Convert GPG key to ssh key

Salih Kardan kardan38 at gmail.com
Mon Dec 8 19:21:20 CET 2014 

Hi Daniel and Werner,

Thanks for the quick repsonse and more inline...


> Is they key you're looking to convert an RSA key or a DSA key?
> The above suggests that it is not. (see the list of publickey algorithms
> for OpenPGP [0]).
>

I am trying to convert RSA key and I am just avoiding use an external tool
such as monkeysphere while converting keys.


> Are you trying to convert a specific subkey?  are you identifying the
> subkey explicitly?
>

I will use subkey for ssh authentication and while using *`gpgkey2ssh
$key_id` *command I am giving subkey id explicitly. What I could not
understand is why the above command works inconsistently. It works on one
of my setups but does not on another.


No need to convert a key if you are using gnupg 2.1.  Run
>
>   gpg -K --with-keygrip USERID
>
> and pick the keygrip from the output.  For example:
>
>   sec#  rsa2048/E455F2D7CC9C6BBC 2009-11-05
>         Keygrip = B0C352EC5B3336681535ED3CC2FA62807B64B2CF
>   uid               [ unknown] Enoch Root (test) <enoch at example.org>
>   ssb   rsa2048/591B5112D5A9C5A6 2009-11-05
>         Keygrip = 84722EE009690AA87BAF80A62EB0186CFCF72E64
>   ssb#  rsa2048/D367147F5CB0CDF0 2009-11-05
>         Keygrip = 79DA43AD276B52EABFF0661153276A8E5A5F8DB9
>
> To use the second subkey with ssh, you then do:
>
>   echo >>~/.gnupg/sshcontrol 79DA43AD276B52EABFF0661153276A8E5A5F8DB9  0
>
> (note the "0" after the keygrip)


Yeah I know that feature in 2.1.0 version, but why I am insisting on using
*`gpgkey2ssh` *command is I am going to automate this process and
since *`ssh-add
-L` *strictly requires an running agent and it does not extract public part
of key pair compatible with authorized_key file unless agent is running.
(as mentioned in this tutorial
<http://budts.be/weblog/2012/08/ssh-authentication-with-your-pgp-key> and
discussions in mailing list
<http://lists.gnupg.org/pipermail/gnupg-users/2012-July/thread.html#45059>
-thanks
to Werner Koch- using sshcontrol file during ssh authentication requires
using ssh-add command)

What I am really looking for is there a workaround to use
*`gpgkey2ssh` *command
without getting the error given in first mail?

Regards..
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20141208/bc79e7a9/attachment.html>

More information about the Gnupg-users mailing list