kuschelyagi/piecannon
1
0
Fork 0
Code Issues 5 Pull Requests Projects Releases Wiki Activity

Integration with OpenKeychain for SSH keys #5

New Issue
Open
opened 2020-11-04 02:28:51 +00:00 by kuschelyagi · 0 comments
kuschelyagi commented 2020-11-04 02:28:51 +00:00
Owner
Copy Link

On Android, OpenKeychain could be used to store PGP keys; these can contain authentication subkeys that can be used to login to SSH. OpenKeychain has an SSH authentication API that we can use to sign challenges.

JSch (the SSH library we use) has pluggable identity support, through the IdentityRepository interface (this is what jsch-agent-proxy does). In particular it looks like Identity.getSignature(byte[]) would delegate to the org.openintents.ssh.action.SIGN action?

Another option might be OkcAgent which is a implementation of ssh-agent that bridges between Termux and OpenKeychain. This app comes in two parts, the Android app and the native Termux app, and from a cursory look it's unclear which parts are responsible for what. If my hunch is correct then the Android app implements the agent logic and the Termux app just forwards to it, perhaps we can bypass the need for that Termux bridge and use jsch-agent-proxy to talk to OkcAgent like any other ssh-agent.

On Android, [OpenKeychain](https://www.openkeychain.org/) could be used to store PGP keys; these can contain authentication subkeys that can be used to login to SSH. OpenKeychain has an [SSH authentication API](https://github.com/open-keychain/open-keychain/tree/master/sshauthentication-api) that we can use to [sign challenges](https://github.com/open-keychain/open-keychain/blob/master/sshauthentication-api/src/main/java/org/openintents/ssh/authentication/SshAuthenticationApi.java#L40). JSch (the SSH library we use) has pluggable identity support, through the [IdentityRepository](https://epaul.github.io/jsch-documentation/simple.javadoc/com/jcraft/jsch/IdentityRepository.html) interface (this is what jsch-agent-proxy does). In particular it looks like [Identity.getSignature(byte[])](https://epaul.github.io/jsch-documentation/simple.javadoc/com/jcraft/jsch/Identity.html#getSignature-byte:A-) would delegate to the `org.openintents.ssh.action.SIGN` action? Another option might be [OkcAgent](https://github.com/DDoSolitary/OkcAgent) which is a implementation of ssh-agent that bridges between Termux and OpenKeychain. This app comes in two parts, the Android app and the native Termux app, and from a cursory look it's unclear which parts are responsible for what. If my hunch is correct then the Android app implements the agent logic and the Termux app just forwards to it, perhaps we can bypass the need for that Termux bridge and use jsch-agent-proxy to talk to OkcAgent like any other ssh-agent.
kuschelyagi added the
Android
 label 2020-11-05 10:14:54 +00:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
Android
ftp
GNU/Linux
gofile
sftp
Windows
No Label
Android
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
kuschelyagi
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: kuschelyagi/piecannon#5
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?