Private key export for SSH

John Lane gnupg at
Tue Oct 11 23:58:17 CEST 2016

>> I think I vaguely remember Monkeysphere supporting it.
> fwiw, monkeysphere doesn't explicitly support exporting OpenPGP secret
> key material to arbitrary formats.

Ok, I have done it using "openpgp2ssh" from monkeysphere (I just
installed 0.39 just to get that tool).

The key has to be extracted and its password removed before it can be
used with openpgp2ssh, hence my use of a temporary homedir in the below.

Here is what I have done:

First the public key:

$ ssh-add -L >


$ gpg --export alice | openpgp2ssh DD53AC86 >

where DD53AC86 is the id of the autentication subkey.

Next the secret key:

$ gpg --export-secret-key alice > alice.gpg
$ mkdir -m 700 .gnupg-temp
$ gpg --homedir .gnupg-temp --import alice.gpg
$ gpg --homedir .gnupg-temp --passwd alice
  (remove the passwords)
$ gpg --homedir .gnupg-temp --export-secret-key alice | \
  openpgp2ssh DD53AC86 > alice.key
$ chmod 600 alice.key

With the above, I successfully connect to a remote (after putting in its authorized_keys file):

$ ssh -i alice.key some_host

However, I note that the the agent complains with:

> sign_and_send_pubkey: signing failed: agent refused operation

so I unset the SSH_AUTH_SOCK after which the ssh command worked. I might
have done something else wrong because I would not expect to have to do

More information about the Gnupg-users mailing list