Announcing sshign
Today, I'm annoucing the initial release of sshign, 0.1.0.
sshign uses your private SSH key to sign arbitrary chunks of data. The resulting signature can then be verified using your public SSH key.
I often need to use secondary methods to verify the authenticity of support requests on Sourcehut, for example when someone loses access to their 2FA device. Since almost every user has uploaded their SSH key, this is a really helpful tool for handling support in a secure way. I've already started using it for this purpose. Thanks minus!
Check it out over at https://git.sr.ht/~minus/sshign. Patches welcome.
% cat testkey.pub
ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILY7i5KoxsiIAfxFUxcS7sw2GCpAtQopRqruBhdiylOv
% echo hi | ./sshign testkey | tee sig.txt
ssh-ed25519 XpeGU7KG0pMrzas8th3LP/QqJtBH/SrKcTvdV+BjQr1RN4X9w9BhaRzmcEuXAMGsNwFr6Y8b3VkAsy6LO4I2Dw==
% echo hi | ./sshign testkey.pub sig.txt
verify: ok