Feature Request: Confirm constraint

[mhofman]

It would be great to support the confirm mechanism that exists in the SSH agent protocol.

Currently when loading a key through ssh-add with the -c option, the key will actually be used silently without any prompt.

I looked through the golang crypto source code, and it looks like the agent server parses the constraint and sets a ConfirmBeforeUse flag on the key, but the keyring.add method simply ignores it.

From a UI persepective, I'd want the options page to set the constraint when adding a key and / or when loading it. For the prompt, the extension could show a notification (with require interaction set), to ask to either confirm or deny.

[ralimi]

I can understand the use case here, and the desire for this to be a fully-functioning SSH agent. However, Go's current implementation doesn't really appear to be more suitable for the more generic use cases, so doing this would be a much larger undertaking.

As another example, https://github.com/google/chrome-ssh-agent/issues/25 is a problem facing keys added directly from a connected ssh client.

Keeping this open in case something comes to mind here.