Private key export for SSH
John Lane
gnupg at jelmail.com
Tue Oct 11 23:58:17 CEST 2016
>>
>> I think I vaguely remember Monkeysphere supporting it.
>
> fwiw, monkeysphere doesn't explicitly support exporting OpenPGP secret
> key material to arbitrary formats.
>
Ok, I have done it using "openpgp2ssh" from monkeysphere (I just
installed 0.39 just to get that tool).
The key has to be extracted and its password removed before it can be
used with openpgp2ssh, hence my use of a temporary homedir in the below.
Here is what I have done:
First the public key:
$ ssh-add -L > alice.key.pub
or
$ gpg --export alice | openpgp2ssh DD53AC86 > alice.key.pub
where DD53AC86 is the id of the autentication subkey.
Next the secret key:
$ gpg --export-secret-key alice > alice.gpg
$ mkdir -m 700 .gnupg-temp
$ gpg --homedir .gnupg-temp --import alice.gpg
$ gpg --homedir .gnupg-temp --passwd alice
(remove the passwords)
$ gpg --homedir .gnupg-temp --export-secret-key alice | \
openpgp2ssh DD53AC86 > alice.key
$ chmod 600 alice.key
With the above, I successfully connect to a remote (after putting
alice.key.pub in its authorized_keys file):
$ ssh -i alice.key some_host
However, I note that the the agent complains with:
> sign_and_send_pubkey: signing failed: agent refused operation
so I unset the SSH_AUTH_SOCK after which the ssh command worked. I might
have done something else wrong because I would not expect to have to do
that.
More information about the Gnupg-users
mailing list