IETF-SSH archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: agent draft (was Re: Secure Shell: Milestone Update.)
Bill Sommerfeld <sommerfeld%sun.com@localhost> wrote:
> 3) if the agent is the only trusted one and the remote system is not
> trusted to see the cleartext private key, the key could be stored
> remotely in encrypted form and decrypted
> by the agent (using a passphrase or other means). (very different use
> model.)
The PuTTY team has had quite a lot of requests for a use model like
this, because it provides other desirable features such as the
ability to store all your keys encrypted until they're first needed
and ask for their passphrases as required.
The slightly fiddly bit is that there's currently no standard for
the format of an encrypted private key, and every implementation I
know of has its own format and would probably be reluctant to switch
to a standard one. Therefore I was planning to implement this (if
and when I get round to it at all) by means of a user-defined-
extension mechanism in the agent protocol, rather than attempting to
suggest a standardised form.
--
Simon Tatham "My heart bleeds.
<anakin%pobox.com@localhost> (That's how it works.)" -- Gareth Taylor
Home |
Main Index |
Thread Index |
Old Index