[PATCH] Document transfer of ed25519 secret keys to the ssh-agent

Damien Miller djm at mindrot.org
Thu May 19 17:51:32 AEST 2016 

you're too late :)

https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.agent#L209

Also, work-in-progress:

https://github.com/djmdjm/drafts/blob/master/draft-miller-ssh-agent.txt

On Wed, 18 May 2016, Daniel Kahn Gillmor wrote:

> This documentation is based on sshkey_private_serialize() in sshkey.c,
> which is eventually called by ssh-add.
> ---
>  PROTOCOL.agent | 25 +++++++++++++++++++++++--
>  1 file changed, 23 insertions(+), 2 deletions(-)
> 
> diff --git a/PROTOCOL.agent b/PROTOCOL.agent
> index c386d16..5188225 100644
> --- a/PROTOCOL.agent
> +++ b/PROTOCOL.agent
> @@ -252,13 +252,34 @@ RSA certificates may be added with this request:
>  	string			key_comment
>  	constraint[]		key_constraints
>  
> +ED25519 keys may be added with this request:
> +
> +	byte			SSH2_AGENTC_ADD_IDENTITY or
> +				SSH2_AGENTC_ADD_ID_CONSTRAINED
> +	string			"ssh-ed25519"
> +	mpint			ed25519_pk
> +	mpint			ed25519_sk
> +	string			key_comment
> +	constraint[]		key_constraints
> +
> +ED25519 certificates may be added with this request:
> +
> +	byte			SSH2_AGENTC_ADD_IDENTITY or
> +				SSH2_AGENTC_ADD_ID_CONSTRAINED
> +	string			"ssh-ed25519-cert-v01 at openssh.com"
> +	string			certificate
> +	mpint			ed25519_pk
> +	mpint			ed25519_sk
> +	string			key_comment
> +	constraint[]		key_constraints
> +
>  Note that the 'rsa_p' and 'rsa_q' parameters are sent in the reverse
>  order to the protocol 1 add keys message. As with the corresponding
>  protocol 1 "add key" request, the private key is overspecified to avoid
>  redundant processing.
>  
> -For DSA, ECDSA and RSA key add requests, "key_constraints" may only be
> -present if the request type is SSH2_AGENTC_ADD_ID_CONSTRAINED.
> +For DSA, ECDSA, RSA, and ED25519 key add requests, "key_constraints" may
> +only be present if the request type is SSH2_AGENTC_ADD_ID_CONSTRAINED.
>  
>  The agent will reply with a SSH_AGENT_SUCCESS if the key has been
>  successfully added or a SSH_AGENT_FAILURE if an error occurred.
> -- 
> 2.8.1
> 
> _______________________________________________
> openssh-unix-dev mailing list
> openssh-unix-dev at mindrot.org
> https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
>

More information about the openssh-unix-dev mailing list