Support `sk-ssh` keys

[TornaxO7]

Environment

• OS: NixOS
• age version: 1.1.1

What were you trying to do

Encrypt a string:

 echo "test" | age -e -r "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKYt8yowEzE4esfqvtHUz3xssgpe2IOGpsN/Vo5PtRD1AAAABHNzaDo= tornax@pc" | x

What happened

age: error: unknown recipient type: "sk-ssh-ed25519@openssh.com AAAAGnNrLXNzaC1lZDI1NTE5QG9wZW5zc2guY29tAAAAIKYt8yowEzE4esfqvtHUz3xssgpe2IOGpsN/Vo5PtRD1AAAABHNzaDo= tornax@pc"
age: report unexpected or unhelpful errors at https://filippo.io/age/report

[str4d]

Unfortunately these SSH key types cannot work with age. I elaborated on this the first time I saw a user encounter this error in 2021 (https://github.com/str4d/rage/issues/272#issuecomment-970193691). At the time, I added an error message to rage for unsupported key types. Now that I've seen a second user encounter this problem (and now that there is a stable plugin to recommend), I'm going to add the following more specific error message in rage 0.10.0:

Error: Unsupported SSH key: 

Unsupported SSH Hardware Security Key
-------------------------------------
OpenSSH supports hardware security keys (such as YubiKeys). However, it
does so with a protocol that only allows for authentication, not encryption.
These key types therefore cannot be used with rage. This SSH key uses the
incompatible key type 'sk-ssh-ed25519@openssh.com'.

If you have a compatible hardware security key, you should use this plugin:

https://str4d.xyz/age-plugin-yubikey

It implements a different protocol that doesn't conflict with OpenSSH. You
can have both types on the same device for a single signing-and-decryption
hardware security key (that will have a separate verification public key and
encryption recipient).

[TornaxO7]

thank you for the information