(ssh|gpg)-agent

Adrian 'Dagurashibanipal' von Bidder avbidder@fortytwo.ch
Wed Apr 30 09:19:02 2003


--Boundary-02=_Jl3r+C3nyO6uWGC
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Content-Description: signed data
Content-Disposition: inline

On Wednesday 30 April 2003 03:15, Joseph Bruni wrote:
> If you were to try to use the Agent Forwarding feature, wouldn't that
> be (potentially) a lot of data over the wire? Maybe you only need to
> pass the session keys around, instead? Agent forwarding would be really
> cool if you logged in to a remote host and were able to decrypt files
> using a private key that was stored on your local computer's USB
> keychain. I don't think you'd want to pass all the data in this
> scenario.

I think you get it right: when I said 'pass the data around' I thought abou=
t=20
passing the data around which needs to be decrypted/signed with the actual=
=20
secret key. And this, of course, is only the session key for the block ciph=
er=20
and not the whole message.

After all, the session key is only used once, and by decrypting things on a=
=20
remote machine, you trust it to some degree, you only don't want the actual=
=20
secret key leaving your machine (or, ideally, the operation would be done i=
n=20
the USB dongle, so the secret key wouldn't even leave that).

cheers
=2D- vbi


=2D-=20
The ants in France, stay mainly on the plants.

--Boundary-02=_Jl3r+C3nyO6uWGC
Content-Type: application/pgp-signature
Content-Description: signature

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iKcEABECAGcFAj6veUlgGmh0dHA6Ly9mb3J0eXR3by5jaC9sZWdhbC9ncGcvZW1h
aWwuMjAwMjA4MjI/dmVyc2lvbj0xLjMmbWQ1c3VtPTE0Y2E2MTZmMTQ2ODJhODJj
YjljYzI1YzliMzRhMTBkAAoJEIukMYvlp/fW8iMAn2GGxvahl0WBiOlwXVUrVlN4
DXpqAKCPpfwnS3XNRdEuJ0h15/I0gXeWOw==
=SKuT
-----END PGP SIGNATURE-----
Signature policy: http://fortytwo.ch/legal/gpg/email.20020822?version=1.3&md5sum=14ca616f14682a82cb9cc25c9b34a10d

--Boundary-02=_Jl3r+C3nyO6uWGC--