Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Posted on
December 12, 2003, 8:49 am
rate this thread
Re: Is it possible to sign ssh-keys with a trusted authority like Verisign ???
On Fri, 12 Dec 2003, SIggi wrote:
What a CA usually signs is the public part of an RSA key pair.
If you use "openssl genrsa" to generate key pairs, the private part
will be immediately usable with OpenSSH (and this part needs not be
signed, as it is never given away to anybody who might not trust it).
From the public part, you can create a certificate and publish it.
However, ssh (OpenSSH, at least) does not understand such certificates
directly, which is why I wrote a small tool to extract public keys, in
a format acceptable to OpenSSH, from certificates:
You can publish your public key in the form of a signed certificate;
anyone who whishes to use the public key can verify the certificate
and, if successful, extract the key from the certificate.
Quantum Physics Group http://www.quantum.physik.uni-potsdam.de
Institut fuer Physik Tel: +49 331 977 1793 Fax: -1767
Universitaet Potsdam, Germany
- Michael Sierchio
December 12, 2003, 9:26 pm
- » ssh on command line: force using a group size (prime size) of 1024 (and no...
- — Newest thread in » Secure Shell Forum