1OPENPGP2SSH(1)            BSD General Commands Manual           OPENPGP2SSH(1)
2

NAME

4     openpgp2ssh — translate OpenPGP keys to SSH keys
5

SYNOPSIS

7     openpgp2ssh < mykey.gpg
8
9     gpg --export $KEYID | openpgp2ssh $KEYID
10
11     gpg --export $KEYID | openpgp2pem $KEYID
12
13     gpg --export $KEYID | openpgp2spki $KEYID
14
15     gpg --export-secret-key $KEYID | openpgp2ssh $KEYID
16

DESCRIPTION

18     openpgp2ssh takes an OpenPGP-formatted primary key and associated subkeys
19     on standard input, and spits out the requested equivalent SSH-style (or
20     PEM-encoded) key on standard output.
21
22     If the data on standard input contains no subkeys, you can invoke
23     openpgp2ssh without arguments.  If the data on standard input contains
24     multiple keys (e.g. a primary key and associated subkeys), you must spec‐
25     ify a specific OpenPGP key identifier as the first argument to indicate
26     which key to export.  The key ID is normally the 40 hex digit OpenPGP
27     fingerprint of the key or subkey desired, but openpgp2ssh will accept as
28     few as the last 8 digits of the fingerprint as a key ID.
29
30     If the input contains an OpenPGP RSA public key, it will be converted to
31     the OpenSSH-style single-line keystring, prefixed with the key type
32     (`ssh-rsa').  This format is suitable (with minor alterations) for inser‐
33     tion into known_hosts files and authorized_keys files.  If invoked as
34     `openpgp2pem', a PEM-encoded public key will be emitted instead.
35
36     If invoked as `openpgp2spki', a PEM-encoded subjectPublicKeyInfo (as
37     defined in the X.509 standard) will be emitted instead.
38
39     If the input contains an OpenPGP RSA secret key, it will be converted to
40     the equivalent PEM-encoded private key.
41
42     openpgp2ssh is part of the monkeysphere(7) framework for providing a PKI
43     for SSH.
44

CAVEATS

46     The keys produced by this process are stripped of all identifying infor‐
47     mation, including certifications, self-signatures, etc.  This is inten‐
48     tional, since ssh attaches no inherent significance to these features.
49
50     openpgp2ssh will produce output for any requested RSA key.  This means,
51     among other things, that it will happily export revoked keys, unverifi‐
52     able keys, expired keys, etc.  Make sure you do your own key validation
53     before using this tool!
54

EXAMPLES

56     gpg --export-secret-key $KEYID | openpgp2ssh $KEYID | ssh-add -c
57     /dev/stdin
58
59     This pushes the secret key into the active ssh-agent(1).  Tools such as
60     ssh(1) which know how to talk to the ssh-agent(1) can now rely on the
61     key.
62

AUTHOR

64     openpgp2ssh and this man page were written by Daniel Kahn Gillmor
65     <dkg@fifthhorseman.net>.
66

BUGS

68     openpgp2ssh only works with RSA keys.  DSA keys are the only other key
69     type available in both OpenPGP and SSH, but they are currently unsup‐
70     ported by this utility.
71
72     openpgp2ssh only accepts raw OpenPGP packets on standard input.  It does
73     not accept ASCII-armored input.  openpgp2ssh Currently only exports into
74     formats used by the OpenSSH.  It should support other key output formats,
75     such as those used by lsh(1) and putty(1).
76
77     Secret key output is currently not passphrase-protected.
78
79     openpgp2ssh currently cannot handle passphrase-protected secret keys on
80     input.
81

SEE ALSO

83     pem2openpgp(1), monkeysphere(1), monkeysphere(7), ssh(1),
84     monkeysphere-authentication(8), monkeysphere-host(8)
85
86BSD                              June 20, 2019                             BSD
Impressum