* patatt: main branch gained support for openssh signatures
@ 2021-11-15 16:36 Konstantin Ryabitsev
0 siblings, 0 replies; only message in thread
From: Konstantin Ryabitsev @ 2021-11-15 16:36 UTC (permalink / raw)
To: tools
[-- Attachment #1: Type: text/plain, Size: 1842 bytes --]
Hi, all:
Openssh signing is about to become possible with the latest git release, so
patatt master has gained ability to support openssh signing as well. It
requires OpenSSH 8.0+, so unless you're running one of those LTS distros, you
should already have it available.
The signatures don't really look that dramatically different, though they are
slightly longer than I would have expected for ed25519 keys:
X-Developer-Signature: v=1; a=openssh-sha256; t=1636987789; l=403;
i=konstantin@linuxfoundation.org; s=20211115; h=from:subject;
bh=aWNA6NFmS5xpRH5Gpy45nWiKCOnDOKHOYOV7Y6lyLcU=;
b=U1NIU0lHAAAAAQAAADMAAAALc3NoLWVkMjU1MTkAAAAgqCBwATTti8v9QsWJB4x1yVA72ozVqlXw
jcZ/ImRjPZsAAAAGcGF0YXR0AAAAAAAAAAZzaGE1MTIAAABTAAAAC3NzaC1lZDI1NTE5AAAAQGyoMN
fuL86rhp2CLqjzAoVC9l1sFREfyvnkT/6QpnYht/gQCkAp+KyvWLOaywWPekG5OGMbmwnMu4WOSKmI
0Qo=
X-Developer-Key: i=konstantin@linuxfoundation.org; a=openssh;
fpr=SHA256:movubj27MLZcp0EAsOhlbu3/RJkj1VF9FfHGUsiB4Gw
To add them to the keyring, just add the person's standard openssh
pubkey-formatted file into $KEYRINGPATH/openssh/domain/local/selector.
There are interesting benefits of using openssh as opposed to straight-out
ed25519 keys as generated by patatt:
- openssh keys can be protected by a passphrase and will benefit from
ssh-agent passphrase caching
- this should, in theory, be fully compatible with -sk ssh keys stored on u2f
compliant tokens -- though I've yet to test this
- people are more likely to back up openssh keys than their
~/.local/share/patatt directory
If you're already using PGP keys, then obviously don't switch. However, this
could be a reasonable option for new people choosing to use patatt.
The support for openssh-signing is in the main branch and I will release
patatt-0.5 after some more testing.
Best regards,
-K
[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 228 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2021-11-15 16:36 UTC | newest]
Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-11-15 16:36 patatt: main branch gained support for openssh signatures Konstantin Ryabitsev
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.