generating RSA private key from PGP PRIVATE KEY BLOCK

I downloaded my private key block from keybase.io (into file keybase.ppk). It starts with:

-----BEGIN PGP PRIVATE KEY BLOCK-----
Version: Keybase OpenPGP v2.0.49

I would now like to create a ssh key pair so I can put a public key on a remote server and use the private key to log into it. How do I do it on Linux?

I tried various methods I found on the net and all I learned is that my understanding of applications and standards in contemporary cryptography is very limited :-/

dijxtra

Posted 2015-12-13T16:26:14.937

Reputation: 193

Answers

After some more googling I finally understood what this answer means:

https://security.stackexchange.com/a/9635

What needs to be done beforehand for this answer to work out is:

gpg --import .ssh/keybase.ppk

After that, I did:

gpg --edit-key D937A057 # removing password
gpg --export D937A057 | openpgp2ssh D937A057 > keybase.pub # generating public key
gpg --export-secret-key D937A057 | openpgp2ssh D937A057 > keybase # generating private key
gpg --delete-secret-key D937A057 # cleanup

One would think there's an easier way to do this. Spent solid 2 hours to figure this out...

dijxtra

Posted 2015-12-13T16:26:14.937

Reputation: 193

There is barely no tool support for this, as the use of it is very limited. You cannot simply use "plain" RSA keys as OpenPGP keys, nor are OpenPGP and X.509 (for example for S/MIME) interchangeable: Both have trust management as one of their most important features. If you want to use OpenPGP keys for SSH, have a look at monkeysphere, otherwise I'd rather generate a new key pair for SSH instead of reusing OpenPGP keys: there is no real gain, but you additionally expose the keys through the other protocol to possible attacks.

– Jens Erat – 2015-12-13T19:49:45.577

It's not that I want to use OpenPGP keys for SSH, I want to use keybase.io for SSH, and keybase.io has support only for OpenPGP keys. I still don't quite understand why. I did read this, but all I understood was that people who know much more than me about crypto do not agree about the issue.

– dijxtra – 2015-12-14T07:47:53.783

1Just wanted to comment that the --edit-key should be followed by 'passwd' and then 'quit'. – Alex Leith – 2016-02-10T23:02:13.110

1To expand on the above comment and the first step in general, type gpg --edit-key D937A057 and then type passwd. You'll be asked for your existing passphrase. If you downloaded the key from keybase.io, this is your keybase password. Then it'll ask you for your new password and confirmation. Just enter a blank value (hit Enter twice). And then confirm you want to remove the password when it prompts you. Finally type quit to exist the gpg shell and confirm you want to save changes – user2490003 – 2018-06-05T22:06:08.707

GPG can export keys in OpenSSH format. According to the man page:

--export-ssh-key
              This command is used to export a key in the OpenSSH public key format.  It requires the specification of  one  key  by
              the  usual  means  and exports the latest valid subkey which has an authentication capability to STDOUT or to the file
              given with option --output.  That output can directly be added to ssh's ‘authorized_key’ file.

              By specifying the key to export using a key ID or a fingerprint suffixed with an exclamation mark (!), a specific sub‐
              key  or  the  primary  key can be exported.  This does not even require that the key has the authentication capability
              flag set.

sevcsik

Posted 2015-12-13T16:26:14.937

Reputation: 101