How to convert X509 certificate and private key in PEM format to GPG format?

Question

I have an X509 certificate (chain) and private key in PEM format. I need to convert them to GPG format so I can use them for signing. How can I do that?

I tried gpgsm, but the keys still don't appear on gpg list of keys.

Please, advise.

Answer 1

From my article

Steps

1. Break the pfx (p12) into pem files that can be used. For some reason, GPG can't handle standard encoding.

   openssl pkcs12 -in sectigo.pfx  -nokeys -out gpg-certs.pem
   openssl pkcs12 -in sectigo.pfx -nocerts -out gpg-key.pem
   

2. Combine the keys into something GPG recognizes

   openssl pkcs12 -export -in gpg-certs.pem -inkey gpg-key.pem -out gpg-key.p12
   

3. Import into GPG

   gpgsm --import gpg-key.p12
   

4. At this point we have the p12 imported, and we can see it in Kleopatra, but we can’t use it for PGP operations.

   cat gpg-key.pem | PEM2OPENPGP_USAGE_FLAGS=authenticate pem2openpgp "Your Name <[email protected]>" > key.pgp
   

5. Now!!!! We have a pgp key, and when you import the key.pgp into GPG it will absolutely have the same key as your certificate.

   gpg --import key.pgp