Additional Fields in SSH Keys

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I looked around for a bit to try and find the exact format of a DSA
key, but didn't find anything of major use.

Is the key format extensible?

Specifically, is there a way to specify additional credentials?

The idea I was toying with was that it would be incredibly useful if a
key fingerprint could contain additional info such as a method for
verifying said fingerprint (such as a phone number, email address, or

Of course, such info would not be present in the case of a MITM attack,
but that in and of itself could possibly cause questions.

Just a thought.  I know there's something like this in PGP, but those
keys are huge.

Re: Additional Fields in SSH Keys

Quoted text here. Click to load it

< ,
section 6.6.

Quoted text here. Click to load it

No.  The "ssh-dss" format just contains a DSA key.  If you want
extensibility, you should use a different key format.

Quoted text here. Click to load it

Or it might be present, but point to the attacker rather than to the
genuine host.  It would only be useful if you had some way of being sure it
was genuine, in which case you'd end up with...

Quoted text here. Click to load it

As I understand it, that's largely _because_ of all the metadata they
contain.  If you want metadata, you have to put them somewhere.

Ben Harris

Site Timeline