Encrypt /decrypta file with ssh keys.

Alex Bligh alex at alex.org.uk
Sat Aug 6 03:55:01 AEST 2016


> On 5 Aug 2016, at 18:40, Ben Lindstrom <mouring at offwriting.org> wrote:
> 
> The downside to this approach is your using keys created for signing for encryption now.  Which
> means you've leaked additional information about the key material.  Thus slightly weakening the
> security of your key.
> 
> Which isn't really a smart thing to do.

I've not looked deeply at Colin's code, but it seems to be creating a random symmetric
key and only encrypting that. It's not (directly) encrypting the files (that's done
with the symmetric key). If that's the case, a plaintext attack etc. is going to
be pretty hard, because the only thing the key is used for is encrypting a large
random number. I think that's actually pretty safe (signing is after all
encrypting the result of a hash function), but no doubt more experienced
cryptographers can comment.

-- 
Alex Bligh






More information about the openssh-unix-dev mailing list