all! You’ve covered all of the major threat vectors that others would dismiss or not know about. You’ve got true expertise in this area, my friend.

replies(1): >>29209980 #

Gargyle ◴[13 Nov 21 14:32 UTC] No.29209980{4}[source]▶

>>29209384 #

I am just wary of flattery and "my friend". I am not especially suspicious of your motives but we don't know each other yet. If you want to have an interesting conversation with me I am positive to do that pseudonymously. Maybe leave me a pubkey here

replies(1): >>29210098 #

numair ◴[13 Nov 21 14:49 UTC] No.29210098{5}[source]▶

>>29209980 #

  ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCalPlcbQUWX5caNedbKuWxAOUG+wFU2jtPUXmAcUDTIUgNz9JeW7cOAH1FPAcouIBM/0e48hdswSB2XHR0yHj3HvGx2KfB1lsd+FxXRR+dGPzO3WiMHXHdKogmHilk9U1ztwEFoZAkXuxvykv+Sn16j/xHXgFHdx5IDl/jyT5/IEIZHiePQqPYgptea/kXDiQGClMcT5V1bczCQH5tIcXdSKHhXn3oV1IAd79FpznmeCMALsyS4MUeU7uSx32PknIpgev64aMFgZItJUanqaeABuc9mcGNgHLBhBdO+gCOwBnwd+7boKmRawvMnEwsoznN9elr4FeBB81mBRnc6Q53 numair

replies(1): >>29210310 #

1. Gargyle ◴[13 Nov 21 15:17 UTC] No.29210310{6}[source]▶

>>29210098 #

(Don't expect realtime/neartime messages. I'll write whenever I feel like it.)

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCssSd91viJEmUQNx28L6JifYcGwTNEkLnmvZvdNxWxdTCrKwPEBVdlLooN90QugL/mJVwcWj9qsnOLbcoVaJlqMppY8UYlHP6OnGwKRGkpPdbKHnBA+Rrg7r8GUwdLW/PvI8DWhEPXzzWvrCNiESJWVdSCT2bTfAA3CQuPnL9cr5hcpw0i1jf7PBXRiVw2E2133KhEr91xNMH/jXh4jrly3J+kmBEmJcrkHNrHj0O8Ml+PmVQknq+tYT1DivnE2dxHoMkfdP0xP9yV9s0+7/JhU+tnXJ2+kaIOSpOOmhBPyjNYO6wkNvQh3aYzKrtcoOWPO2y56sfw9Uqlbpyr1ZU1 Gargyle

↑