Sign some data using ssh_agent's first key. Doesn't work. Angels weep.

bad_ssh_agent_signer.py

#!/usr/bin/python

# Doesnt work ... the can_verify result is probably the hint why not.

# based loosely on http://blog.oddbit.com/2011/05/09/signing-data-with-ssh-agent/

# Script to generate a cryptographic signature over a bit of data

# The signing is done by the current ssh-agent, using the first key stored
# in that agent.  Usually that is the current user.

import sys
import struct
import re
import binascii
import hashlib
import paramiko.agent

data = "Let's sign this text!"
# data = sys.argv[1]
print "Input:", data
data_sha1 = hashlib.sha1(data).digest()
a = paramiko.agent.Agent()
keys = a.get_keys()
print "ssh-agent has these keys:", keys
key = keys[0]
print "So let's use this one:", repr(key)
finger_print = ':'.join(re.findall('..', binascii.b2a_hex(key.get_fingerprint())))
print "Fingerprint:", key.get_name(), finger_print
print "Is it able to sign?:", key.can_sign()
d = key.sign_ssh_data(None, data_sha1)
parts = []
while d:
    len = struct.unpack('>I', d[:4])[0]
    bits = d[4:len+4]
    parts.append(bits)
    d = d[len+4:]
sig = parts[1]
print "Signature: ", binascii.b2a_base64(sig)[0:23]
print "Does it verify?:", key.verify_ssh_sig(data_sha1, d)

# Doesnt' verify, and it generates a different signature each time.