ssh-agent decrypt

[Peter Moody]

> So it's not clear this provides any advantage over just using the existing
> encrypted channel.

Well in this case there isn't necessarily an existing encrypted ssh
channel b/c i'm presenting the cert (well, a cert-backed message) to
something other than sshd, so it could be over just about any
transport protocol.

but all of these are valid points for why something like this already
in ssh-agent. as I said, moronic monday, at least in pst. :)

> Actually, you don't need any extensions to do this - you can get
> the pubkey from the agent directly

yeah, getting the pubkey is no problem. it's getting access to the
private key to do the decryption.

Cheers,
peter