Robert Haas <robertmhaas@gmail.com> writes:
> Of course, if there's some sort of commonly-used library out there for
> this sort of thing where we can just link against it and call whatever
> APIs it exposes, that might be a better alternative, or something to
> support in addition, but I don't really know whether there's any
> standardization in this area.
I was wondering if we could make use of ssh-agent. But it seems to want
to hold the private key itself, so that you have to communicate with it
every time you need an operation done with the key. I'm not sure what the
performance of that is like, and I am sure that the code would look a
whole lot different from the path where we hold the key locally. It might
be workable if OpenSSL already incorporates library routines for talking
to ssh-agent, but I haven't looked.
regards, tom lane