Fw: How to generate CSR from an existing GnuPG key?

Sheng Li WL Liu bjliusl at cn.ibm.com
Tue Sep 8 11:31:58 CEST 2015

Sorry for misunderstanding the key-id in point a).
I use "gpg --list-key --keyid-format 0xshort" to get a new key id and then
run this command:
"gpgsm -o  secret-gpg-key.p12 --export-secret-key-p12 0xE2AE18C9", but got
this error:
"gpgsm: can't export key `0xE2AE18C9': No secret key"
Still can not work.

Best regards,
Shengli (Syrena) Liu  刘晟丽
IBM China Systems & Technology Labs (CSTL)
E-mail: bjliusl at cn.ibm.com    Tel: 86-10-82454096
----- Forwarded by Sheng Li WL Liu/China/IBM on 09/08/2015 05:23 PM -----

From:	Sheng Li WL Liu/China/IBM
To:	gnupg-users at gnupg.org
Date:	09/08/2015 04:00 PM
Subject:	How to generate CSR from an existing GnuPG key?

For some reason, I have to create CSR from an existing GnuPG key and then
use an existing self-signed-certificate generated by openssl to sign it.

I've done some research and find out there's seems to be two ways to do
this work:
a) export secret GPG key in PCSC12 format with gpgsm and the use "openssl
pkcs12" to extract key and certificate, and then generate CSR with openssl
and do the follow-up things.
b) directly generate CSR with gpgsm and then do the following-up things.

For a), when I using "gpgsm -o  secret-gpg-key.p12 --export-secret-key-p12
it turns out the key-id is not my gpg key's id, it's the ID of certificates
(I use "gpgsm -K" to show them),
so this way can not work.
For b), when I using "gpgsm --gen-key" to create CSR, I choose "(2)
Existing key",
and then input a 40 hex digits as the keygrip and then it shows:
No key with this keygrip

I searched a lot but still make a way out of this.
I use "gpg --gen-key" to generate the existing GnuPG key pair.
I use "gpg --fingerprint" to get the keygrip.
Could you help me with this problem?
Thanks for reading and I'm looking forward to your kind reply.

Best regards,
Shengli (Syrena) Liu  刘晟丽
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20150908/739afd6f/attachment.html>

More information about the Gnupg-users mailing list