SSH and GPG Keys

[Colin Watson]

On Wed, Jun 01, 2005 at 03:23:25PM +0200, Reto Bachmann-Gmuer wrote:
> Hmm, as you say later passing the public-key directly if possible even
> with GPG, but the web-of-trust stuff is missing in SSH
> 
> But I would find it elegant to have one key-pair for SSH/GPG/SSL are
> there fundamental barriers making this impossible? 

I'm sure you could massage, e.g., a 2048-bit RSA GPG key into a 2048-bit
RSA SSH key; it's really only a question of formatting of the raw key
material. However, I would recommend most strongly against it. It's
generally a bad idea to use a single key for everything; you should
protect different security boundaries differently, because this gives
you defence in breadth.

For example, given a weakness in GPG, the signatures are typically
around for much longer and can be used to construct attacks at much
greater leisure than are transcripts of encrypted SSH sessions; an
attacker doesn't even need to connect to your machine. If such a GPG
vulnerability exposes your GPG secret key, you don't want everyone
immediately to be able to log into all your machines. Such a
vulnerability is not hypothetical; it happened to 19 Debian developers
in late 2003, among a number of other people. See:

  http://lists.gnupg.org/pipermail/gnupg-announce/2003q4/000160.html

> And I'd like to have one key wich identifies me as client-certificate
> when I access a website, sign an email, open an ssh connection and
> certifies that my blog is indeed mine.

It would be much better to figure out how to sign all of these keys with
a single master key kept in a secure location and used for nothing else,
than to attempt to unify them into a single key. Producing such
signatures would be a matter of elementary cryptography, although there
may not be formatting standards for expressing them and passing them
around.

Cheers,

-- 
Colin Watson                                       [cjwatson at ubuntu.com]