diff options
Diffstat (limited to 'man/man1/openpgp2ssh.1')
| -rw-r--r-- | man/man1/openpgp2ssh.1 | 91 |
1 files changed, 91 insertions, 0 deletions
diff --git a/man/man1/openpgp2ssh.1 b/man/man1/openpgp2ssh.1 new file mode 100644 index 0000000..bea1da5 --- /dev/null +++ b/man/man1/openpgp2ssh.1 @@ -0,0 +1,91 @@ +.\" -*- nroff -*- +.Dd $Mdocdate: June 11, 2008 $ +.Dt OPENPGP2SSH 1 +.Os +.Sh NAME +openpgp2ssh +.Nd translate OpenPGP keys to SSH keys +.Sh SYNOPSIS +.Nm openpgp2ssh < mykey.gpg +.Pp +.Nm gpg --export $KEYID | openpgp2ssh $KEYID +.Pp +.Nm gpg --export-secret-key $KEYID | openpgp2ssh $KEYID +.Sh DESCRIPTION +.Nm +takes an OpenPGP-formatted primary key and associated +subkeys on standard input, and spits out the requested equivalent +SSH-style key on standard output. +.Pp +If the data on standard input contains no subkeys, you can invoke +.Nm +without arguments. If the data on standard input contains +multiple keys (e.g. a primary key and associated subkeys), you must +specify a specific OpenPGP keyid (e.g. CCD2ED94D21739E9) or +fingerprint as the first argument to indicate which key to export. +The keyid must be exactly 16 hex characters. +.Pp +If the input contains an OpenPGP RSA or DSA public key, it will be +converted to the OpenSSH-style single-line keystring, prefixed with +the key type. This format is suitable (with minor alterations) for +insertion into known_hosts files and authorized_keys files. +.Pp +If the input contains an OpenPGP RSA or DSA secret key, it will be +converted to the equivalent PEM-encoded private key. +.Pp +.Nm +is part of the +.Xr monkeysphere 1 +framework for providing a PKI for SSH. +.Sh CAVEATS +The keys produced by this process are stripped of all identifying +information, including certifications, self-signatures, etc. This is +intentional, since ssh attaches no inherent significance to these +features. +.Pp +.Nm +only works with RSA or DSA keys, because those are the +only ones which work with ssh. +.Pp +Assuming a valid key type, though, +.Nm +will produce output for +any requested key. This means, among other things, that it will +happily export revoked keys, unverifiable keys, expired keys, etc. +Make sure you do your own key validation before using this tool! +.Sh EXAMPLES +.Nm gpg --export-secret-key $KEYID | openpgp2ssh $KEYID | ssh-add -c /dev/stdin +.Pp +This pushes the secret key into the active +.Xr ssh-agent 1 . +Tools such as +.Xr ssh 1 +which know how to talk to the +.Xr ssh-agent 1 +can now rely on the key. +.Sh AUTHOR +.Nm +and this man page were written by Daniel Kahn Gillmor +<dkg@fifthhorseman.net>. +.Sh BUGS +.Nm +Currently only exports into formats used by the OpenSSH. +It should support other key output formats, such as those used by +lsh(1) and putty(1). +.Pp +Secret key output is currently not passphrase-protected. +.Pp +.Nm +currently cannot handle passphrase-protected secret keys on input. +.Pp +It would be nice to be able to use keyids shorter or longer than 16 +hex characters. +.Pp +.Nm +only acts on keys associated with the first primary key +passed in. If you send it more than one primary key, it will silently +ignore later ones. +.Sh SEE ALSO +.Xr monkeysphere 1 , +.Xr ssh 1 , +.Xr monkeysphere-server 8 |