[NMLUG] Signing a document with my SSH key, not a PGP key?

[Wesley J. Landaker]

On Friday 29 December 2006 07:46, Kelly Jones wrote:
> I want to sign a document with ~/.ssh/id_dsa so that people who have
> my public SSH key (~/.ssh/id_dsa.pub) can confirm that it's from me. I
> don't want to encrypt the document, just sign it.
>
> How can I do this? Is it a good idea? Does ssh-keysign (which is
> disabled by default) play into it?
>
> I know how to sign things using a PGP key, but was wondering if an SSH
> key would work as well?

Which you can make a signature with pretty much any public key, signing 
things with an SSH key is a very ODD thing to do and doesn't have any 
support infrastructure.

If you really want to do it, see 
<http://search.cpan.org/~dbrobins/Net-SSH-Perl/lib/Net/SSH/Perl/Key/DSA.pm> 
which basically just lets you wrap an SSH DSA key and sign with it. It 
won't make pretty cleartext signatures or whatnot.

If you instead really want to have a unified SSH/OpenPGP infrastructure, you 
could use <http://www.red-bean.com/~nemo/openssh-gpg/> which lets you login 
SSH with OpenPGP keys instead of standard SSH keys.

Or, just use the OpenPGP infrastructure for what it's meant for (encryping, 
signing, web-of-trust), and use SSH keys for what they are meant for 
(point-to-point network authentication) and if you want to correlate them, 
you can sign your SSH key with your OpenPGP key.

-- 
Wesley J. Landaker <wjl at icecavern.net> <xmpp:wjl at icecavern.net>
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20061229/5c17c507/attachment.pgp