summaryrefslogtreecommitdiff
path: root/man/man1/openpgp2ssh.1
diff options
context:
space:
mode:
Diffstat (limited to 'man/man1/openpgp2ssh.1')
-rw-r--r--man/man1/openpgp2ssh.191
1 files changed, 91 insertions, 0 deletions
diff --git a/man/man1/openpgp2ssh.1 b/man/man1/openpgp2ssh.1
new file mode 100644
index 0000000..bea1da5
--- /dev/null
+++ b/man/man1/openpgp2ssh.1
@@ -0,0 +1,91 @@
+.\" -*- nroff -*-
+.Dd $Mdocdate: June 11, 2008 $
+.Dt OPENPGP2SSH 1
+.Os
+.Sh NAME
+openpgp2ssh
+.Nd translate OpenPGP keys to SSH keys
+.Sh SYNOPSIS
+.Nm openpgp2ssh < mykey.gpg
+.Pp
+.Nm gpg --export $KEYID | openpgp2ssh $KEYID
+.Pp
+.Nm gpg --export-secret-key $KEYID | openpgp2ssh $KEYID
+.Sh DESCRIPTION
+.Nm
+takes an OpenPGP-formatted primary key and associated
+subkeys on standard input, and spits out the requested equivalent
+SSH-style key on standard output.
+.Pp
+If the data on standard input contains no subkeys, you can invoke
+.Nm
+without arguments. If the data on standard input contains
+multiple keys (e.g. a primary key and associated subkeys), you must
+specify a specific OpenPGP keyid (e.g. CCD2ED94D21739E9) or
+fingerprint as the first argument to indicate which key to export.
+The keyid must be exactly 16 hex characters.
+.Pp
+If the input contains an OpenPGP RSA or DSA public key, it will be
+converted to the OpenSSH-style single-line keystring, prefixed with
+the key type. This format is suitable (with minor alterations) for
+insertion into known_hosts files and authorized_keys files.
+.Pp
+If the input contains an OpenPGP RSA or DSA secret key, it will be
+converted to the equivalent PEM-encoded private key.
+.Pp
+.Nm
+is part of the
+.Xr monkeysphere 1
+framework for providing a PKI for SSH.
+.Sh CAVEATS
+The keys produced by this process are stripped of all identifying
+information, including certifications, self-signatures, etc. This is
+intentional, since ssh attaches no inherent significance to these
+features.
+.Pp
+.Nm
+only works with RSA or DSA keys, because those are the
+only ones which work with ssh.
+.Pp
+Assuming a valid key type, though,
+.Nm
+will produce output for
+any requested key. This means, among other things, that it will
+happily export revoked keys, unverifiable keys, expired keys, etc.
+Make sure you do your own key validation before using this tool!
+.Sh EXAMPLES
+.Nm gpg --export-secret-key $KEYID | openpgp2ssh $KEYID | ssh-add -c /dev/stdin
+.Pp
+This pushes the secret key into the active
+.Xr ssh-agent 1 .
+Tools such as
+.Xr ssh 1
+which know how to talk to the
+.Xr ssh-agent 1
+can now rely on the key.
+.Sh AUTHOR
+.Nm
+and this man page were written by Daniel Kahn Gillmor
+<dkg@fifthhorseman.net>.
+.Sh BUGS
+.Nm
+Currently only exports into formats used by the OpenSSH.
+It should support other key output formats, such as those used by
+lsh(1) and putty(1).
+.Pp
+Secret key output is currently not passphrase-protected.
+.Pp
+.Nm
+currently cannot handle passphrase-protected secret keys on input.
+.Pp
+It would be nice to be able to use keyids shorter or longer than 16
+hex characters.
+.Pp
+.Nm
+only acts on keys associated with the first primary key
+passed in. If you send it more than one primary key, it will silently
+ignore later ones.
+.Sh SEE ALSO
+.Xr monkeysphere 1 ,
+.Xr ssh 1 ,
+.Xr monkeysphere-server 8
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-15 03:50:02 +0000