Is it possible to construct a GPG Certificate from an existing RSA key pair
Werner Koch
wk at gnupg.org
Sun Oct 7 14:29:11 CEST 2012
On Sat, 6 Oct 2012 15:53, melvincarvalho at gmail.com said:
> Is it possible to construct a GPG 'Certificate' from an existing RSA key
> pair?
If you want to add it as a subkey, that is easy with GnuPG 2.1 (beta).
You first import your private key using
gpgsm --import foo.p12
you will be asked for the transport passphrase and then for the new
passphrase. Then do a key listing
gpgsm --with-keygrip -K
and figure out the right key. You may use a user id etc on the command
line to restrict the listing to that key. One of the lines shown is the
/keygrip/ - copy its value.
Now run
gpg2 --expert --edit YOURGPGKEY
The use "addkey":
Please select what kind of key you want:
(3) DSA (sign only)
(4) RSA (sign only)
(5) Elgamal (encrypt only)
(6) RSA (encrypt only)
(7) DSA (set your own capabilities)
(8) RSA (set your own capabilities)
(10) ECDSA (sign only)
(11) ECDSA (set your own capabilities)
(12) ECDH (encrypt only)
(13) Existing key
Now enter "13" and paste the keygrip you saved above. The new subkey
will be created using the private key you imported into gpgsm. Note
that there are no checks for the key type; thus make sure the key
matches the capabilities you want for your subkey. The next prompt
allows you to set this capabilities.
Take care, that is an expert option for a reason.
Salam-Shalom,
Werner
--
Die Gedanken sind frei. Ausnahmen regelt ein Bundesgesetz.
More information about the Gnupg-users
mailing list