←back to thread

Sign arbitrary data with your SSH keys

(www.agwa.name)
637 points h1x | 1 comments | 13 Nov 21 09:13 UTC | HN request time: 0.282s | source
Show context
loloquwowndueo ◴[13 Nov 21 13:40 UTC] No.29209617[source]
This has been possible for a long time using a combination of OpenSSL and ssh.

To sign: openssl dgst -sha512 -sign ~/.ssh/id_rsa file > file.sig

To verify, needs converting the public key (who.pub) to something OpenSSL can grok:

ssh-keygen -e -f /tmp/who.pub -m pkcs8 > /tmp/who.openssl.pub

Then verify: openssl dgst -sha512 -verify /tmp/who.openssl.pub -signature file.sig file

replies(2): >>29212852 #>>29213117 #
1. riedel ◴[13 Nov 21 20:58 UTC] No.29213117[source]
We use openssl to encrypt our passworddb using SSH pub keys. Works nice in scripts. Wonder why we need the new command line.