using gpg with private keys from openssl certificates?
Morton D. Trace
classpath at arcor.de
Fri Dec 19 00:04:43 CET 2008
> I'm experimenting w/ using the "freemail" certificates from thawte & was just
> wondering if there is a way I can use them with gpg (openpgp, NOT S/MIME). I
> can figure out how to use openssl to extract the rsa public key / private
> key from the exported PKCS12 file, but I'm not sure how (or if) there was a
> way to import that to gpg. I'm also missing some big picture issues, e.g.:
Dear Mr. Arghman
it looks like an x.509 PKCS12 Public key Cryptography Standard file
can be used to sign your PGP key.
Can I sign my PGP key with a Thawte Freemail certificate?
Indeed you can. Although Thawte withdrew official and integrated support
for signing PGP keys some time ago, there are still ways to achieve this
(Thawte are looking into ways to reinstigate the process, but this may
be some time away). Note that this process will only work for RSA keys,
either legacy or 'new' RSA. 'New' RSA keys are only supported in the
very latest versions of PGP.
The steps you need to take are as follows (many thanks to Martin Bene
for this description, which I have amended slightly for clarity):
There are two conversion steps required:
1) Generate a certificate request from the existing key.
2) Get the certificate chain returned by Thawte into a format PGP
Generate Cert Request
Use PGP's built-in CA support to generate the certificate request
and a script on a webserver to mail it back to you. You can either use
the script I've put up on my server or use your own server, mailreq
[Contact me if you want a copy of this script -- Peter]
1. In PGPKeys got to Options/CA
2. Enter http://email@example.com as
the CA URL
3. Select "Net tools PKI Server"e; as the server type
4. To get your certificate, go to the Thawte certificate manager
5. Use "Paste-in CSR Certificate Enrollment" right at the bottom
6. Click through to the "Paste PKCS10 Certificate Here" page
7. Note the required common name, something like "dFA7F1w4vmxLxA93"
8. Copy this common name to the clipboard (don't close the browser!)
9. In PGPKeys, right-click your key and select 'Add/Certificate
10. Edit the "Full Name" field, and paste in the string you copied
from the Thawte site
11. Submit by clicking OK
12. You should now get an email containing your request
13. Back in the Web browser, paste the request into the text field
14. Submit the Certificate request.
Import the stuff you get back from thawte
Thawte will return the finished certificate both as a Netscape
Certificate chain and as a PKCS7 Certificate chain, neither of which PGP
understands. So, some conversion is required - the easiest way is to
split the PKCS7 chain into seperate certificates and output these in
ASCII format - just save into seperate .pem files and import into PGP
(using 'Key/Import' and selecting the .pem files).
To split the PKCS7 chaing, either use the attached splitchain.c script
[Contact me if you want a copy of this script -- Peter]
(requires Peter Gutmanns Cryptlib library) or use the web interface
You'll want to verify (trust) the Thawte Root Certificate you just
imported to your PGP Keyring - here are some ways to do that:
* Download the "Personal Freemail Root" cert from Thawte
directly, and compare Key Fingerprint/Key ID. To do this:
1. Go to https://www.thawte.com/cgi/lifecycle/roots.exe
2. Find the Root entitled "1.Thawte Personal Freemail CA,
1995.12.31 - 2020.12.31" (this should be the right one)
3. Download the root in text form, saving as a .pem file
4. Import the .pem file into PGP
* Export the Freemail Root certificate the Internet Explorer
Root CA database, on your computer, and compare Key ID/Fingerprint. To
1. Open Internet Explorer, and select 'Tools/Internet
2. In the 'Trusted Root Certificates section, marvel first
of all at how many organisations you trust completely (!), and then
select 'Thawte Personal Freemail CA'
3. Click 'Export...'
4. Either: export as a PKCS7 chain and then split it as
Or: export as Base-64 encoded X.509
5. Import the resulting file into PGP
Whichever you choose, you should finish by updating signatures from
your favourite PGP Keyserver, and check those.
Some final thoughts on the security of this process, especially with
regard to using scripts on an untrusted server (i.e. my scripts): none
of the steps involved send any Private Key data over the Internet, so
your Private Key can not be compromised.
Consequence of a hostile script in step 1 (mailing the certificate
request back to you): the certificate request is self-signed, a modified
request would therefore no longer be valid. A completely new request
(different Private Key) would not match your key on import. The script
could get your public key, but as the name implies... I don't see any
really bad possibilities here.
Consequence of a hostile script in step 2 (splitting the returned
Certificate chain): more room for fun here. I could return a completely
bogus certificate with equaly bogus Thawte Root certificates, thereby
getting you to trust my "fake Thawte" certificates.
So, it's absolutely VITAL that you check the validity of the root
cert before trusting it! Once the root cert is OK, the rest of the chain
including your personal cert can be trivially checked.
Since putting the above description in this FAQ, I have received some
further advice from Steve Davies. Note that I have not yet verified any
of the details here, but it seems to be a slightly simpler approach:
Some additional notes for you that might help make it easier in future:
a) Setting up PGP to generate a cert request.
You must have chosen a root certificate in the PGP Options/CA dialog
before you can request a certificate. I suggest using the export Thawte
root CA from IE, import into PGP path. Note to user that the file must
be named *.pem for PGP to install it.
b) For generating the cert request.
You do not need the step 1) webserver->email process to collect the
certificate request. There is a radio button on PGP's CSR generation
page that says "PKCS-10"; This copies the request straight to your
clipboard, ready to be pasted into Thawte's web-page.
c) Using the certificate splitter
Additional advice for using the on-line certificate splitter. Only
copy the final certificate from the resultant web-page, and not any of
the signing certificates. This is one less thing that can be faked;
Instead, import an already generated Thawte Freemail cert from IE into
PGP, with the full private key and certificate chain attached, and
delete that provate key from PGP straight away, leaving just a (trusted)
copy of the certificate chain in PGP.
d) The poor man's (easy) solution
Simply generate a key for IE, export it to PGP, and use that as your
PGP key (1024-bit RSA legacy only though)
PGP/GPG Public Key [4096/4096 RSA]
Contact The Minstrel
I haven't tried splitchain.c but it is easy to do base64 encoding with
openssl. I think thawte did previously offer OpenPGP certificates, but
x.509 is better suited for websites and OpenPGP is better for emails.
thawte certificates can be used with cacert certificates. But not all
applications and operating systems support it,
but they are equal x.509 conformant.
signing and importing a key to your keyring is not equal,
here is thawte maybe you can ask them directly?
if you google for openpgp thawte.com
you will find
which does this
Bridging the OpenPGP, Thawte and CA Cert webs of trust.
Sometimes in one single email you can S & E with x.509
and even overload this
sign & encryption with an additional openpgp S & E
If both secret keys were equal I would guess that
the result could be plaintext,
that x oring a message twice with the "same" key renders plaintext.
hence I feel safe when I know that my RSA key from x.509
is created totally different than the
You will need both ways to encode.
In future we will have more voip and that is still unencrypted,
but will be encrypted, just like skype GSM, SRTP ZRTP
are different protocols which no one wants to use on a webserver.
If you send html mail s/mine x.509 is better,
Since I mostly send ascii or unicode email
openpgp is better suited for me.
It can encrypt large files and does the trick very well
for verifying the integrity of fedora rpms.
here is what you will need.
More information about the Gnupg-users