Is it possible to construct a GPG Certificate from an existing RSA key pair

Werner Koch wk at
Sun Oct 7 14:29:11 CEST 2012

On Sat,  6 Oct 2012 15:53, melvincarvalho at said:
> Is it possible to construct a GPG 'Certificate' from an existing RSA key
> pair?

If you want to add it as a subkey, that is easy with GnuPG 2.1 (beta).
You first import your private key using

  gpgsm --import foo.p12

you will be asked for the transport passphrase and then for the new
passphrase.  Then do a key listing

  gpgsm --with-keygrip -K 

and figure out the right key.  You may use a user id etc on the command
line to restrict the listing to that key.  One of the lines shown is the
/keygrip/ - copy its value.  

Now run 

  gpg2 --expert --edit YOURGPGKEY

The use "addkey":

  Please select what kind of key you want:
     (3) DSA (sign only)
     (4) RSA (sign only)
     (5) Elgamal (encrypt only)
     (6) RSA (encrypt only)
     (7) DSA (set your own capabilities)
     (8) RSA (set your own capabilities)
    (10) ECDSA (sign only)
    (11) ECDSA (set your own capabilities)
    (12) ECDH (encrypt only)
    (13) Existing key
Now enter "13" and paste the keygrip you saved above.  The new subkey
will be created using the private key you imported into gpgsm.  Note
that there are no checks for the key type; thus make sure the key
matches the capabilities you want for your subkey.  The next prompt
allows you to set this capabilities.

Take care, that is an expert option for a reason.



Die Gedanken sind frei.  Ausnahmen regelt ein Bundesgesetz.

More information about the Gnupg-users mailing list