Mailing List Archive

Exporting SSH keys from OpenPGP Authentication keys programatically (gpgme)
Hello all,

Is it possible to export SSH keys from OpenPGP Authentication keys
programmatically with gpgme?

I'm looking for an equivalent of "gpg --export-ssh" and did some preliminary
research but the exporting keys documentation [0] doesn't list anything related
to SSH.

[0]: https://www.gnupg.org/documentation/manuals/gpgme/Exporting-Keys.html

Thank you in advance!

Kind regards,
Wiktor

--
https://metacode.biz/@wiktor

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
Re: Exporting SSH keys from OpenPGP Authentication keys programatically (gpgme) [ In reply to ]
On Sat, 29 Dec 2018 20:22, gnupg-devel@gnupg.org said:

> I'm looking for an equivalent of "gpg --export-ssh" and did some preliminary
> research but the exporting keys documentation [0] doesn't list

This is not supported. Do you think this could be a common use case?


Shalom-Salam,

Werner

--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
Re: Exporting SSH keys from OpenPGP Authentication keys programatically (gpgme) [ In reply to ]
Hello.

Am Sonntag, den 30.12.2018, 11:27 +0100 schrieb Werner Koch:
> On Sat, 29 Dec 2018 20:22, gnupg-devel@gnupg.org said:

> > I'm looking for an equivalent of "gpg --export-ssh" and did some
> > preliminary
> > research but the exporting keys documentation [0] doesn't list

> This is not supported. Do you think this could be a common use case?

Excuse my dumb question, but, what would be the benefit of this?

AFAIK, there is no way of using X.509 Certs from GPGsm for SSH,
especially when the private KEys are on an OpenPGP-Card.

Correct me if I'm wrong, please.

Regards,
Dirk


--
Dirk Gottschalk
Paulusstrasse 6-8
52064 Aachen, Germany

GPG: DDCB AF8E 0132 AA54 20AB B864 4081 0B18 1ED8 E838
Keybase.io: https://keybase.io/dgottschalk
GitHub: https://github.com/Dirk1980ac
Re: Exporting SSH keys from OpenPGP Authentication keys programatically (gpgme) [ In reply to ]
Hi Werner, Dirk,

>> This is not supported. Do you think this could be a common use case?

I don't know if this is "common" enough but I'm planning to write an integration
that would automatically add user's keys (OpenPGP, SSH) to GitLab when a new
e-mail is added through Web Key Directory [0]. As far as I've seen they use
GpgME for key management so if it was possible I'd like to keep the same style.

[0]: https://gitlab.com/gitlab-org/gitlab-ce/issues/48751

> Excuse my dumb question, but, what would be the benefit of this?
>
> AFAIK, there is no way of using X.509 Certs from GPGsm for SSH,
> especially when the private KEys are on an OpenPGP-Card.

This is not about using X.509 but OpenPGP Authentication subkeys. GPG Agent acts
as SSH Agent. Check this out, for example (no affiliation, just first hit on a
search engine for "gpg ssh"):

https://www.esev.com/blog/post/2015-01-pgp-ssh-key-on-yubikey-neo/

(Yes, I know SSH can use X.509 certs but this isn't it).

Kind regards,
Wiktor

--
https://metacode.biz/@wiktor

_______________________________________________
Gnupg-devel mailing list
Gnupg-devel@gnupg.org
http://lists.gnupg.org/mailman/listinfo/gnupg-devel
Re: Exporting SSH keys from OpenPGP Authentication keys programatically (gpgme) [ In reply to ]
Hi,

On Sunday 30 December 2018 20:29:06 CET Wiktor Kwapisiewicz via Gnupg-devel
wrote:
> >> This is not supported. Do you think this could be a common use case?
>
> I don't know if this is "common" enough but I'm planning to write an
integration
> that would automatically add user's keys (OpenPGP, SSH) to GitLab when a new
> e-mail is added through Web Key Directory [0]. As far as I've seen they use
> GpgME for key management so if it was possible I'd like to keep the same
style.

Sounds good. Although I do not think that we would even need a usecase for
this. Just for consistency the API should provide it. It is a simple change
IMO to add this as an export mode.
I noted the request down as:

https://dev.gnupg.org/T4310

Best Regards,
Andre

--
GnuPG e.V., Rochusstr. 44, D-40479 D?sseldorf. VR 11482 D?sseldorf
Vorstand: W.Koch, M.Gollowitzer, A.Heinecke. Mail: board@gnupg.org
Finanzamt D-Altstadt, St-Nr: 103/5923/1779. Tel: +49-2104-4938799