Conversion between X509 certificates and gpg keys

Johan Wevers
Fri Feb 23 08:59:03 2001

Florian Weimer wrote:

>> I'm asking because I would like to know if gpg keys can be uniquely
>> converted to them and vice versa.

> Yes, that's possible. However, due to the nature of this process,
> signatures on key material are not preserved which makes such
> conversions pretty meaningless.
Not necessarily. If a conversion program can also show if a X509 cert and a gpg key have the same data the person who signed the original gpg key can be rather certain he can safely sign the X509 in the knowledge that it belongs to the same person than the gpg key. It would IMO be an easy way to export an existing web of thrust to your certificate, thus avoiding the need of not-so-much trusted third parties. -- ir. J.C.A. Wevers // Physics and science fiction site: // PGP/GPG public keys at