Client Keys¶
We use the same format as openssh daemon for storing keys. Currently only
ssh-ed25519 (eliptic curve) keys are supported. More key types may
be supported in future.
To generate it, run:
ssh-keygen -t ed25519 -f ~/.ssh/id_ciruela -P ""
Search Paths¶
If no identity (-i/--identity) or environment variables
(-k/--key-from-env) variables are specified, we the
following keys to sign uploads:
$HOME/.ssh/id_ed25519$HOME/.ssh/id_ciruela$HOME/.ciruela/id_ed25519$CIRUELA_KEYenvironment variable
Note
We only use keys for signing and multiple signatures are okay. So we sign uploads by all the keys found at specified paths. Signing by an extra key does not compromise security.
Warning
We don’t support ssh-agent and password-protected keys yet.