At the August PAW meeting, I dropped a pointer in IRC to sshAuth.py, my attempt to use sshagent to make digital signatures. I started on it 2003/09, and I banged my head against a while for quite a while trying to get it to work.
Last night, while noodling on calendar synchronization and delegation, I took another run at the problem; this time, it worked! Thanks to paramiko:
from paramiko import Agent, RSAKey, Message import Crypto.Util.randpool import binascii data = "hoopy" # data to sign user = "connolly" # salt to taste # get my public key authkeys = file("/home/%s/.ssh/authorized_keys" % user) authkeys.next() # skip 1st one keyd = authkeys.next() tn, uu, other = keyd.split() keyblob = binascii.a2b_base64(uu) pubkey = RSAKey(Message(keyblob)) pool = Crypto.Util.randpool.RandomPool() a = Agent() agtkey = a.get_keys() sigblob = agtkey.sign_ssh_data(pool, data) print pubkey.verify_ssh_sig(data, Message(sigblob))
That skip 1st one bit took me a while to figure out. I have 2 keys in my ~/.ssh/authorized_keys file. I wonder if sshAuth.py would work with that fix.
I also took a look at the state-of-the art in password agents and managers for gnome. revelation looks interesting. I'm still hoping for something like OpenID/SXIP integrated with password managers like the OSX keychain.
I took notes in the #swig channel while I was at it. I got a kick out of this exchange:
04:44:59 <Ontogon_> dan, are you talking to yourself? 04:45:32 <dajobe> he's talking to the web