Adding support for ssh keys for encryption. #692
Comments
|
Here is some boilercode to convert ssh keys to gpg: https://gist.github.com/Mic92/24c40996cd97cb8edd53fd688c60ab6f |
|
I agree with the initial request of using SSH keys for encryption, and #688 will give us that because The PGP key storage format is an abomination and it would be a mistake to add more complexity. Ultimately, we need to steer people away from PGP entirely. |
|
I will built a tool eventually to convert ed25519 as well to age keys, like I did for gpg. |
|
Bump? |
|
I have built: https://github.com/Mic92/ssh-to-age https://github.com/Mic92/ssh-to-pgp/ for use with sops. ssh-to-age can be used for ed25519 keys and ssh-to-pgp for rsa-based ssh keys. |
|
@Mic92 does your implementation literaly the same as https://github.com/FiloSottile/age/blob/main/agessh/agessh.go#L190 << https://blog.filippo.io/using-ed25519-keys-for-encryption age internally does on providing an ssh-ed25519 wrapping it into a X25519 curve encoded as Bech32 with HRP |
|
BSD and MIT are compatible with each other. |
SSH keys could be also used for encryption. They are already in well-known locations i.e.
/etc/ssh/ssh_host_rsa_key. Most developer/servers have already ssh keys.Since most users also have ways of trusting those ssh keys (TOFU, DNS, hosters like github/gitlab or certificates) importing them should be easy. For my project I am thinking about converting ssh keys to gpg keys. However it would be probably also beneficial for sops itself to have this supported out-of-the box. I think usability of ssh-keygen over gpg is out of question.
The text was updated successfully, but these errors were encountered: