Exporting SSH keys from OpenPGP Authentication keys programatically (gpgme)

Wiktor Kwapisiewicz wiktor at metacode.biz
Sun Dec 30 20:29:06 CET 2018

Hi Werner, Dirk,

>> This is not supported.  Do you think this could be a common use case?

I don't know if this is "common" enough but I'm planning to write an integration
that would automatically add user's keys (OpenPGP, SSH) to GitLab when a new
e-mail is added through Web Key Directory [0]. As far as I've seen they use
GpgME for key management so if it was possible I'd like to keep the same style.

[0]: https://gitlab.com/gitlab-org/gitlab-ce/issues/48751

> Excuse my dumb question, but, what would be the benefit of this?
> AFAIK, there is no way of using X.509 Certs from GPGsm for SSH,
> especially when the private KEys are on an OpenPGP-Card.

This is not about using X.509 but OpenPGP Authentication subkeys. GPG Agent acts
as SSH Agent. Check this out, for example (no affiliation, just first hit on a
search engine for "gpg ssh"):


(Yes, I know SSH can use X.509 certs but this isn't it).

Kind regards,


More information about the Gnupg-devel mailing list