search for: qgbmosdveobedwkqub3bck9sljvxq3ltu2o

...: missing key <---- here wiktor at metacode.biz `-Y verify` doesn't have this issue: $ ssh-keygen -Y verify -f allowed_signers.md -I wiktor at metacode.biz -n file -s rsa-key.txt.sig < rsa-key.txt Good "file" signature for wiktor at metacode.biz with RSA key SHA256:xb+QgBmoSdveobEdwKqUb3BCk9SLJVxq3Ltu2o/FK7U The man page documentation for ALLOWED_SIGNERS (https://man.archlinux.org/man/ssh-keygen.1#ALLOWED_SIGNERS): > Empty lines and lines starting with a ?#? are ignored as comments. I'm using openssh version 9.6p1-3 as packaged in Arch Linux. I've made a repo with all keys and fil...

...ement.txt Could not verify signature. While this works (note the order of -f's): $ ssh-keygen -Y verify -f /dev/null -f allowed_signers -n file -s statement.txt.sig -I wiktor at metacode.biz < statement.txt Good "file" signature for wiktor at metacode.biz with RSA key SHA256:xb+QgBmoSdveobEdwKqUb3BCk9SLJVxq3Ltu2o/FK7U This is a little bit limiting since it doesn't allow splitting the signers file into multiple locations that may be managed independently. For example: a distro's keys file would be managed by a system package while additional user/local keys could be in a separate one, managed by...

...ure. > > While this works (note the order of -f's): > > $ ssh-keygen -Y verify -f /dev/null -f allowed_signers -n file -s > statement.txt.sig -I wiktor at metacode.biz < statement.txt > Good "file" signature for wiktor at metacode.biz with RSA key > SHA256:xb+QgBmoSdveobEdwKqUb3BCk9SLJVxq3Ltu2o/FK7U > > This is a little bit limiting since it doesn't allow splitting the signers > file into multiple locations that may be managed independently. For example: a > distro's keys file would be managed by a system package while additional > user/local keys could be in a sep...