Import/export of GnuPG keys w/ OpenSSL

Werner Koch wk at
Fri Feb 11 09:54:41 CET 2005

On Thu, 10 Feb 2005 15:03:53 -0600, Michael Halcrow said:

> I am hoping that there is a utility out there that will take the .gpg
> key blocks and convert them into a set of RSA key blocks, each of
> which is importable with OpenSSL functions like

You need to read the keyring and store the parameters into the secret
key structure.  Then use code like

  kparms[0] = sk.n;
  kparms[1] = sk.e;
  kparms[2] = sk.d;
  kparms[3] = sk.q;
  kparms[4] = sk.p;
  kparms[5] = gcry_mpi_snew (0);  /* compute d mod (p-1) */
  gcry_mpi_sub_ui (kparms[5], kparms[3], 1);
  gcry_mpi_mod (kparms[5], sk.d, kparms[5]);   
  kparms[6] = gcry_mpi_snew (0);  /* compute d mod (q-1) */
  gcry_mpi_sub_ui (kparms[6], kparms[4], 1);
  gcry_mpi_mod (kparms[6], sk.d, kparms[6]);   
  kparms[7] = sk.u;
  kparms[8] = NULL;

to convert the representation to the OpenSSL one.  The snippet above
is for converting to a pkcs#12 thing which is IIRC the same as the one
used by OpenSSL.  You find in memory parsing code in
gnupg-1.9/kbx/keybox-openpgp.c - however it does not yet handle secret
keys.  The full parsing code is in g10/parse-packet.c .



More information about the Gnupg-devel mailing list