7 comments

[ 3.2 ms ] story [ 26.1 ms ] thread
(2024)

My favourite part of these tools is the zany use of numbered file descriptors. `keypair` outputs the public key on fd 5 and secret key on fd 9. But signing reads the secret key on fd 8, while verification reads the public key on fd 4! Why aren't they the same?? I have to read the manpage every time.

Why not zoidbe... I mean, why not open ssh? It's literally a CLI that does every crypto operation with every primitive (except some PQC)?
> feels like a weird (and footgun-shaped) middle ground.

hmm

> It is a weird and footgun-shaped middle ground.

Oh? HMMMMM :|

Sounds like the perfect place to embed credential stealing malware. Good thing they publish their code on an independent third-party public code sharing platform. Oh wait...
I can't find the source. Anyone can point to it?
> It writes the public key to file descriptor 5, and then writes the secret key to file descriptor 9.

Is the project trying to compete with GPG for worst interface ? Magic numbers BAD, especially in something that will mostly be used in scripts

(comment deleted)