You seem to be fundamentally misunderstanding how the shared keys work, here. You don’t get to choose which key you sign with, either private or public.
If you sign a statement, it uses your private key. Period. The methodology is only the original owner of the keys has access to the private key, so any signed statement also using that private key, is directly from the key owner. Alternatively, anyone has access to your private key, and can encrypt data using it, that only the owner, with access to the private key, can decrypt.
Anyone in the world can encrypt a message that only you can decrypt. That’s the way it works. Alternatively, when you sign a statement, you’re establishing that the owner of the key pair signed it, as only the owner has access to the private key. Then, anyone in the world can verify your signed statement using your public key.
You don’t get to choose which one you use. In the example from my original post, the ssh-agent only needs reference to the location of one of the two keys, and will use the filename regardless, to distinguish between public and private. If I point the configuration option to this_is_my_key indicating a private key, it will automatically use this_is_my_key.pub as a public key. If I indicate this_is_my_key.pub then it does the reverse and will assume that this_is_my_key is the private key. It doesn’t matter which one you specify, the ssh-agent just needs a filename to work with.
Anyone only has access to your public key if you give them access to your public key. So no, not really. They should have access to it. It’s not something you should keep private, but SSH shared keys aren’t PGP shared keys. There’s no key servers for SSH shared keys.
Then, anyone in the world can verify your signed statement using your public key.
Of course. The only barrier is the possession of your public key. I really don’t understand what you’re getting at here. Anyone with your public key can verify a PSK signed statement you made, which obviously is predicated on them having access to the key.
“Alternatively, anyone has access to your private public key, and can encrypt data using it, that only the owner, with access to the private key, can decrypt.”
You seem to be fundamentally misunderstanding how the shared keys work, here. You don’t get to choose which key you sign with, either private or public.
If you sign a statement, it uses your private key. Period. The methodology is only the original owner of the keys has access to the private key, so any signed statement also using that private key, is directly from the key owner. Alternatively, anyone has access to your private key, and can encrypt data using it, that only the owner, with access to the private key, can decrypt.
Anyone in the world can encrypt a message that only you can decrypt. That’s the way it works. Alternatively, when you sign a statement, you’re establishing that the owner of the key pair signed it, as only the owner has access to the private key. Then, anyone in the world can verify your signed statement using your public key.
You don’t get to choose which one you use. In the example from my original post, the ssh-agent only needs reference to the location of one of the two keys, and will use the filename regardless, to distinguish between public and private. If I point the configuration option to
this_is_my_keyindicating a private key, it will automatically usethis_is_my_key.pubas a public key. If I indicatethis_is_my_key.pubthen it does the reverse and will assume thatthis_is_my_keyis the private key. It doesn’t matter which one you specify, the ssh-agent just needs a filename to work with.second paragraph should have “anyone has access to your public key”
Anyone only has access to your public key if you give them access to your public key. So no, not really. They should have access to it. It’s not something you should keep private, but SSH shared keys aren’t PGP shared keys. There’s no key servers for SSH shared keys.
look at last sentence of the second paragraph. Is this what you wanted to write?
Of course. The only barrier is the possession of your public key. I really don’t understand what you’re getting at here. Anyone with your public key can verify a PSK signed statement you made, which obviously is predicated on them having access to the key.
that’s 3rd
“Alternatively, anyone has access to your
privatepublic key, and can encrypt data using it, that only the owner, with access to the private key, can decrypt.”