|
Unix VPS
Support
FAQ
Network
Miscellaneous
|
| PEM2OPENPGP(1) | FreeBSD General Commands Manual | PEM2OPENPGP(1) |
NAME
pem2openpgp —SYNOPSIS
pem2openpgp $USERID < mykey.pem | gpg
--import |
PEM2OPENPGP_EXPIRATION=$((86400 * $DAYS))
PEM2OPENPGP_USAGE_FLAGS=authenticate,certify pem2openpgp $USERID
<mykey.pem |
DESCRIPTION
pem2openpgp $USERID < mykey.pem | gpg --import is a
low-level utility for transforming raw, PEM-encoded RSA secret keys into
OpenPGP-formatted certificates. The generated certificates include the secret
key material, so they should be handled carefully.
It works as an element within a pipeline: feed it the raw key on stdin, supply the desired User ID as a command line argument. Note that you may need to quote the string to ensure that it is entirely in a single argument.
Other choices about how to generate the new OpenPGP certificate are governed by environment variables.
ENVIRONMENT
The following environment variables influence the behavior ofpem2openpgp $USERID < mykey.pem | gpg --import:
PEM2OPENPGP_TIMESTAMP controls the timestamp (measured in
seconds since the UNIX epoch) indicated as the creation time (a.k.a
"not valid before") of the generated certificate (self-signature)
and the key itself. By default, pem2openpgp $USERID <
mykey.pem | gpg --import uses the current time.
PEM2OPENPGP_KEY_TIMESTAMP controls the timestamp (measured
in seconds since the UNIX epoch) indicated as the creation time of just the
key itself (not the self-signature). By default,
pem2openpgp $USERID < mykey.pem | gpg --import
uses the value from PEM2OPENPGP_TIMESTAMP.
PEM2OPENPGP_USAGE_FLAGS should contain a comma-separated
list of valid OpenPGP usage flags (see section 5.2.3.21 of RFC 4880 for what
these mean). The available choices are: certify, sign, encrypt_comms,
encrypt_storage, encrypt (this means both encrypt_comms and
encrypt_storage), authenticate, split, shared. By default,
pem2openpgp $USERID < mykey.pem | gpg --import
only sets the certify flag.
PEM2OPENPGP_EXPIRATION sets an expiration (measured in seconds after the creation time of the key) in each self-signature packet. By default, no expiration subpacket is included.
PEM2OPENPGP_NEWKEY indicates that
pem2openpgp $USERID < mykey.pem | gpg --import
should ignore stdin, and instead generate a new key internally and build the
certificate based on this new key. Set this variable to the number of bits
for the new RSA key (e.g. 3072). By default (when this is unset),
pem2openpgp $USERID < mykey.pem | gpg --import
will read the key from stdin.
AUTHOR
pem2openpgp $USERID < mykey.pem | gpg --import and
this man page were written by Daniel Kahn Gillmor
<dkg@fifthhorseman.net>.
BUGS
Only handles RSA keys at the moment. It might be nice to handle DSA keys as well.Currently only creates certificates with a single User ID. Should be able to create certificates with multiple User IDs.
Currently only accepts unencrypted RSA keys. It should be able to deal with passphrase-locked key material.
Currently outputs OpenPGP certificates with cleartext secret key material. It would be good to be able to lock the output with a passphrase.
If you find other bugs, please report them at https://labs.riseup.net/code/projects/show/monkeysphere
SEE ALSO
openpgp2ssh(1), monkeysphere(1), monkeysphere(7), ssh(1), monkeysphere-host(8), monkeysphere-authentication(8)| $Mdocdate: Jan 22, 2019 $ | FreeBSD 13.1-RELEASE |
Visit the GSP FreeBSD Man Page Interface.
Output converted with ManDoc.