Forum: >>> Magnum BBS <<<

Dark
Log in

Username Password

PGP keys from certificates

From Ian@21:1/5 to All on Fri Jun 2 11:46:28 2017

Hi All,

Normally to generate a new keypair I'd use
pgp --gen-key [other options]
pgp --export 0xNewlyCreatedKey -o wibble.ToBeSentToTheFarEnd

However, I've got a set of instructions, which say:

openssl req -newkey rsa:2048 -keyout wibble.key -out wibble.csr

Get the csr signed by a cert authority, they send back wibble.crt

openssl pkcs12 -export \
-in wibble.crt \
-inkey wibble.key \
-certfile root.crt \
-certfile intermediate.crt \
-out wibble.p12

pgp --import wibble.p12

pgp --export 0xNewlyImportedKeyID -o wibble.ToBeSentToTheFarEnd

What does all this messing about with certificates do for us, that just generating a new keypair doesn't?

Thanks.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From [email protected]@21:1/5 to Ian on Wed Sep 27 19:39:03 2017

On Friday, June 2, 2017 at 4:46:33 AM UTC-6, Ian wrote:
[...]

pgp --gen-key [other options]
pgp --export 0xNewlyCreatedKey -o wibble.ToBeSentToTheFarEnd

Results in having only keys in the PGP system which of course is not saying whether you rely on web of trust at all but that's what you should do with these keys...

openssl req -newkey rsa:2048 -keyout wibble.key -out wibble.csr

Get the csr signed by a cert authority, they send back wibble.crt

openssl pkcs12 -export \
-in wibble.crt \
-inkey wibble.key \
-certfile root.crt \
-certfile intermediate.crt \
-out wibble.p12

pgp --import wibble.p12

pgp --export 0xNewlyImportedKeyID -o wibble.ToBeSentToTheFarEnd

Interestingly the difference is that you would I guess have the same key for SSL applications in addition to PGP. There is certainly no reason to do this extra work if they were not using the key later in OpenSSL as well as PGP which are different
systems.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

From [email protected]@21:1/5 to [email protected] on Thu Sep 28 12:02:28 2017

On Wednesday, September 27, 2017 at 8:39:04 PM UTC-6, [email protected] wrote: [...]

openssl pkcs12 -export \
-in wibble.crt \
-inkey wibble.key \
-certfile root.crt \
-certfile intermediate.crt \
-out wibble.p12

I should also have noted that this appears to add the CA signatures to the pkcs12 which is all imported to PGP. I didn't know they could take in signatures from authorities and put them in a system that was designed to use Web of Trust instead. Is this a
new commercial PGP feature? I use GnuPG and I've never imported a .p12 file so don't know if I can.

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Who's Online
Recent Visitors
- Bob Worm
  Mon Jun 8 16:33:22 2026
  from Wales, Uk via Telnet
- Bob Worm
  Mon Jun 8 14:11:46 2026
  from Wales, Uk via Telnet
- Krenn
  Mon Jun 8 11:22:02 2026
  from Sydney, Nsw via Telnet
- Bob Worm
  Mon Jun 8 08:26:26 2026
  from Wales, Uk via Telnet
- Spearb0y
  Mon Jun 8 06:51:02 2026
  from Massachusetts via SSH
- Krenn
  Mon Jun 8 05:45:38 2026
  from Sydney, Nsw via Telnet
- Bob Worm
  Sun Jun 7 20:58:28 2026
  from Wales, Uk via Telnet
- Michal Wronka
  Sun Jun 7 19:26:28 2026
  from Wroclaw, Poland via SSH

System Info

Sysop:	Keyop
Location:	Huddersfield, West Yorkshire, UK
Users:	715
Nodes:	16 (2 / 14)
Uptime:	27:15:45
Calls:	12,106
Calls today:	6
Files:	15,006
Messages:	6,518,211