Import a SSH key with
$ monkeysphere-host import-key /path/to/secret/key ssh://server.example.net
- ms: host key imported:
+ ms: host key imported:
pub 2048R/01234567 2011-05-28
uid ssh://server.example.net
OpenPGP fingerprint: 0123456789ABCDF0123456789ABCDF0123456789
----------------------------
The OpenPGP side of this is similar to the SSH protocol, with public
-keys for `https://server.example.net` etc. stored in your keyring. As
-far as I can tell, there is currently no way to print the key
-fingerprint for a given host (analagous to `sshfprs-for-userid`), but
-there's a neat little server `msva-perl` that checks your trust in a
+keys for `https://server.example.net` etc. stored in your keyring.
+There's a neat little server `msva-perl` that checks your trust in a
particular (*context*, *peer*, *PKC type*, *peer type*, *PKC data*)
tuple (e.g. (`https`, `server.example.net`, `x509pem`, `server`,
`cert.pem`)), which you can do by hand (via `msva-query-agent`).
uses the `msva` server to validate HTTPS connections automatically.
Nice.
+If you don't want to use the the validation agent and plugin, you can
+verify keys by hand using `openpgp2pem` (this patch has not yet been
+accepted upstream).
+
+ $ gpg --export 'https://server.example.net' | openpgp2pem | openssl rsa -in /dev/stdin -pubin -text
+ Public-Key: (1024 bit)
+ Modulus:
+ 00:ae:0b:...
+ Exponent: 65537 (0x10001)
+ writing RSA key
+ -----BEGIN PUBLIC KEY-----
+ ...
+ -----END PUBLIC KEY-----
+
+Compare the modulus and exponent with those listed for the public key
+offered by the target server.
+
Packages
--------