"credulous save" could be a bit less naïve about what your public key is called

[ajc]

% credulous save
saving credentials for blahblahblah@some-account
ERROR: open /Users/blahblabblah/.ssh/id_rsa.pub: no such file or directory

Well, no. I don't have any keys with that filename, but my .ssh/config file has:

Host *
  IdentityFile ~/.ssh/id_rsa_abc
  IdentityFile ~/.ssh/id_rsa_xyz

...one of which has a matching .pub on disk.

I figure this is pretty low priority in the scheme of things, but it's an example of an "I just downloaded it and tried to run it and it didn't work as expected" issue.

Cheers!

[mbailey]

We'll probably make this a config variable at a later date.
Credulous could prompt you to choose one if it can't find one and store it as a config variable.

[nonspecialist]

We also need to support encrypting with more than one pubkey; given that each privkey also contains the pubkey, this might get out of hand if we just "encrypt with everything available", so we'll have to come up with some nice way of choosing which keys we encrypt with.

[delfick]

You can search for all the available fingerprints inside ~/.ssh with something like:

for file in ~/.ssh that isn't config, authorized_keys, authorized_keys2 or known_hosts:
    try get fingerprint from file
    if file is a password protected private key
        get fingerprint from file.pub
        if no file.pub, ask for password
    if can't get fingerprint, assume not an ssh key

As for deciding what keys to encrypt with, you could have a file alongside the credentials containing public key pem data and urls, that is populated via credulous prompting you if the file doesn't already exist or via credulous command for controlling keys.

Where the urls are assumed to point at a page with newline seperated list of public key pem data (i.e. github user keys)