summaryrefslogtreecommitdiff
path: root/man/man1/openpgp2ssh.1
blob: 83b615467566ed977487fb5201739d08ec0efbc6 (plain) 
    

  1. .\"  -*- nroff -*-
    2. 

  2. .Dd $Mdocdate: June 11, 2008 $
    3. 

  3. .Dt OPENPGP2SSH 1
    4. 

  4. .Os
    5. 

  5. .Sh NAME
    6. 

  6. openpgp2ssh
    7. 

  7. .Nd translate OpenPGP keys to SSH keys
    8. 

  8. .Sh SYNOPSIS
    9. 

  9. .Nm openpgp2ssh < mykey.gpg 
    10. 

  10. .Pp
    11. 

  11. .Nm gpg --export $KEYID | openpgp2ssh $KEYID
    12. 

  12. .Pp
    13. 

  13. .Nm gpg --export-secret-key $KEYID | openpgp2ssh $KEYID
    14. 

  14. .Sh DESCRIPTION
    15. 

  15. .Nm
    16. 

  16. takes an OpenPGP-formatted primary key and associated
    17. 

  17. subkeys on standard input, and spits out the requested equivalent
    18. 

  18. SSH-style key on standard output.
    19. 

  19. .Pp
    20. 

  20. If the data on standard input contains no subkeys, you can invoke
    21. 

  21. .Nm
    22. 

  22. without arguments.  If the data on standard input contains
    23. 

  23. multiple keys (e.g. a primary key and associated subkeys), you must
    24. 

  24. specify a specific OpenPGP keyid (e.g. CCD2ED94D21739E9) or
    25. 

  25. fingerprint as the first argument to indicate which key to export.
    26. 

  26. The keyid must be exactly 16 hex characters.
    27. 

  27. .Pp
    28. 

  28. If the input contains an OpenPGP RSA or DSA public key, it will be
    29. 

  29. converted to the OpenSSH-style single-line keystring, prefixed with
    30. 

  30. the key type.  This format is suitable (with minor alterations) for
    31. 

  31. insertion into known_hosts files and authorized_keys files.
    32. 

  32. .Pp
    33. 

  33. If the input contains an OpenPGP RSA or DSA secret key, it will be
    34. 

  34. converted to the equivalent PEM-encoded private key.
    35. 

  35. .Pp
    36. 

  36. .Nm
    37. 

  37. is part of the
    38. 

  38. .Xr monkeysphere 1
    39. 

  39. framework for providing a PKI for SSH.
    40. 

  40. .Sh CAVEATS
    41. 

  41. The keys produced by this process are stripped of all identifying
    42. 

  42. information, including certifications, self-signatures, etc.  This is
    43. 

  43. intentional, since ssh attaches no inherent significance to these
    44. 

  44. features.
    45. 

  45. .Pp
    46. 

  46. .Nm
    47. 

  47. only works with RSA or DSA keys, because those are the
    48. 

  48. only ones which work with ssh.
    49. 

  49. .Pp
    50. 

  50. Assuming a valid key type, though, 
    51. 

  51. .Nm
    52. 

  52. will produce output for
    53. 

  53. any requested key.  This means, among other things, that it will
    54. 

  54. happily export revoked keys, unverifiable keys, expired keys, etc.
    55. 

  55. Make sure you do your own key validation before using this tool!
    56. 

  56. .Sh EXAMPLES
    57. 

  57. .Nm gpg --export-secret-key $KEYID | openpgp2ssh $KEYID | ssh-add -c /dev/stdin
    58. 

  58. .Pp
    59. 

  59. This pushes the secret key into the active
    60. 

  60. .Xr ssh-agent 1 . 
    61. 

  61. Tools such as 
    62. 

  62. .Xr ssh 1
    63. 

  63. which know how to talk to the 
    64. 

  64. .Xr ssh-agent 1
    65. 

  65. can now rely on the key.
    66. 

  66. .Sh AUTHOR
    67. 

  67. .Nm
    68. 

  68. and this man page were written by Daniel Kahn Gillmor
    69. 

  69. <dkg@fifthhorseman.net>.
    70. 

  70. .Sh BUGS
    71. 

  71. .Nm
    72. 

  72. currently only exports into formats used by the OpenSSH.
    73. 

  73. It should support other key output formats, such as those used by
    74. 

  74. lsh(1) and putty(1).
    75. 

  75. .Pp
    76. 

  76. Secret key output is currently not passphrase-protected.
    77. 

  77. .Pp
    78. 

  78. .Nm
    79. 

  79. currently cannot handle passphrase-protected secret keys on input.
    80. 

  80. .Pp
    81. 

  81. It would be nice to be able to use keyids shorter or longer than 16
    82. 

  82. hex characters.
    83. 

  83. .Pp
    84. 

  84. .Nm
    85. 

  85. only acts on keys associated with the first primary key
    86. 

  86. passed in.  If you send it more than one primary key, it will silently
    87. 

  87. ignore later ones.
    88. 

  88. .Sh SEE ALSO
    89. 

  89. .Xr monkeysphere 1 ,
    90. 

  90. .Xr ssh 1 ,
    91. 

  91. .Xr monkeysphere-server 8
    92.
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-28 20:22:58 +0000