Using ssh-agent for encryption purposes (without SSH extensions)

[cipriancraciun]

On the https://github.com/FiloSottile/age project issues and discussions lists often the question of using a plain ssh-agent (as in without any custom SSH extensions) is raised, like for example:

• ssh-agent support FiloSottile/age#244 (spot on the subject);
• SSH_AUTH_SOCK for key? FiloSottile/age#532 (spot on the subject, kind of duplicate of 244);
  • SSH_AUTH_SOCK for key? FiloSottile/age#532 (comment) -- my lengthy response on the subject;
• Allow access to internal format for API usage FiloSottile/age#223 (somewhat tangential);
• Decrypt not working with my setup FiloSottile/age#218;

Unfortunately, using SSH agent for encryption is not possible because it only exposes an operation that relies on signatures, and even that isn't generally suitable for arbitrary signatures.

Fortunately, because RSA and Ed25519 signature schemes are deterministic (only PKCS-v1.5 for RSA) (and not available for ECDSA), it means one can "misuse" SSH agent signatures for symmetric encryption (as in only the one that posses the RSA/Ed25519 secret key can both encrypt and decrypt).

Now, the z-tokens project (the one in this repository) does try to implement such a SSH-agent based symmetric encryption scheme. I've also written a lengthier article on the subject at:

• https://notes.volution.ro/v1/2023/05/remarks/faf953cf/

---

Other projects that have implemented similar solutions based on the unmodified SSH-agent protocol:

• https://github.com/leighmcculloch/sshcrypt;
• https://github.com/ndilieto/libagentcrypt;
• https://github.com/Sets88/ssh-crypt;

---

Thus, in order to document all these use-cases and possible solutions I thought to open this discussion thread here to point at these various places.

Also, I invite anyone to discuss potential problems / issues or other ideas on this topic.