|
| ▲ | coppsilgold 4 days ago | parent | next [-] |
| You can use ssh-keygen for signing and verifying signatures. You can also use age[1] to encrypt payloads targeting ssh public keys. And decrypt using ssh private keys. [1] <https://github.com/FiloSottile/age> |
|
| ▲ | quotemstr 4 days ago | parent | prev | next [-] |
| Yeah, the OpenSSL CLI sucks. So what's to be done? Sure, we can build a 25519-specific tool with a less footgun-y interface. Fine, whatever, for that one use case. Or we can build an alternative OpenSSL CLI that explodes OpenSSL and its numerous useful features in a general way and helps fix lots of use cases. |
| |
| ▲ | tptacek 4 days ago | parent [-] | | Nothing is to be done. Just don't use the OpenSSL CLI. It's a deeply cursed concept for a tool! | | |
| ▲ | quotemstr 4 days ago | parent | next [-] | | A command like cryptography swiss army knife useful though. If not openssl, then what? | | |
| ▲ | tptacek 4 days ago | parent [-] | | It's useful as a toy and a learning tool, but for nothing else. For those two things, OpenSSL is fine as it is. | | |
| |
| ▲ | pamcake 4 days ago | parent | prev [-] | | [dead] |
|
|
|
| ▲ | why-o-why 4 days ago | parent | prev [-] |
| Are you confusing the open openSSL library with the CLI? Absolutely none of this is true when used as a signing tool on the CLI. Seems like you just needed to rant, rather than answer my question. Which is fine: I do it to, but I was legit asking a question that you ignored and you seem to know about openSSL? |
| |
