I have a public key in a file called <code>key.pub</code>, and the contents look like: <pre class="prettyprint"><code>ssh-rsa AAAAB...<snip>...t+f klahnakoski </code></pre> I would like to to use it to encrypt a file with <code>gpg</code>. What is the sequence of shell commands required? I imagine the sequence looks something like: <ul> <li>convert key to gpg-friendly format</li> <li>invent some credentials to sign key with</li> <li>invent a user to facilitate adding key to keyring</li> <li>perform the encryption</li> </ul> Thank you!

RSA keys can only be used to encrypt a proportion of their key length. e.g. a 2048 bit RSA key can only be used to encrypt about 245 bytes. See: https://security.stackexchange.com/questions/33434/rsa-maximum-bytes-to-encrypt-comparison-to-aes-in-terms-of-security So to encrypt / decrypt large amounts of data (files) you would use a symmetric key which was encrypted using a public key, not the public key itself. Also, you wouldn't add a symmetric key to a public SSH key, because the the symmetric key is a secret, and the public SSH key isn't a secret. The symmetric key should be added to the private SSH key. It goes something like the following: To convert the file format, install the monkeysphere tool set (Ubuntu) <pre class="prettyprint"><code>sudo apt-get install monkeysphere </code></pre> Use the pem2openpgp tool to convert the private key to gpg format. Pipe to gpg for import. <pre class="prettyprint"><code>pem2openpgp userid-ssh@example.com < id_rsa | gpg --import # Check it's there gpg --list-secret-keys </code></pre> Edit the trust level you have in the key. <pre class="prettyprint"><code>gpg --edit-key userid-ssh@example.com gpg> trust </code></pre> Add the trust level you need (ultimate for example) The key imported is only suitable for creating certificates, not for signing or encryption. <h3>Encryption</h3> The key is an RSA key and can't be used to encrypt / decrypt large amounts of data. If you want to do that you have to add a symmetric encryption subkey. When you encrypt, GPG will use this subkey rather than the original SSH key. <pre class="prettyprint"><code>gpg> addkey Please select what kind of key you want: (3) DSA (sign only) (4) RSA (sign only) (5) Elgamal (encrypt only) (6) RSA (encrypt only) Your selection? 6 </code></pre> Now you can encrypt and decrypt using the identity based on the SSH key. <pre class="prettyprint"><code>gpg -vv -r userid-ssh@example.com -e -a unencrypted_file.txt </code></pre> So how useful is this? Well, it makes more sense to use GPG to generate and manage your SSH keys as authentication subkeys rather than trying to do it the other way round. In fact it can be integrated into SSH instead of ssh-agent.

How to gpg encrypt with ssh public key?

I have a public key in a file called key.pub, and the contents look like:

ssh-rsa AAAAB...<snip>...t+f klahnakoski

I would like to to use it to encrypt a file with gpg. What is the sequence of shell commands required?

I imagine the sequence looks something like:

convert key to gpg-friendly format
invent some credentials to sign key with
invent a user to facilitate adding key to keyring
perform the encryption

Thank you!

Can you use an SSH key for GPG?

In a new keyring, import your existing GPG key. Import the SSH key as a new standalone GPG key. Add the SSH key as a subkey of your GPG key. Please specify how long the key should be valid.

Can you encrypt a file with SSH key?

If you have someone's public SSH key, you can use OpenSSL to safely encrypt a file and send it to them over an insecure connection (i.e. the internet).

RSA keys can only be used to encrypt a proportion of their key length. e.g. a 2048 bit RSA key can only be used to encrypt about 245 bytes.

See:

https://security.stackexchange.com/questions/33434/rsa-maximum-bytes-to-encrypt-comparison-to-aes-in-terms-of-security

So to encrypt / decrypt large amounts of data (files) you would use a symmetric key which was encrypted using a public key, not the public key itself.

Also, you wouldn't add a symmetric key to a public SSH key, because the the symmetric key is a secret, and the public SSH key isn't a secret. The symmetric key should be added to the private SSH key.

It goes something like the following:

To convert the file format, install the monkeysphere tool set (Ubuntu)

sudo apt-get install monkeysphere

Use the pem2openpgp tool to convert the private key to gpg format. Pipe to gpg for import.

pem2openpgp [email protected] < id_rsa | gpg --import

# Check it's there
gpg --list-secret-keys

Edit the trust level you have in the key.

gpg --edit-key [email protected]
gpg> trust

Add the trust level you need (ultimate for example)

The key imported is only suitable for creating certificates, not for signing or encryption.

Encryption

The key is an RSA key and can't be used to encrypt / decrypt large amounts of data. If you want to do that you have to add a symmetric encryption subkey. When you encrypt, GPG will use this subkey rather than the original SSH key.

gpg> addkey
Please select what kind of key you want:
   (3) DSA (sign only)
   (4) RSA (sign only)
   (5) Elgamal (encrypt only)
   (6) RSA (encrypt only)
Your selection? 6

Now you can encrypt and decrypt using the identity based on the SSH key.

gpg -vv -r [email protected] -e -a unencrypted_file.txt

So how useful is this?

Well, it makes more sense to use GPG to generate and manage your SSH keys as authentication subkeys rather than trying to do it the other way round. In fact it can be integrated into SSH instead of ssh-agent.

Probably ssh-vault could give you some ideas, it follows the same principle of PGP and using the public ssh keys to encrypt the password only.

How to gpg encrypt with ssh public key?

Tags:

ssh

public-key-encryption

gnupg

ekyle

People also ask

2 Answers

Encryption

Colin

nbari

Recent Activity

Donate For Us

How to gpg encrypt with ssh public key?

Tags:

ssh

public-key-encryption

gnupg

ekyle

People also ask

2 Answers

Encryption

Colin

nbari

Related questions

Recent Activity

Donate For Us