Using OpenPGP keyserver (or WoT) to distribute SSH Key

Werner Koch wk at gnupg.org
Thu Jun 5 19:36:21 CEST 2014 

On Thu,  5 Jun 2014 06:58, gniibe at fsij.org said:

> Your private key is now under $HOME/.gnupg/private-keys-v1.d
> directory.
[...]
> Now, your OpenPGP keyring has your key with authentication subkey.
> You can upload your public key with authentication subkey attached to
> keyserver.  Then, when your friend wants to give SSH access to you

FWIW, with GnuPG 2.1 there is an easy way to achieve the same:

    $ gpg --edit-key B702BE6D
    [...]
    pub  ed25519/B702BE6D
         created: 2014-06-05  expires: never       usage: SCA 
         trust: ultimate      validity: unknown
    [ unknown] (1). reset the net test 2
    Please note that the shown key validity is not necessarily correct
    unless you restart the program.
  
Well, that is my test installation thus the Ed25519 key.
  
    gpg> addkey
    Please select what kind of key you want:
       (3) DSA (sign only)
       (4) RSA (sign only)
       (5) Elgamal (encrypt only)
       (6) RSA (encrypt only)
       (7) DSA (set your own capabilities)
       (8) RSA (set your own capabilities)
      (10) ECC (sign only)
      (11) ECC (set your own capabilities)
      (12) ECC (encrypt only)
      (13) Existing key
    Your selection? 13

The 13 is the important thing.

    Enter the keygrip: 3D6592BF45DC73BD876714A28FD4639282E212E2

The keygrip is easily available by looking at ~/.gnupg/sshcontrol .

    Possible actions for a DSA key: Sign Authenticate 
    Current allowed actions: Sign 
    
       (S) Toggle the sign capability
       (A) Toggle the authenticate capability
       (Q) Finished
    
    Your selection? a

Sure we want to flag it for authentication.
    
    Possible actions for a DSA key: Sign Authenticate 
    Current allowed actions: Sign Authenticate 
    
       (S) Toggle the sign capability
       (A) Toggle the authenticate capability
       (Q) Finished
    
    Your selection? q
    Please specify how long the key should be valid.
             0 = key does not expire
          <n>  = key expires in n days
          <n>w = key expires in n weeks
          <n>m = key expires in n months
          <n>y = key expires in n years
    Key is valid for? (0) 
    Key does not expire at all
    Is this correct? (y/N) y
    Really create? (y/N) y
    gpg: WARNING: using experimental public key algorithm EDDSA

The warning is due to the primary key.

    pub  ed25519/B702BE6D
         created: 2014-06-05  expires: never       usage: SCA 
         trust: ultimate      validity: unknown
    sub  dsa1024/1C1F0160
         created: 2014-06-05  expires: never       usage: SA  
    [ unknown] (1). reset the net test 2
    
    gpg> save
    
Voila, here we are.


Shalom-Salam,

   Werner

-- 
Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-devel mailing list