Encrypt /decrypta file with ssh keys.
Ben Lindstrom
mouring at offwriting.org
Sat Aug 6 03:40:33 AEST 2016
Alex Bligh wrote:
>> On 5 Aug 2016, at 18:09, James Murphy<james.murphy.debian at gmail.com> wrote:
>>
>> The more mainstream thing to do is just use gpg, which has this
>> functionality already built in. Is this not suitable for your use case?
>
> The advantage of Colin's approach is that gpg requires out of band exchange
> of gpg keys separately from ssh keys. If you already have ssh keys
> distributed (which might be in an automated environment for instance),
> it would be very useful.
>
> Of course if you already have gpg keys set up and exchanged, gpg
> would be just fine.
>
The downside to this approach is your using keys created for signing for
encryption now. Which
means you've leaked additional information about the key material. Thus
slightly weakening the
security of your key.
Which isn't really a smart thing to do.
Ben
More information about the openssh-unix-dev
mailing list