-
Notifications
You must be signed in to change notification settings - Fork 894
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding support for ssh keys for encryption. #692
Comments
Here is some boilercode to convert ssh keys to gpg: https://gist.github.com/Mic92/24c40996cd97cb8edd53fd688c60ab6f |
I agree with the initial request of using SSH keys for encryption, and #688 will give us that because The PGP key storage format is an abomination and it would be a mistake to add more complexity. Ultimately, we need to steer people away from PGP entirely. |
I will built a tool eventually to convert ed25519 as well to age keys, like I did for gpg. |
Bump? |
I have built: https://github.com/Mic92/ssh-to-age https://github.com/Mic92/ssh-to-pgp/ for use with sops. ssh-to-age can be used for ed25519 keys and ssh-to-pgp for rsa-based ssh keys. |
@Mic92 does your implementation literaly the same as https://github.com/FiloSottile/age/blob/main/agessh/agessh.go#L190 << https://blog.filippo.io/using-ed25519-keys-for-encryption age internally does on providing an ssh-ed25519 wrapping it into a X25519 curve encoded as Bech32 with HRP |
BSD and MIT are compatible with each other. |
SSH keys could be also used for encryption. They are already in well-known locations i.e.
/etc/ssh/ssh_host_rsa_key
. Most developer/servers have already ssh keys.Since most users also have ways of trusting those ssh keys (TOFU, DNS, hosters like github/gitlab or certificates) importing them should be easy. For my project I am thinking about converting ssh keys to gpg keys. However it would be probably also beneficial for sops itself to have this supported out-of-the box. I think usability of ssh-keygen over gpg is out of question.
The text was updated successfully, but these errors were encountered: