Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
OPENPGP2SSH(1)		FreeBSD	General	Commands Manual		OPENPGP2SSH(1)

     openpgp2ssh -- translate OpenPGP keys to SSH keys

     openpgp2ssh < mykey.gpg

     gpg --export $KEYID | openpgp2ssh $KEYID

     gpg --export $KEYID | openpgp2pem $KEYID

     gpg --export $KEYID | openpgp2spki	$KEYID

     gpg --export-secret-key $KEYID | openpgp2ssh $KEYID

     openpgp2ssh takes an OpenPGP-formatted primary key	and associated subkeys
     on	standard input,	and spits out the requested equivalent SSH-style (or
     PEM-encoded) key on standard output.

     If	the data on standard input contains no subkeys,	you can	invoke
     openpgp2ssh without arguments.  If	the data on standard input contains
     multiple keys (e.g. a primary key and associated subkeys),	you must spec-
     ify a specific OpenPGP key	identifier as the first	argument to indicate
     which key to export.  The key ID is normally the 40 hex digit OpenPGP
     fingerprint of the	key or subkey desired, but openpgp2ssh will accept as
     few as the	last 8 digits of the fingerprint as a key ID.

     If	the input contains an OpenPGP RSA public key, it will be converted to
     the OpenSSH-style single-line keystring, prefixed with the	key type
     (`ssh-rsa').  This	format is suitable (with minor alterations) for	inser-
     tion into known_hosts files and authorized_keys files.  If	invoked	as
     `openpgp2pem', a PEM-encoded public key will be emitted instead.

     If	invoked	as `openpgp2spki', a PEM-encoded subjectPublicKeyInfo (as de-
     fined in the X.509	standard) will be emitted instead.

     If	the input contains an OpenPGP RSA secret key, it will be converted to
     the equivalent PEM-encoded	private	key.

     openpgp2ssh is part of the	monkeysphere(7)	framework for providing	a PKI
     for SSH.

     The keys produced by this process are stripped of all identifying infor-
     mation, including certifications, self-signatures,	etc.  This is inten-
     tional, since ssh attaches	no inherent significance to these features.

     openpgp2ssh will produce output for any requested RSA key.	 This means,
     among other things, that it will happily export revoked keys, unverifi-
     able keys,	expired	keys, etc.  Make sure you do your own key validation
     before using this tool!

     gpg --export-secret-key $KEYID | openpgp2ssh $KEYID | ssh-add -c

     This pushes the secret key	into the active	ssh-agent(1).  Tools such as
     ssh(1) which know how to talk to the ssh-agent(1) can now rely on the

     openpgp2ssh and this man page were	written	by Daniel Kahn Gillmor

     openpgp2ssh only works with RSA keys.  DSA	keys are the only other	key
     type available in both OpenPGP and	SSH, but they are currently unsup-
     ported by this utility.

     openpgp2ssh only accepts raw OpenPGP packets on standard input.  It does
     not accept	ASCII-armored input.  openpgp2ssh Currently only exports into
     formats used by the OpenSSH.  It should support other key output formats,
     such as those used	by lsh(1) and putty(1).

     Secret key	output is currently not	passphrase-protected.

     openpgp2ssh currently cannot handle passphrase-protected secret keys on

     pem2openpgp(1), monkeysphere(1), monkeysphere(7), ssh(1),
     monkeysphere-authentication(8), monkeysphere-host(8)

FreeBSD	13.0		       January 18,, 2013		  FreeBSD 13.0


Want to link to this manual page? Use this URL:

home | help