Exporting SSH keys from OpenPGP Authentication keys programatically (gpgme)
Wiktor Kwapisiewicz
wiktor at metacode.biz
Sun Dec 30 20:29:06 CET 2018
Hi Werner, Dirk,
>> This is not supported. Do you think this could be a common use case?
I don't know if this is "common" enough but I'm planning to write an integration
that would automatically add user's keys (OpenPGP, SSH) to GitLab when a new
e-mail is added through Web Key Directory [0]. As far as I've seen they use
GpgME for key management so if it was possible I'd like to keep the same style.
[0]: https://gitlab.com/gitlab-org/gitlab-ce/issues/48751
> Excuse my dumb question, but, what would be the benefit of this?
>
> AFAIK, there is no way of using X.509 Certs from GPGsm for SSH,
> especially when the private KEys are on an OpenPGP-Card.
This is not about using X.509 but OpenPGP Authentication subkeys. GPG Agent acts
as SSH Agent. Check this out, for example (no affiliation, just first hit on a
search engine for "gpg ssh"):
https://www.esev.com/blog/post/2015-01-pgp-ssh-key-on-yubikey-neo/
(Yes, I know SSH can use X.509 certs but this isn't it).
Kind regards,
Wiktor
--
https://metacode.biz/@wiktor
More information about the Gnupg-devel
mailing list