Rechercher une page de manuel

Chercher une autre page de manuel:

openpgp2ssh

Langue: en

Autres versions - même langue

Version: 313881 (ubuntu - 07/07/09)

Section: 1 (Commandes utilisateur)


BSD mandoc

NAME

openpgp2ssh - translate OpenPGP keys to SSH keys

SYNOPSIS

openpgp2ssh < mykey.gpg


gpg --export $KEYID | openpgp2ssh $KEYID


gpg --export-secret-key $KEYID | openpgp2ssh $KEYID

DESCRIPTION

openpgp2ssh < mykey.gpg takes an OpenPGP-formatted primary key and associated subkeys on standard input, and spits out the requested equivalent SSH-style key on standard output.

If the data on standard input contains no subkeys, you can invoke openpgp2ssh < mykey.gpg without arguments. If the data on standard input contains multiple keys (e.g. a primary key and associated subkeys), you must specify a specific OpenPGP key identifier as the first argument to indicate which key to export. The key ID is normally the 40 hex digit OpenPGP fingerprint of the key or subkey desired, but openpgp2ssh < mykey.gpg will accept as few as the last 8 digits of the fingerprint as a key ID.

If the input contains an OpenPGP RSA or DSA public key, it will be converted to the OpenSSH-style single-line keystring, prefixed with the key type. This format is suitable (with minor alterations) for insertion into known_hosts files and authorized_keys files.

If the input contains an OpenPGP RSA or DSA secret key, it will be converted to the equivalent PEM-encoded private key.

openpgp2ssh < mykey.gpg is part of the monkeysphere(7) framework for providing a PKI for SSH.

CAVEATS

The keys produced by this process are stripped of all identifying information, including certifications, self-signatures, etc. This is intentional, since ssh attaches no inherent significance to these features.

openpgp2ssh < mykey.gpg only works with RSA or DSA keys, because those are the only ones which work with ssh.

Assuming a valid key type, though, openpgp2ssh < mykey.gpg will produce output for any requested key. This means, among other things, that it will happily export revoked keys, unverifiable keys, expired keys, etc. Make sure you do your own key validation before using this tool!

EXAMPLES

gpg --export-secret-key $KEYID | openpgp2ssh $KEYID | ssh-add -c /dev/stdin

This pushes the secret key into the active ssh-agent1. Tools such as ssh(1) which know how to talk to the ssh-agent1 can now rely on the key.

AUTHOR

openpgp2ssh < mykey.gpg and this man page were written by Daniel Kahn Gillmor <dkg@fifthhorseman.net>.

BUGS

openpgp2ssh < mykey.gpg Currently only exports into formats used by the OpenSSH. It should support other key output formats, such as those used by lsh(1) and putty(1).

Secret key output is currently not passphrase-protected.

openpgp2ssh < mykey.gpg currently cannot handle passphrase-protected secret keys on input.

Key identifiers consisting of an odd number of hex digits are not accepted. Users who use a key ID with a standard length of 8, 16, or 40 hex digits should not be affected by this.

openpgp2ssh < mykey.gpg only acts on keys associated with the first primary key passed in. If you send it more than one primary key, it will silently ignore later ones.

SEE ALSO

monkeysphere(1), monkeysphere(7), ssh(1), monkeysphere-server8
Ha, chiens tueurs ! Me jouez-vous un fongueux bagne au camping du Loch Ness ?
-- Esposito-Farese, Gilles