Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

is it possible to create an ssl certificate out of a pgp public/private key? [closed]

i have a pgp public/private (RSA) key pair that my friends trust. i have a webserver running and i'd like to generate an ssl certificate whose public key matches my pgp public key.

does that make any sense ? is that possible ? is that safe ?

like image 859
Sam Goto Avatar asked Oct 31 '10 00:10

Sam Goto


1 Answers

If the key format in your PGP key is supported in the X.509 format too, it's possible. RSA is one of them.

Here is a Java implementation that turns a PGP certificate into a self-signed X.509 certificate, using BouncyCastle (You'll need to load the BouncyCastle security provider before loading it).

Note that what most people call a PGP public key is in fact a PGP certificate. The public key itself is the RSA key (or other format) which is contained within those certificates. Hence it's possible to take the key material and use it in the other. However, by doing so, you lose the information that makes the PGP certificate a certificate: the binding of the key to an identity and the signatures added by others (following the PGP model).

You could potentially put the extra information of the PGP certificate into your own extension in the X.509 certificate perhaps.

Whether it makes sense to do so probably depends on what you want to achieve. Re-using the same key material more or less implies that "you" (ID behind the PGP certificate) and your webserver become one and the same, since if one private key is compromised, so is the other (Apache Httpd, for example, requires the private key not to be password-protected when they're stored on the server, although it would often only be accessible by the root user). In addition, this probably won't help much your visitors who're going to visit the website, unless they want to dig within the "unknown certificate" warning box to check the public key matches yours (which they may know).

like image 145
Bruno Avatar answered Oct 22 '22 07:10

Bruno