ssh-agent decrypt
Damien Miller
djm at mindrot.org
Tue Nov 20 10:35:06 AEDT 2018
On Mon, 19 Nov 2018, Peter Moody wrote:
> moronic monday (pst) question time.
>
> this may have been covered elsewhere, and emphatically shot down (and
> if so, I apologize), but I'm interested in using ssh-agent to decrypt
> data.
>
> ssh certificates are the most secure user auth token we have, and even
> though ssh certs aren't chainable, we routinely use them to assert
> identity to things other than ssh (eg. if you can present a cert
> that's signed by a known ca, and you can prove you have the private
> key that belongs to the cert, we know who you are).
>
> So it'd be nice to be able to give some data back to the client,
> encrypted with the client's pubkey, that the client could then ask the
> ssh-agent to decrypt using the corresponding private key. in the past,
> we've generated a new keypair and sent the new pubkey with the
> request, but that's a little clunky and it's as tightly bound to "one
> source of truth" as if we could just rely on the key from the cert.
>
> I'm guessing there's a dead simple reason something like this isn't
> supported already. like, maintenance of code that only a weenie like
> me would use or that it would enable some new class of cryto attacks
> or something.
There are a few reasons:
0) AFAIK nobody has ever asked before :)
1) Not all SSH key algorithms support decryption, e.g. ECDSA and Ed25519
are signature-only. Only RSA allows decryption without abusing the key.
2) It's generally frowned upon to use the same key for encryption and
signing.
Given those, it would still be possible to make a SSH agent extension to
support encryption, If you do this, then please consider using the
extension mechanism in the ssh-agent protocol draft -
https://www.ietf.org/archive/id/draft-miller-ssh-agent-02.txt
It's pretty unlikely we'd include this in the upstream version though -
it's very niche and probably too easy to misuse.
-d
More information about the openssh-unix-dev
mailing list