@zangetsu_MG Yeah, I was wondering why the intermediate key file was used in the examples I was lookjing at. I could see that it _was_ done but nobody was really explaining _why_ (i.e. why must the data be smaller than the key?) If you have a minute and wouldn't mind doing a quick explanation I'd be most grateful.
@zangetsu_MG seems like an easy (and therefore dangerous) thing to misunderstand
@equal Asymmetrically encrypted data must be no larger than the key size for math reasons I don't fully understand. 😅
I have a reasonably good understanding of how to use it, but a not so good understanding about the math behind it.
This is a good place to start reading: https://en.wikipedia.org/wiki/Hybrid_cryptosystem
And this is a good place to ask questions: https://crypto.stackexchange.com/
@equal This is pedantry, but its still cool you did it.
SSH keys are a type of asymmetric key, and they can only be used to encrypt or sign data that is no larger than the key size. This works if the files are smaller than 4096 bits. Larger files must use a different process. A random symmetric key is generated to encrypt and decrypt the file. Then the symmetric key is encrypted or decrypted using the SSH asymmetric keys.
Something similar works with X.509 certificates too because they are also key pairs.