Don’t those run afoul of the linked white paper (under “dangerous” in the 2nd paragraph), which talks about the attack paths made available if an RSA key is used for signing and encryption?

While the tools themselves might not use the same key for both operations, I think the question was asking about whether it is problematic that a user’s SSH keys, used in SSH for signing, are also used by these tools for encrypting. In other words, the concern being the same key is used for two different operations, even if not in the same tool.

As I commented in https://news.ycombinator.com/item?id=19953623, I’d love to see another blog post walking folks through why/how the “dangerous” RSA keys are in fact useable for both operations because the textbook RSA concerns aren’t a concern because of X, Y, and Z.

The point of the tool isn't to use SSH keys; that's just a nice feature of it. The normal usage for the tool doesn't involve SSH keys at all.

I don’t know if that’s really the case, given https://docs.google.com/document/d/11yHom20CrsuX8KQJXBBw04s8...

> Goals

> * The option to encrypt to SSH keys, with built-in GitHub .keys support

And lower on the page, it shows the use of built-in command-line syntax for “github:$recipientname”.

It definitely works for keys that aren’t used for SSH, but support for SSH keys seems to be a large part of the rational for the ed25519 support (otherwise it would just be a tool that operated on X25519 keys directly).

That's true, I'm just saying, the rationale for the existence of the tool isn't "build something that encrypts with SSH keys", but rather, "build a modern replacement for PGP file encryption".