X-Git-Url: https://codewiz.org/gitweb?a=blobdiff_plain;f=man%2Fman1%2Fopenpgp2ssh.1;h=304a442577b3f60e3765737b999a8d87688bda8c;hb=072e05ac7a9872edc3a3e18e103bbba2706254bf;hp=1a02b3819393f386a17ae54392261670e8ecaa19;hpb=6f2d6f78cd11231d6f7ffd6361812b1bd49a4c34;p=monkeysphere.git diff --git a/man/man1/openpgp2ssh.1 b/man/man1/openpgp2ssh.1 index 1a02b38..304a442 100644 --- a/man/man1/openpgp2ssh.1 +++ b/man/man1/openpgp2ssh.1 @@ -1,5 +1,5 @@ .\" -*- nroff -*- -.Dd $Mdocdate: June 11, 2008 $ +.Dd $Mdocdate: March 1, 2009 $ .Dt OPENPGP2SSH 1 .Os .Sh NAME @@ -7,75 +7,88 @@ openpgp2ssh .Nd translate OpenPGP keys to SSH keys .Sh SYNOPSIS .Nm openpgp2ssh < mykey.gpg - -.Nm gpg --export $KEYID | openpgp2ssh $KEYID - -.Nm gpg --export-secret-key $KEYID | openpgp2ssh $KEYID +.Pp +.Nm gpg \-\-export $KEYID | openpgp2ssh $KEYID +.Pp +.Nm gpg \-\-export\-secret\-key $KEYID | openpgp2ssh $KEYID .Sh DESCRIPTION -openpgp2ssh takes an OpenPGP-formatted primary key and associated +.Nm +takes an OpenPGP-formatted primary key and associated subkeys on standard input, and spits out the requested equivalent SSH-style key on standard output. - +.Pp If the data on standard input contains no subkeys, you can invoke -openpgp2ssh without arguments. If the data on standard input contains -multiple keys (e.g. a primary key and associated subkeys), you must -specify a specific OpenPGP keyid (e.g. CCD2ED94D21739E9) or -fingerprint as the first argument to indicate which key to export. -The keyid must be exactly 16 hex characters. - -If the input contains an OpenPGP RSA or DSA public key, it will be -converted to the OpenSSH-style single-line keystring, prefixed with -the key type. This format is suitable (with minor alterations) for +.Nm +without arguments. If the data on standard input contains multiple +keys (e.g. a primary key and associated subkeys), you must specify a +specific OpenPGP key identifier as the first argument to indicate +which key to export. The key ID is normally the 40 hex digit OpenPGP +fingerprint of the key or subkey desired, but +.Nm +will accept as few as the last 8 digits of the fingerprint as a key +ID. +.Pp +If the input contains an OpenPGP RSA public key, it will be converted +to the OpenSSH-style single-line keystring, prefixed with the key type +(`ssh\-rsa'). This format is suitable (with minor alterations) for insertion into known_hosts files and authorized_keys files. - -If the input contains an OpenPGP RSA or DSA secret key, it will be -converted to the equivalent PEM-encoded private key. - -openpgp2ssh is part of the -.Xr monkeysphere 1 +.Pp +If the input contains an OpenPGP RSA secret key, it will be converted +to the equivalent PEM-encoded private key. +.Pp +.Nm +is part of the +.Xr monkeysphere 7 framework for providing a PKI for SSH. .Sh CAVEATS The keys produced by this process are stripped of all identifying information, including certifications, self-signatures, etc. This is intentional, since ssh attaches no inherent significance to these features. - -openpgp2ssh only works with RSA or DSA keys, because those are the -only ones which work with ssh. - -Assuming a valid key type, though, openpgp2ssh will produce output for -any requested key. This means, among other things, that it will -happily export revoked keys, unverifiable keys, expired keys, etc. -Make sure you do your own key validation before using this tool! +.Pp +.Nm +will produce output for any requested RSA key. This means, among +other things, that it will happily export revoked keys, unverifiable +keys, expired keys, etc. Make sure you do your own key validation +before using this tool! .Sh EXAMPLES -.Nm gpg --export-secret-key $KEYID | openpgp2ssh $KEYID | ssh-add -c /dev/stdin - +.Nm gpg \-\-export\-secret\-key $KEYID | openpgp2ssh $KEYID | ssh\-add \-c /dev/stdin +.Pp This pushes the secret key into the active -.Xr ssh-agent 1 . +.Xr ssh\-agent 1 . Tools such as .Xr ssh 1 which know how to talk to the -.Xr ssh-agent 1 +.Xr ssh\-agent 1 can now rely on the key. .Sh AUTHOR -openpgp2ssh and this man page were written by Daniel Kahn Gillmor +.Nm +and this man page were written by Daniel Kahn Gillmor . .Sh BUGS -openpgp2ssh currently only exports into formats used by the OpenSSH. +.Nm +only works with RSA keys. DSA keys are the only other key type +available in both OpenPGP and SSH, but they are currently unsupported +by this utility. +.Pp +.Nm +only accepts raw OpenPGP packets on standard input. It does not +accept ASCII-armored input. +.Nm +Currently only exports into formats used by the OpenSSH. It should support other key output formats, such as those used by -lsh(1) and putty(1). - +.Xr lsh 1 +and +.Xr putty 1 . +.Pp Secret key output is currently not passphrase-protected. - -openpgp2ssh currently cannot handle passphrase-protected secret keys on input. - -It would be nice to be able to use keyids shorter or longer than 16 -hex characters. - -openpgp2ssh only acts on keys associated with the first primary key -passed in. If you send it more than one primary key, it will silently -ignore later ones. +.Pp +.Nm +currently cannot handle passphrase-protected secret keys on input. .Sh SEE ALSO +.Xr pem2openpgp 1 , .Xr monkeysphere 1 , +.Xr monkeysphere 7 , .Xr ssh 1 , -.Xr monkeysphere-server 8 +.Xr monkeysphere-authentication 8 , +.Xr monkeysphere-host 8