ssh agent support about age HOT 7 CLOSED

Oh this is interesting. It's definitely too soon because age is not even stable yet, but I want to think about this when thinking about the agent strategy. I didn't know the ssh-agent protocol was so extensible. If it's a sane protocol we might even adopt it as the one age agent protocol. Might as well.

from age.

Note that since this is a non-standard ssh-agent extension, gpg-agent does not support it, so this does not unlock the capability of using keys on YubiKeys through it.

This is a very interesting experiment, but I think we'll focus on native support for YubiKeys (both PIV and maybe even FIDO2 in symmetric mode) and on a dedicated agent (probably https://github.com/FiloSottile/yubikey-agent) which lets us support native age keys.

from age.

Relevant post on the mailing list: https://groups.google.com/d/msg/age-dev/Xe6zW4haGx8/m_jYh7YTAgAJ

from age.

ssh-agent support would also make it unnecessary to use something like go-piv to use private keys stored on dedicated hardware that GnuPG already supports.

from age.

Is there any plan to look at this before 1.0 release?

from age.

This would also be helpful in the case someone encrypts a message to a GitHub user's SSH key.

In my case I use a smart card with GPG for my SSH keys, so this ssh-agent support would make this usable in the first-place for my use-case.

Also this means we can update the and that SSH keys held on YubiKeys can't be used to decrypt files. note in the readme 🙂

from age.

I'm also interested in this feature. I keep my SSH keys in a keepassxc database, so I currently cannot use them with age.

from age.