I am using a new computer, but my gpg secret key is in another computer which is broken, so I can not import it from there. Then how can I find back the the secret key ? Thanks
Related
Im trying to contribute to a project, I forked the project but I cannot push to my fork
In TortoiseGit under credentials I can input Username, Email, and Signing Key ID
How do I get this signing key ID from github?
Google search on this subject did not come up with easy results that did not involve generating ssh keys in linux. Do I need to create an SSH key, or can I do it with my username? If I need ssh key, can I generate key through github? I don't have a .ssh directory on a windows machine
I'm currently working on a wrapper app for PuTTY and trying to find a way how to store the host keys inside my app, as I want it to be portable.
The basic idea: By using plink and prepending echo y | I would force to store the host key in the registry (\Software\SimonTatham\PuTTY\SshHostKeys), read the key and then compute the fingerprint. Then I would store the fingerprint in my app's configuration and undo the changes in the registry. However, I don't know how to compute the fingerprint.
Example:
Connecting with plink gives me this host key fingerprint:
The server's ssh-ed25519 key fingerprint is:
ssh-ed25519 256 6e:3e:71:4f:b9:41:e6:09:cf:e1:b8:f4:bd:5a:9e:9b
...
Store key in cache? (y/n)
Choosing "y" will create this registry key:
ssh-ed25519#22:192.168.0.100 0x6e05d2e71d8c86744d27c19ffb96854576cc41c66334d04e93f491023ce42b53,0x1cc99868f5709847f5b0fc1af5d1582b58bed02bc44b73db150cbe0dc09c9c60
What to do with these 2 hex strings to get the fingerprint?
I have downloaded Sourcetree lately which comes with puttygen, plink and pageant.
I have set up an SSH public and private key, with a non-empty passphrase.
I was prompted for this passphrase when I added the private key to the Pageant key list. However, when I restart my machine and re-open Sourcetree I am re-prompted for this passphrase.
1). Should Pageant or Sourcetree be saving this passphrase, so I am not prompted every time I wish to use Sourcetree?
2). If so, how?
Pageant keeps decrypted key in memory only. It does not save the passphrase or the decrypted key anywhere.
Saving the passphrase would be almost as insecure as saving the key unencrypted. While it would be a solution for you, it's really not recommendable!
Quote from Security considerations section of Pageant documentation:
Using Pageant for public-key authentication gives you the convenience of being able to open multiple SSH sessions without having to type a passphrase every time, but also gives you the security benefit of never storing a decrypted private key on disk. Many people feel this is a good compromise between security and convenience.
It is a compromise, however. Holding your decrypted private keys in Pageant is better than storing them in easy-to-find disk files, but still less secure than not storing them anywhere at all.
When I import a public/private pair into windows certificate store, Windows does not require any password of any kind to encrypt the keys.
From that I conclude that if it is a user's store, it uses the user's password (or probably the user's hashed password) to encrypt the private key, and, if it is the local machine store, it is probably some kind of hardware-based key to encrypt the private key.
Did I get it right???
And if I did, what is the point of non-exportable keys if I can decrypt the keys???
And last question - If I got it right up to here, what are the alternatives?
As "SLanks" link explains, the private keys are encrypted with the user's password or the machines's password (depends on the location of the keys in the store).
Therefore, anyone who can log to the machine can obtain to this user's keys and anyone who has access to the machine can obtain keys stored for the local machine.
How would I go about doing this on the terminal?
sftp then asks me for a password. how do I include my DSA key so that I do not have to use the password?
As sftp uses SSH protocol for communication, you may generate private/public key pair using ssh-keygen (read everything their!). Then read this HOWTO about how to transfer your key to remote server. If you need more, read more detailed description of OpenSSH Public Key Authentication.
If you setup your key correctly, and remove SSH server is configured to use key authentication, you will be granted the access without additional password.
If you have ssh-agent running, holding the key to the site, it will handle authentication for you.