Convert GPG key to ssh key
Salih Kardan
kardan38 at gmail.com
Mon Dec 8 19:21:20 CET 2014
Hi Daniel and Werner,
Thanks for the quick repsonse and more inline...
> Is they key you're looking to convert an RSA key or a DSA key?
> The above suggests that it is not. (see the list of publickey algorithms
> for OpenPGP [0]).
>
I am trying to convert RSA key and I am just avoiding use an external tool
such as monkeysphere while converting keys.
> Are you trying to convert a specific subkey? are you identifying the
> subkey explicitly?
>
I will use subkey for ssh authentication and while using *`gpgkey2ssh
$key_id` *command I am giving subkey id explicitly. What I could not
understand is why the above command works inconsistently. It works on one
of my setups but does not on another.
No need to convert a key if you are using gnupg 2.1. Run
>
> gpg -K --with-keygrip USERID
>
> and pick the keygrip from the output. For example:
>
> sec# rsa2048/E455F2D7CC9C6BBC 2009-11-05
> Keygrip = B0C352EC5B3336681535ED3CC2FA62807B64B2CF
> uid [ unknown] Enoch Root (test) <enoch at example.org>
> ssb rsa2048/591B5112D5A9C5A6 2009-11-05
> Keygrip = 84722EE009690AA87BAF80A62EB0186CFCF72E64
> ssb# rsa2048/D367147F5CB0CDF0 2009-11-05
> Keygrip = 79DA43AD276B52EABFF0661153276A8E5A5F8DB9
>
> To use the second subkey with ssh, you then do:
>
> echo >>~/.gnupg/sshcontrol 79DA43AD276B52EABFF0661153276A8E5A5F8DB9 0
>
> (note the "0" after the keygrip)
Yeah I know that feature in 2.1.0 version, but why I am insisting on using
*`gpgkey2ssh` *command is I am going to automate this process and
since *`ssh-add
-L` *strictly requires an running agent and it does not extract public part
of key pair compatible with authorized_key file unless agent is running.
(as mentioned in this tutorial
<http://budts.be/weblog/2012/08/ssh-authentication-with-your-pgp-key> and
discussions in mailing list
<http://lists.gnupg.org/pipermail/gnupg-users/2012-July/thread.html#45059>
-thanks
to Werner Koch- using sshcontrol file during ssh authentication requires
using ssh-add command)
What I am really looking for is there a workaround to use
*`gpgkey2ssh` *command
without getting the error given in first mail?
Regards..
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20141208/bc79e7a9/attachment.html>
More information about the Gnupg-users
mailing list