Subject: Re: easiest way to encrypt a file?
To: Lubomir Sedlacik <>
From: Steven M. Bellovin <>
List: netbsd-users
Date: 12/18/2004 08:46:11
In message <>, Lubomir Sedlacik writes:

>from what he said it seems that his aim is to protect the key from the
>server administrator(s) and the key is a SSH2 DSA key.  in that case the
>"protected" key is already encypted as you mentioned.  but there is no
>way he could protect its contents by any amount of encrypted layers
>since an altered ssh(1) binary would "take care" of everything and it's
>just a waste of time and addition of pointless complexity.

I'll let Jeremy speak for his actual usage model, but I think you're 
right -- I read "server" as "web server", i.e., some place he wanted to 
store the key for retrieval later.  You're absolutely right that 
there's no safe way to use a private key on an untrustworthy machine.

		--Steve Bellovin,