(www.agwa.name)

637 points h1x | 1 comments | 13 Nov 21 09:13 UTC | HN request time: 1.15s | source

Show context

loloquwowndueo ◴[13 Nov 21 13:40 UTC] No.29209617[source]▶

>>29208518 (OP) #

This has been possible for a long time using a combination of OpenSSL and ssh.

To sign: openssl dgst -sha512 -sign ~/.ssh/id_rsa file > file.sig

To verify, needs converting the public key (who.pub) to something OpenSSL can grok:

ssh-keygen -e -f /tmp/who.pub -m pkcs8 > /tmp/who.openssl.pub

Then verify: openssl dgst -sha512 -verify /tmp/who.openssl.pub -signature file.sig file

replies(2): >>29212852 #>>29213117 #

1. stormbrew ◴[13 Nov 21 20:20 UTC] No.29212852[source]▶

>>29209617 #

What you get with this over monkeying around with openssl (other than having to deal with two tools with awful command line argument UX instead of just one) is that you can use ssh-agent to do the signing, which means you can also use tokens and such.

↑

Sign arbitrary data with your SSH keys