Interfacing with ssh-agent, API programming question
Markus Friedl
markus at openbsd.org
Sat Jan 12 08:17:57 EST 2002
On Fri, Jan 11, 2002 at 10:39:27AM -0800, Sean Russell wrote:
> I'd like it to sign something for me, or even give me the
> secret key. If there is a better way of doing this, I'd like to know. I
> just want something to use as an encryption key for the filesystem.
you can use the API from authfd.h
however, ssh-agent does not give away the secret key.
this is what the agent it for. it just does operations
using the secret key.
> For average use (ssh-agent being run, then running ssh-add from a
> sub-process) it appears that the key stored in the ssh-agent is an RSA1,
> which the ssh-agent won't use to generate signatures (generating "illegal
> key type" errors).
if you generate a key with
ssh-keygen -t {rsa,dsa} -f xxx
then you can use this key to sign data.
however, the returned signature will be in
an ssh specific format:
http://www.ietf.org/internet-drafts/draft-ietf-secsh-transport-11.txt
Signing and verifying using this key format is done according to
[SCHNEIER] and [PKCS1] using the SHA-1 hash.
The resulting signature is encoded as follows:
string "ssh-rsa"
string rsa_signature_blob
rsa_signature_blob is encoded as a string containing s (which is an
integer, without lengths or padding, unsigned and in network byte
order).
More information about the openssh-unix-dev
mailing list