sh 不同的私钥/公钥转换GnuPG,OpenSSH和OpenSSL
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了sh 不同的私钥/公钥转换GnuPG,OpenSSH和OpenSSL相关的知识,希望对你有一定的参考价值。
# Source: http://www.sysmic.org/dotclear/index.php?post/2010/03/24/Convert-keys-betweens-GnuPG%2C-OpenSsh-and-OpenSSL
# OpenSSH private keys are directly understable by OpenSSL. You can test for example:
openssl rsa -in ~/.ssh/id_rsa -text
openssl dsa -in ~/.ssh/id_dsa -text
# So, you can directly use it to create a certification request:
openssl req -new -key ~/.ssh/id_dsa -out myid.csr
# You can also use your ssh key to create a sef-signed certificate:
openssl x509 -req -days 3650 -in myid.csr -signkey ~/.ssh/id_rsa -out myid.crt
# OpenSSL to OpenSSH
# Private keys format is same between OpenSSL and OpenSSH. So you just a have to rename your OpenSSL key:
cp myid.key id_rsa
# In OpenSSL, there is no specific file for public key (public keys are generally embeded in certificates). However, you extract public key from private key file:
ssh-keygen -y -f myid.key > id_rsa.pub
# GnuPG to OpenSSH
# The best way is to use openpgp2ssh tool distributed in with monkeyshpere project:
gpg --export-options export-reset-subkey-passwd,export-minimal,no-export-attributes --export-secret-keys --no-armor 0x01234567! | openpgp2ssh 01234567 > id_rsa
# Notice 0x01234567 must be a RSA key (or subkey).
# You can now extract ssh public key using:
ssh-keygen -y -f id_rsa > id_rsa.pub
# GnuPG to OpenSSL
# We already saw all steps. Extract key as for ssh:
gpg --export-options export-reset-subkey-passwd,export-minimal,no-export-attributes --export-secret-keys --no-armor 0x01234567! | openpgp2ssh 01234567 > myid.key
# You can create a certification request:
openssl req -new -key myid.key -out myid.csr
# You can create a sef-signed certificate:
openssl x509 -req -days 3650 -in myid.csr -signkey myid.key -out myid.crt
# GnuPG S/MIME to OpenSSL
# Gpgsm utility can exports keys and certificate in PCSC12:
gpgsm -o secret-gpg-key.p12 --export-secret-key-p12 0xXXXXXXXX
# You have to extract Key and Certificates separatly:
openssl pkcs12 -in secret-gpg-key.p12 -nocerts -out gpg-key.pem
openssl pkcs12 -in secret-gpg-key.p12 -nokeys -out gpg-certs.pem
# You can now use it in OpenSSL.
# You can also do similar thing with GnuPG public keys. There will be only certificates output.
# OpenSSL to GnuPG S/MIME
# Invert process:
openssl pkcs12 -export -in gpg-certs.pem -inkey gpg-key.pem -out gpg-key.p12
gpgsm --import gpg-key.p12
# GnuPG S/MIME to OpenSSH
# Now, chain processes:
gpgsm -o secret-gpg-key.p12 --export-secret-key-p12 0xXXXXXXXX
openssl pkcs12 -in secret-gpg-key.p12 -nocerts -out gpg-key.pem
# We need to protect key, else ssh refuse it.
chmod 600 gpg-key.pem
cp gpg-key.pem ~/.ssh/id_rsa
ssh-keygen -y -f gpg-key.pem > ~/.ssh/id_rsa.pub
# OpenSSH to GnuPG S/MIME
# First we need to create a certificate (self-signed) for our ssh key:
openssl req -new -x509 -key ~/.ssh/id_rsa -out ssh-cert.pem
# We can now import it in GnuPG
openssl pkcs12 -export -in ssh-certs.pem -inkey ~/.ssh/id_rsa -out ssh-key.p12
gpgsm --import ssh-key.p12
# Notice you cannot import/export DSA ssh keys to/from GnuPG
以上是关于sh 不同的私钥/公钥转换GnuPG,OpenSSH和OpenSSL的主要内容,如果未能解决你的问题,请参考以下文章