Is there such a thing as a signed SSH keypair?
In the time since you asked your question, the universe has changed.
Openssh5.4 added support for exactly the kind of certificates you were after. See the release notes at http://www.openssh.org/txt/release-5.4 (and the man pages) for more information, or if you really want to be insane, look at PROTOCOL.certkeys for the gory details
My first impression when reading your question is that the IT person got SSH and SSL mixed up (it must be signed by us) and also doesn't understand how SSL signing really works.
Anyway there is no way an SSH key can be signed (that I know of).
Something is not right in this request.
If it is delivering signed files to the server,
I would expect this to be done at the bare minimum.
- You create a key-pair for yourself (call this my-key)
- When you want to send something,
- you first encrypt it with
my-key-private - then uploaded to the server this encrypted file
- Someone at the server has to reverse the process like this,
- they use your
my-key-pubto decrypt the file - if you have sent the file, the decrypt will recover it
- else, they will not get any usable file
- effectively, you have signed the file with your private key
- they have verified the signature with your public key
- the accountability is effected by them confirming you have sent the file
There are other ways to go about doing such things,
However, getting a key-pair generated by someone else is useless as a authentication scheme.
It has a strong implication that you trust them as much as you trust yourself.
These are the opening questions you can ask your IT.
If accountability is a concern for the IT,
- How do they make sure you do not share/loose the key-pair given to you by them? and,
- How is this key-pair-from-IT concept any different from a password given to you by the IT.
Why bother with key-pairs at all in that case.
- How is this key-pair-from-IT concept any different from a password given to you by the IT.