Convert keys between GnuPG, OpenSsh and OpenSSL

« Le plus court chemin... en avion - Convertir un fichier binaire en structure C en une »

Convert keys between GnuPG, OpenSsh and OpenSSL

Par Jérôme Pouiller le mercredi, mars 24 2010, 16:47 - Technique - Lien permanent

OpenSSH to OpenSSL

OpenSSH private keys are directly understable by OpenSSL. You can test for example:

openssl rsa -in ~/.ssh/id_rsa -text
openssl dsa -in ~/.ssh/id_dsa -text

So, you can directly use it to create a certification request:

openssl req -new -key ~/.ssh/id_dsa -out myid.csr

You can also use your ssh key to create a sef-signed certificate:

openssl x509 -req -days 3650 -in myid.csr -signkey ~/.ssh/id_rsa -out myid.crt

Notice I have not found how to manipulate ssh public key with OpenSSL

OpenSSL to OpenSSH

Private keys format is same between OpenSSL and OpenSSH. So you just a have to rename your OpenSSL key:

 cp myid.key id_rsa

In OpenSSL, there is no specific file for public key (public keys are generally embeded in certificates). However, you extract public key from private key file:

ssh-keygen -y -f  myid.key > id_rsa.pub

GnuPG to OpenSSH

The best way is to use openpgp2ssh tool distributed in with monkeyshpere project:

  gpg --export-options export-reset-subkey-passwd,export-minimal,no-export-attributes --export-secret-keys --no-armor 0x01234567! | openpgp2ssh 01234567 > id_rsa

Notice 0x01234567 must be a RSA key (or subkey).

You can now extract ssh public key using:

ssh-keygen -y -f id_rsa > id_rsa.pub

GnuPG to OpenSSL

We already saw all steps. Extract key as for ssh:

  gpg --export-options export-reset-subkey-passwd,export-minimal,no-export-attributes --export-secret-keys --no-armor 0x01234567! | openpgp2ssh 01234567 > myid.key

You can create a certification request:

openssl req -new -key myid.key -out myid.csr

You can create a sef-signed certificate:

openssl x509 -req -days 3650 -in myid.csr -signkey myid.key -out myid.crt

GnuPG S/MIME to OpenSSL

Gpgsm utility can exports keys and certificate in PCSC12:

 gpgsm -o  secret-gpg-key.p12 --export-secret-key-p12 0xXXXXXXXX

You have to extract Key and Certificates separatly:

openssl pkcs12 -in secret-gpg-key.p12 -nocerts -out gpg-key.pem
openssl pkcs12 -in secret-gpg-key.p12 -nokeys -out gpg-certs.pem

You can now use it in OpenSSL.

You can also do similar thing with GnuPG public keys. There will be only certificates output.

OpenSSL to GnuPG S/MIME

Invert process:

 openssl pkcs12 -export -in gpg-certs.pem -inkey gpg-key.pem -out gpg-key.p12
 gpgsm --import gpg-key.p12

GnuPG S/MIME to OpenSSH

Now, chain processes:

  gpgsm -o  secret-gpg-key.p12 --export-secret-key-p12 0xXXXXXXXX
  openssl pkcs12 -in secret-gpg-key.p12 -nocerts -out gpg-key.pem

We need to protect key, else ssh refuse it.

 chmod 600 gpg-key.pem
 cp gpg-key.pem ~/.ssh/id_rsa
 ssh-keygen -y -f gpg-key.pem > ~/.ssh/id_rsa.pub

OpenSSH to GnuPG S/MIME

First we need to create a certificate (self-signed) for our ssh key:

openssl req -new -x509 -key ~/.ssh/id_rsa -out ssh-cert.pem

We can now import it in GnuPG

openssl pkcs12 -export -in ssh-certs.pem -inkey ~/.ssh/id_rsa -out ssh-key.p12
gpgsm --import ssh-key.p12

Notice you cannot import/export DSA ssh keys to/from GnuPG

Commentaires

1. Le lundi, mars 5 2012, 04:46 par Alan Aversa

Is a private key needed to convert a public OpenSSH key to a public GnuPG key? Thanks

2. Le vendredi, avril 13 2012, 10:14 par Jérôme Pouiller

OpenSSL is the main tool to translate OpenSSH key to GnuPG and I hadn't found any way to manipulate public OpenSSH keys using OpenSSL.

3. Le jeudi, août 2 2012, 09:35 par dumbguy

gpgsm does not seem to be capable of exporting generated keys....

$ gpg2 ~~gen-key~~ export
.....
1024R/FFD0B47E 2012-08-02 ....

but then when you type
$ gpgsm -o secret-gpg-key.p12 --export-secret-key-p12 0xFFD0B47E
gpgsm: can't export key `0xFFD0B47E': No secret key

The secret key is there, and is exportable with gpg.

Anything I am missing here?

Merci beaucoup in advance....

4. Le jeudi, août 30 2012, 12:31 par kang

here's another one:

convert gpg-agent keys to ssh-keys

/usr/lib/gnupg/gpg-protect-tool --p12-export -P <passphrase> ~/.gnupg/private-keys-v1.d/foo >foo.p12

foo is the hash of the key (you can cat it to find out which key path it was imported from). prepend the above line by space to avoid login the passphrase in history.

then (as per this guide, in fact)

openssl pkcs12 -in foo.p12 -nocerts -out foo.pem
chmod 0600 foo.pem 
mv foo.pem ~/.ssh/id_rsa
ssh-keygen -y -f ~/.ssh/id_rsa > ~/.ssh/id_rsa.pub

note that with DSA or ECDSA keys, your mileage may vary.

5. Le mercredi, janvier 23 2013, 21:44 par poombah

The Monkeysphere project provides a tool called "openpgp2ssh".

http://web.monkeysphere.info/

6. Le mardi, août 20 2013, 00:14 par Alan Aversa

This works well for going from GnuPG to OpenSSH:

gpg --export <keyID> | openpgp2ssh <keyID>

7. Le dimanche, août 21 2016, 23:25 par Rachat credit

Interᥱsting blog! Iѕ yοur theme custom made οr dіd you download it from sоmewhere?
A design ⅼike yours with ɑ few simple tweeks ѡould reallʏ
make my blog stand out. Pleаѕe let me кnow աhere
you got youг theme. Thanks a ⅼot

8. Le vendredi, août 26 2016, 23:09 par banque internet

Woah! Ι'm rеally digging tɦe template/theme of tһis blog.
It's simple, yet effective. A ⅼot oof timeѕ it's hɑrd to get that "perfect balance" between supertb usability ɑnd visual appearance.

І mus ѕay tһɑt you'vе dοne a superb job witһ this.
In ɑddition, tһe boog loads vеry fast for me ߋn Internet
explorer. Exceptional Blog!

9. Le lundi, août 29 2016, 04:16 par visit

Way cool! Some very valid ρoints! I apopreciate you writing thiis
post pⅼus the rest off the website іѕ extremely gooɗ.

10. Le mardi, août 30 2016, 16:48 par link

Helⅼo,Neat post. Thᥱre's a рroblem along wіth yօur
website іn internet explorer, mɑy check tҺіѕ? IΕ stiⅼl is the marketplace leader аnd a huge sectiоn of folks will omit yоur excellent writing ɗue to this pгoblem.

11. Le samedi, septembre 10 2016, 12:47 par wayback downloader

Hey woud you minnd lettin me know աhich webhost yoս'гe uѕing?
I've loaded ʏouг blog in 3 completely different web browsers ɑnd
I must say thіs blog loads a lot quicker tҺen mߋѕt.
Ⅽan you sսggest a good internet hoxting provider at a honest рrice?

Many thankѕ, I ɑppreciate it!

12. Le dimanche, octobre 9 2016, 15:55 par parenting help

It is not my first time to go to see this web
site, i am browsing this website dailly and take nice
facts from here every day.

13. Le lundi, octobre 10 2016, 07:02 par condo

Its not my first time to visit this site, i am browsing
this web page dailly and get pleasant facts from here everyday.

14. Le lundi, octobre 10 2016, 08:39 par The Clement Canopy

Greetings! Very helpful advice within this article!
It's the little changes that make the largest changes.
Many thanks for sharing!

15. Le lundi, octobre 10 2016, 09:12 par Sonos amp

Great post.Never knew this, regards for letting
me know.

16. Le lundi, octobre 10 2016, 18:47 par https://www.rbdhs.org/where-to-find-the-best-cheap-teeth-whitening/

I dugg some of you post as I cerebrated they were very helpful very beneficial.

17. Le mardi, octobre 11 2016, 10:20 par ceramahagamaislam

thank you very much for posting, this is very
helpful

18. Le mardi, octobre 11 2016, 11:57 par best cheap teeth whitening

I'm gone to inform my little brother, that he should also visit this weblog on regular basis to take updated from newest
news.

19. Le mercredi, octobre 12 2016, 13:14 par sonosplaybarreview.com

Great post.Ne'er knew this, regards for letting me know.

20. Le mercredi, octobre 12 2016, 13:32 par Clement Canopy Location

Howdy! This article could not be written any better! Looking
through this article reminds me of my previous roommate!
He continually kept preaching about this. I'll send this post to him.
Pretty sure he will have a good read. I appreciate you for
sharing!

21. Le mercredi, octobre 12 2016, 13:50 par The Clement Canopy review

Aw, this was an exceptionally good post. Taking a few minutes and actual effort
to generate a top notch article… but what
can I say… I procrastinate a whole lot and don't seem to get
nearly anything done.

22. Le mercredi, octobre 12 2016, 16:13 par https://sonosplaybarreview.com/sonos-play-1-review/

Great - I should definitely pronounce, impressed with your site.
I had no trouble navigating through all the tabs and related information ended up being truly simple to do to access.
I recently found what I hoped for before you know it in the least.
Quite unusual. Is likely to appreciate it for those who add forums or anything,
web site theme . a tones way for your client to communicate.
Excellent task.

23. Le mercredi, octobre 12 2016, 19:06 par http://gette.net/groups/for-healthy-teeth-follow-actions/

Wow, wonderful weblog layout! How long have
you been blogging for? you made running a blog glance easy.

The total look of your site is excellent, as well as the content!X-N-E-W-L-I-N-S-P-I-N-XI simply couldn't go away your web
site before suggesting that I actually enjoyed the standard information a person provide on your visitors?
Is going to be back continuously in order to inspect new posts.

24. Le mercredi, octobre 12 2016, 20:27 par http://fsnail.dothome.co.kr/?document_srl=666086

It's very effortless to find out any topic on web as compared to
books, as I found this piece of writing at this web
page.

25. Le jeudi, octobre 13 2016, 21:27 par best cheap electric toothbrush

Good post.Ne'er knew this, regards for letting me know.

26. Le jeudi, octobre 13 2016, 22:42 par sonos amp

Great - I should definitely pronounce, impressed with your website.
I had no trouble navigating through all tabs as well as
related info ended up being truly simple to do to access.
I recently found what I hoped for before you know it in the least.

Quite unusual. Is likely to appreciate it for those who add forums or something,
website theme . a tones way for your customer to communicate.
Excellent task.

27. Le vendredi, octobre 14 2016, 00:38 par sonos play 1 review

We're a group of volunteers and starting a new scheme in our community.

Your web site offered us with valuable information to work on. You have done a formidable
job and our whole community will be thankful to you.

28. Le samedi, octobre 15 2016, 00:59 par sonosplaybarreview.com

Some genuinely marvelous work on behalf of the owner of this internet
site, utterly outstanding subject matter.

29. Le dimanche, octobre 16 2016, 01:29 par sonos discounts

Terrific work! This is the type of info that are supposed
to be shared around the net. Disgrace on the search engines
for no longer positioning this put up upper! Come
on over and seek advice from my web site . Thanks =)

30. Le dimanche, octobre 16 2016, 02:43 par Https://Sonosplaybarreview.Com/Sonos-Play-1-Review/

Wonderful paintings! That is the type of info that should be shared across the web.
Disgrace on Google for not positioning this publish upper!
Come on over and consult with my site . Thank you =)

31. Le dimanche, octobre 16 2016, 03:46 par http://cafe-kobzar.ru/node/2489599

Do you have a spam issue on this site; I also am a blogger, and I was wondering your situation; we have created some nice practices
and we are looking to exchange strategies with other folks,
why not shoot me an email if interested.

32. Le dimanche, octobre 16 2016, 10:19 par Waterpik For Braces

I'm gone to tell my little brother, that he
should also pay a visit this blog on regular basis to take updated from newest news update.

33. Le lundi, octobre 17 2016, 11:53 par best tooth whitening system

Hello, i think that i saw you visited my website so i came to ?return the
favor?.I'm attempting to find things to enhance my site!I suppose its ok to use a few of your ideas!!

34. Le mardi, octobre 18 2016, 23:24 par nest thermostat coupon 2016

you're in reality a just right webmaster. The website loading pace is incredible.

It sort of feels that you're doing any unique trick.
Also, The contents are masterpiece. you've done a excellent process in this matter!

35. Le mercredi, octobre 19 2016, 22:00 par Clement Canopy preview

Interesting blog! Is your theme custom made or did you download it
from somewhere? A theme like yours with a few simple tweeks would really make my blog stand out.
Please let me know where you got your theme. Thanks

36. Le jeudi, octobre 20 2016, 10:42 par http://1url.com/84bB

Hey! Do you know if they make any plugins to assist with SEO?

I'm trying to get my blog to rank for some targeted keywords but I'm not seeing very good gains.

If you know of any please share. Thanks!

37. Le jeudi, octobre 20 2016, 13:18 par Rickie

Good post.Ne'er knew this, appreciate it for letting me know.

38. Le vendredi, octobre 21 2016, 11:31 par https://www.rbdhs.org/which-is-The-best-electric-toothbrush-for-receding...

Thank you a lot for giving everyone an extremely splendid chance to
read critical reviews from this site. It is often very pleasing and stuffed with a lot of
fun for me personally and my office peers to visit your web site the equivalent of three times a week to read the
newest secrets you have. And of course, we are usually satisfied
with the impressive solutions you give. Selected
3 ideas in this posting are truly the most
suitable we have had.

39. Le vendredi, octobre 21 2016, 18:50 par waterpik comparison

Hi, Neat post. There is a problem together with your site in internet explorer, would
check this� IE still is the market chief and a big part of other people will omit your great
writing due to this problem.

40. Le vendredi, octobre 21 2016, 19:08 par best wireless doorbell long range

It's awesome to visit this website and reading the views of all friends
regarding this article, while I am also zealous of getting knowledge.

41. Le dimanche, octobre 30 2016, 01:12 par players appreciate

Hi, I do believe this is a great web site. I stumbledupon it
I am going to return once again since I bookmarked it.
Money and freedom is the greatest way to change, may you be rich and continue to guide other people.

42. Le mardi, novembre 8 2016, 14:25 par http://florianqvl60.wikidot.com/blog:1

Frostbite motor, utilized previously such titles
as: Star Wars, Battlefield 4 orr Battlefield INCH: Battlefront is run on by FIFA 17.

43. Le vendredi, novembre 18 2016, 07:50 par buy ssl certificate

Valuable info. Lucky me I discovered your site accidentally, and I'm surprised why
this accident didn't came about in advance! I bookmarked it.

44. Le jeudi, janvier 5 2017, 16:14 par tips for job seekers

whoah this blog is fantastic i really like reading your posts.
Stay up the good work! You know, lots of individuals are searching round for this information, you could aid them greatly.

45. Le vendredi, juillet 28 2017, 23:02 par jamiecooper

Apply for real Data base Registered Passportt ,Visa,Driver Licensee Legit Databasee Registered ,Toefl, Ielts, Toeic, certificatess etc on Email: expresspass@post.c om <Skype ID(expresspass) > Link https:
// homeofficeuk.tumblr.c om/ COPY THE LINK WITH NO SPACE TO GET A COMPLETE LINK ///////////////Legit Data base Registered ,Toefl, Ielts, Toeic, Pass,port, Visas,Id cards,Driver License,SSN,Green Card Online,We produce Real Database Registered Pas,sports,Drivers licenses,ID cards,Birth certificates,diplomas,Visas,SSN,Marriage certificates,divorce
papers,US green cards,University degrees,Stamps,Marijuana license,
registered TOEFL, IELTS, ESOL, CELTA/DELTA & other English

La discussion continue ailleurs

URL de rétrolien : /dotclear/index.php?trackback/104

Fil des commentaires de ce billet

Sysmic.org