Extract OpenPGP secret key material to use as X.509 root CA's key

Question

At the moment, there are 2 cryptographic setups in place on the devices I use daily:

1. First, I have an OpenPGP key that I use to sign email, authenticate over SSH, and various other little things. Put simply, this key is used to authenticate me, personnally (some manual operation that I am performing like sending an email).
2. Then, I (try to) maintain a small PKI for my home network: a root CA (with its root key) that all my devices recognise, and a bunch of end certificates used by my home server (mostly for TLS). Put simply, this is used to authenticate my devices for things that run without me behind the keyboard.

So far, I quite like the distinction (and therefore the 2 keys). But part of me can't help thinking that it would be nice to only maintain one private key. After all, it's either me or one of my devices, so basically, it's me (that's up for debate, but maybe later).

I'm trying to figure out a way to use the same key material in both contexts. In other words: I'm curious about using my personal, OpenPGP key, as the private key for the root CA.

After going through quite the number of questions/answers on the topic, and dumping some OpenPGP packets, I came to this conclusion: OpenGPG uses the term "private key" a little more loosely than I thought: it's not just the actual key material, but also an identity (I've seen the term "key certificate" used here and there). Most of the information I can find is about trying to convert an OpenGPG key (certificate) into a format recognised by openssl. Now, since both certificate formats do not contain the same type of metadata associated with the key, I concluded that the conversion does not make much sense.

Nonetheless, I cannot understand why what I'm trying to do isn't readily feasible through gpg or openssl. I can't seem to find a way to extract key pair material and use it across tools. Actually, going through the OpenGPG (GPGME) documentation, it appears to be explicitly disallowed:

GPGME_EXPORT_MODE_RAW SINCE: 1.6.0

If this flag is used with GPGME_EXPORT_MODE_SECRET for an X.509 key the export format will be changed to PKCS#1. This flag may not be used with OpenPGP.

GPGME_EXPORT_MODE_PKCS12 SINCE: 1.6.0

If this flag is used with GPGME_EXPORT_MODE_SECRET for an X.509 key the export format will be changed to PKCS#12 which also includes the certificate. This flag may not be used with OpenPGP.

Source: https://gnupg.org/documentation/manuals/gpgme/Exporting-Keys.html#Exporting-Keys

This makes me think I might be missing something crucial and obvious here, but I can't figure out what it is. What is preventing me from exporting my private key material (say, to PEM/PKCS#8/PKCS#12 format) so that I may then use it with openssl to create my root CA?

Answer 1

GnuPG supports two quite different standards for email: OpenPGP and S/MIME. The actual cryptographic keys are mostly equivalent, but the metadata for PGP ("UID" and "signature" and "usage" and "expiration") are very different from those for S/MIME based on X.509. And the PKCS8 and PKCS12 formats are supported only for S/MIME keys (which that documentation calls X.509, a bit imprecisely).

What you can do (apparently for RSA only) is create an S/MIME (gpgsm) key that re-uses the private-aka-secret key of an OpenPGP (gpg) key. See my answer at Create CSR for S/MIME certificate from existing OpenPGP key pair based on https://superuser.com/questions/435321/how-can-i-export-public-keys-in-pem-format-with-gnupg and possibly https://superuser.com/questions/1680607/how-to-export-the-private-ssh-subkey-from-gpg . Note this actually creates an X.509 certificate, but not one suitable for use as a CA, so either export PKCS8, or export PKCS12 with the bogus cert but discard that cert and use only the privatekey to create your new cert, for example in OpenSSL.

Remember OpenPGP (gpg) keys usually come in clusters: one masterkey, usually at least one separate encryption subkey, often at least one separate data-signing subkey, and optionally separate ssh-authentication subkey(s). While key-signing, data-signing, and ssh authentication are all actually signatures at the crypto level, PGP and GnuPG calls them by different names: Certify, Sign, and Authenticate. You should only choose one of these for the conversion above.