On Friday 29 December 2006 07:46, Kelly Jones wrote:
> I want to sign a document with ~/.ssh/id_dsa so that people who have
> my public SSH key (~/.ssh/id_dsa.pub) can confirm that it's from me. I
> don't want to encrypt the document, just sign it.
> How can I do this? Is it a good idea? Does ssh-keysign (which is
> disabled by default) play into it?
> I know how to sign things using a PGP key, but was wondering if an SSH
> key would work as well?

Which you can make a signature with pretty much any public key, signing 
things with an SSH key is a very ODD thing to do and doesn't have any 
support infrastructure.

If you really want to do it, see 
which basically just lets you wrap an SSH DSA key and sign with it. It 
won't make pretty cleartext signatures or whatnot.

If you instead really want to have a unified SSH/OpenPGP infrastructure, you 
could use <http://www.red-bean.com/~nemo/openssh-gpg/> which lets you login 
SSH with OpenPGP keys instead of standard SSH keys.

Or, just use the OpenPGP infrastructure for what it's meant for (encryping, 
signing, web-of-trust), and use SSH keys for what they are meant for 
(point-to-point network authentication) and if you want to correlate them, 
you can sign your SSH key with your OpenPGP key.

Wesley J. Landaker <[EMAIL PROTECTED]> <xmpp:[EMAIL PROTECTED]>
OpenPGP FP: 4135 2A3B 4726 ACC5 9094  0097 F0A9 8A4C 4CD6 E3D2

Attachment: pgpMVyE7VMe5Q.pgp
Description: PGP signature

Reply via email to