Menu
Article

import existing ssh keys into gpg

Viktor Hedefalk

Viktor Hedefalk

• 1 min read

Really just condensing: https://opensource.com/article/19/4/gpg-subkeys-ssh-multiples

arch -arm64e brew install monkeysphere

gpg -a --export-secret-keys hedefalk > my_gpg_key.asc 

# create a temp area for gpg
mkdir temp_gpg
chmod go-rwx temp_gpg/ 

# import
gpg --homedir temp_gpg --import my_gpg_key.asc  

#verify:
gpg -K --homedir temp_gpg

# import the ssh key
arch -arm64e pem2openpgp temporary_id < ~/.ssh/some_key  | gpg --import --homedir temp_gpg/

#verify import (take note of keygrip):
gpg -K --with-keygrip --homedir temp_gpg 

# make it a subkey:
gpg --homedir temp_gpg --expert --edit-key hedefalk

>addKey
>13 (existing key)
enter keygrep of new key
toggle: s e a (only auth)
create
save

# export
gpg --homedir temp_gpg -a --export-secret-keys hedefalk > my_new_gpg_key.asc

# import
gpg --import my_new_gpg_key.asc   

# verify 
gpg -K --with-keygrip

# add it to ssh-control
echo [keygrip] >> ~/.gnupg/sshcontrol

# cleanup
rm -rf temp_gpg

Now I can remove some_key and still ssh into any server that has it in authorized_keys. (providing I already setup ssh over gpg that is)

Share