
Show HN: SSHub – store and share SSH keys - schikin
https://sshub.dev
======
tiernano
Not sure I like this idea. I do like Krypt.co, cause the private key is stored
on your phone in the Secure Enclave, and in the case of sharing, it's
something related to the users public key being added and removed after use.
This, I'm not sure about...

~~~
schikin
I don't really think Secure Enclave is really increasing your security here.
Your private key is always kept encrypted: \- For OpenSSH - with their
16-rounds custom bcrypto \- For OpenSSL/PCKS - with AES-256/PBDKF2 That
renders your key virtually unbreakable as long as you use a reasonable
password

On top of that, you can only upload public - this is also secure as long you
use proper crypto (RSA or Ed25519)

------
tastroder
I realize that it's likely copy & pasted from somewhere but if you want people
to upload potentially security relevant content I'd really like to see a
rewrite of that "Your Content" section in the terms of service. It doesn't
even mention the type of user generated content (keys) your system handles.

The landing page could be a bit clearer on what it is you're actually getting
pre-signup (throw a few screenshots or a link to your API docs in there).
"Does what it says on the tin" kind of doesn't help if the tin doesn't say
anything.

