Age keys for signing
#355
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
{{ message }}
-
I ran across a problem: age secret keys are stored as-is, while Ed25519 private keys need
sha512(privkey)[:32]to get the key actually used. Because of this, Age keys cannot be converted for use with standard EdDSA. Basically the alternatives are to create new keys / use SSH keys only, or to reimplement the signing algorithm so that it does not hash the secret key before starting.Perhaps in the future Age key generation could be made sha512-based as well, with the seed stored in identity file? Any other thoughts on this?
Beta Was this translation helpful? Give feedback.
All reactions