Convert GPG key to ssh key

Salih Kardan kardan38 at
Mon Dec 8 19:21:20 CET 2014

Hi Daniel and Werner,

Thanks for the quick repsonse and more inline...

> Is they key you're looking to convert an RSA key or a DSA key?
> The above suggests that it is not. (see the list of publickey algorithms
> for OpenPGP [0]).

I am trying to convert RSA key and I am just avoiding use an external tool
such as monkeysphere while converting keys.

> Are you trying to convert a specific subkey?  are you identifying the
> subkey explicitly?

I will use subkey for ssh authentication and while using *`gpgkey2ssh
$key_id` *command I am giving subkey id explicitly. What I could not
understand is why the above command works inconsistently. It works on one
of my setups but does not on another.

No need to convert a key if you are using gnupg 2.1.  Run
>   gpg -K --with-keygrip USERID
> and pick the keygrip from the output.  For example:
>   sec#  rsa2048/E455F2D7CC9C6BBC 2009-11-05
>         Keygrip = B0C352EC5B3336681535ED3CC2FA62807B64B2CF
>   uid               [ unknown] Enoch Root (test) <enoch at>
>   ssb   rsa2048/591B5112D5A9C5A6 2009-11-05
>         Keygrip = 84722EE009690AA87BAF80A62EB0186CFCF72E64
>   ssb#  rsa2048/D367147F5CB0CDF0 2009-11-05
>         Keygrip = 79DA43AD276B52EABFF0661153276A8E5A5F8DB9
> To use the second subkey with ssh, you then do:
>   echo >>~/.gnupg/sshcontrol 79DA43AD276B52EABFF0661153276A8E5A5F8DB9  0
> (note the "0" after the keygrip)

Yeah I know that feature in 2.1.0 version, but why I am insisting on using
*`gpgkey2ssh` *command is I am going to automate this process and
since *`ssh-add
-L` *strictly requires an running agent and it does not extract public part
of key pair compatible with authorized_key file unless agent is running.
(as mentioned in this tutorial
<> and
discussions in mailing list
to Werner Koch- using sshcontrol file during ssh authentication requires
using ssh-add command)

What I am really looking for is there a workaround to use
*`gpgkey2ssh` *command
without getting the error given in first mail?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20141208/bc79e7a9/attachment.html>

More information about the Gnupg-users mailing list