Hacker News new | past | comments | ask | show | jobs | submit login

I want to be able to revoke individual keys. If I want to invalidate my key for any reason, I don‘t want to have to change it for everything.



but why do you want to do this.

there is no security benefit from revoking individual keys unless they've been compromised - however, the likelihood of only leaking a single key is extremely unlikely.

There are very few attack vectors how you can compromise a private/public key pair and they all basically boil down to local access. This is not a PreSharedKey situation like a password, where both parties effectively share a single string for authentication. The private key never leaves the authenticating machine, as you're only sending a signature over which will be validated against the public key. So, how are you going to compromise a single key that splitting them increases your security?

you're either completely compromised and somebody has filesystem access or you've forwarded your SSH-Agent to a compromised host. When its the former, you'll have to have the private-key encrypted so they're unable to use them (encrypted at rest) and when its the later, you cannot have your keys added to the agent, making the forwarding redundant in the first place.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: