[
https://issues.apache.org/jira/browse/SSHD-757?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16101617#comment-16101617
]
Goldstein Lyor edited comment on SSHD-757 at 1/22/18 7:48 AM:
--------------------------------------------------------------
Details are still a bit sketchy as to how the public keys are published by the
client:
* Where do they reside ? Is there some *standard* location
** {{$HOME/.pgp}}
** $HOME/.gnupg
* Is there some standard way to specify them in the _authorized_keys_ file ?
** {{pgp-sign-dss 87C36E60187451050A4F26B134824FC95C781A18 foo}} where
{{87C36E60187451050A4F26B134824FC95C781A18}} is the key fingerprint
** See [this
article|https://crypto.stackexchange.com/questions/32087/how-to-generate-fingerprint-for-pgp-public-key]
for how to calculate key fingerprint
* Is there some SSH *standard* (RFC) that specifies how to do user
authentication using PGP keys ?
** See also [RFC-4880|https://tools.ietf.org/html/rfc4880]
** For now, perhaps we can simply extract the {{KeyPair}}-s from the PGP keys
** See also [RFC-4880 section
3.7.2.1|https://tools.ietf.org/html/rfc4880#section-3.7.2.1] on how to detect
password-protected private keys and require a {{FilePasswordProvider}} for them.
was (Author: lgoldstein):
Details are still a bit sketchy as to how the public keys are published by the
client:
* Where do they reside ? Is there some *standard* location
** {{$HOME/.pgp}}
** $HOME/.gnupg
* Is there some standard way to specify them in the _authorized_keys_ file ?
** {{pgp-sign-dss 87C36E60187451050A4F26B134824FC95C781A18 foo}} where
{{87C36E60187451050A4F26B134824FC95C781A18}} is the key fingerprint
** See [this
article|https://crypto.stackexchange.com/questions/32087/how-to-generate-fingerprint-for-pgp-public-key]
for how to calculate key fingerprint
* Is there some SSH *standard* (RFC) that specifies how to do user
authentication using PGP keys ?
** See also [RFC-4880|https://tools.ietf.org/html/rfc4880]
** For now, perhaps we can simply extract the {{KeyPair}}-s from the PGP keys
> Add support for PGP authorized keys usage
> -----------------------------------------
>
> Key: SSHD-757
> URL: https://issues.apache.org/jira/browse/SSHD-757
> Project: MINA SSHD
> Issue Type: New Feature
> Affects Versions: 1.6.0
> Reporter: Goldstein Lyor
> Assignee: Goldstein Lyor
> Priority: Minor
> Labels: authorization, key, key-management, pgp, ssh
>
> [SSH 2.3|http://www.onlamp.com/pub/a/onlamp/excerpt/ssh_8/] seems to have
> added the capability to use PGP keys as authorized ones:
> {quote}
> SSH2 Version 2.0.13 introduced support for PGP authentication. Your
> authorization file may also include {{PgpPublicKeyFile, PgpKeyName, PgpKey
> Fingerprint}}, and {{PgpKeyId}} lines. A Command line may follow them, just
> as it may follow Key:
> {noformat}
> # SSH2 only
> PgpKeyName my-key
> Command "/bin/echo PGP authentication was detected"
> {noformat}
> {quote}
> Some examples of how to use _Bouncycastle_ to facilitate this:
> * [Sample code|https://github.com/damico/OpenPgp-BounceCastle-Example]
> * [jpgpj Library wrapper|https://github.com/justinludwig/jpgpj]
> _Python_ [converter
> pgp->ssh|https://raw.githubusercontent.com/fincham/ssh-to-pgp/master/ssh-to-pgp]
> _openssh-gpg_ [configuration|http://www.red-bean.com/~nemo/openssh-gpg/]
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
