I need advice on a contribution I'd like to make as part of my research with a cryptography professor at UC San Diego. I mostly want to know if there are any obvious practical problems with my idea.
The problem I'm trying to solve is that casual users trying to ssh into Github or their home / school server may not bother creating passphrases for their private ssh keys. This means that they are probably relying on hardware security to keep their private key safe. However, with no added effort, these keys could be cryptographically protected under the user's Windows/Linux logon password in the same way that your saved passwords are protected in the web browser. For example, Chrome on linux uses any available keychain program to encrypt saved passwords under the user's logon credential, if a keychain program is available, and uses the Data Protection API on Windows. More on Windows DPAPI: http://msdn.microsoft.com/en-us/library/ms995355.aspx My idea is to add a "--protect" (e.g.) option to ssh-keygen that encrypts the private key with the user's logon credential (windows or linux password) instead of prompting for a passphrase. For Windows, it can protect the file using Windows DPAPI, but for Linux I would need to create a similar "data protection" service. This "data protection" service is also something I want to create, with ssh-keygen being the main motivation. The linux data protection service would generate a master key for the user, protected on disk by encryption under the user's password, captured by a PAM module. The same PAM module decrypts and re-encrypts the master key when the user changes her password. Then, the data protection service allows ssh-keygen to encrypt the private key using the user's master key, available only when logged on. Now, ssh can use the same service to decrypt the key if the user is logged on (another feature I'd need to add). If the user is not logged on, the private key is unusable. Using eCryptfs, hard-drive encryption, or simply making a passphrase and keeping it in a keyring solve the same problem, but require more effort by the user. More details on my research: https://docs.google.com/document/d/1mibuwHRJpzCFYuQJZ30Cgw6nBjyp6qod19tZnw-Rzv8/edit?usp=sharing Thanks for any help/insights! alexander taylor
