Encrypt /decrypta file with ssh keys.

Daniel Kahn Gillmor dkg at fifthhorseman.net
Sat Aug 6 03:44:41 AEST 2016

On Fri 2016-08-05 11:30:17 -0400, Colin Leavett-Brown wrote:
> Hello,  I needed to share some secret info with one or two specific 
> individuals and wrote a short wrapper script to encrypt/decrypt files 
> using ssh keys (everyone has at least one pair). In searching, I found 
> others wanting this functionality and borrowed heavily from this doc 
> "http://www.czeskis.com/random/openssl-encrypt-file.html" in writing the 
> script. I am willing to share the code if anyone is interested.

I'd recommend *not* doing this kind of cross-protocol use of key
material.  There are often attacks that you don't expect when you reuse
keys like this.

For example, consider a variant of the ssh protocol (or a bug in an
implementation) that allows the ssh server to select the message that
the client has to sign in order to authenticate.

an ssh server that gets ahold of an encrypted message of the type you're
proposing might be able to transform the encrypted session key into an
authentication message.  the next time the user goes to log in, in
addition to authenticating, it is effectively offering the server the
secret needed to decrypt the stored message.

I'm not saying this attack works directly with ssh as-implemented.  (i
actually suspect it doesn't, because i believe ssh's authenticatin
mechanism should require contributory behavior from both parties over
the message to be signed, though i haven't reviewed it recently enough
to be sure), but (a) implementation bugs happen, and (b) sometimes
protocols have weaknesses that we don't understand at first glance.

Key reuse across application domains will expose the user to classes of
bug and attack that we really don't understand well and are difficult to
reason about systematically.  It's generally ill-advised.

That said, you can still bind keys together and associate them with
other keys.  OpenPGP is an example of that -- you can bind your SSH key
into your OpenPGP key as a subkey, and then it will be associated with a
bunch of other keys, each of which can be designated for a specific

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 948 bytes
Desc: not available
URL: <http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20160805/74312e18/attachment.bin>

More information about the openssh-unix-dev mailing list