How do I import a RSA SSH key into GPG as the _primary_ private key?

Solution 1:

The simple answer is: You don't.

SSH keys and GnuPG (actually, OpenPGP) keys are completely different, even though both protocols can use RSA key pairs.

And besides, why would you want to do it? Even if you were to use the same key material to make up your PGP key, you'd still need to distribute your key as a PGP key. You likely haven't been distributing your SSH public key to the people you correspond with, so from a key distribution point of view there is no difference: they will need to receive a public key from you. And even if you have been distributing your SSH public key to other people, they would need to take some additional steps to be able to import it into their OpenPGP implementation, which may or may not be easy.

As kasperd quite righly pointed out, there must be only one way to interpret (particularly) a signature. If you were to use the same key for both PGP and SSH, if someone could trick you into signing a specially crafted message (which is an assumed capability in certain signature system attacks) in one, then even if both systems are secure in isolation it might be possible to craft such a message in a way that has one meaning in one of the systems, but a different meaning in the other. That, in itself, would be a vulnerability. (Exploitable? Who knows. But why take the chance?)

Both PGP and SSH key pairs are long-term keys, which are used to secure ephemeral (message and session) symmetric keys, as well as verify authenticity of a remote party. That makes the PGP or SSH private key a much higher value target for an attacker than the corresponding symmetric key. If you use the same key material for both, and an attacker is able to realize that, it only increases the value of a successful attack on that key pair.

Without having looked at either protocol in detail, I imagine that recognizing that the same key material is being used in both would likely be fairly trivial, since the public key is basically transmitted in the clear.

Just generate a new PGP key. If you want to, then make it RSA and of the same length as your SSH key. (No sane person is going to look much closer at it than verifying the fingerprint anyway.) Then distribute the public key to the people you wish to correspond with, as a PGP key. It will be much easier for everyone, and very likely safer, at the cost of a small amount of entropy from your system's random entropy pool which should be quickly replenished anyway.

If you have multiple keys on your secret keyring and want to specify which one should be used by default, use the default-key and possibly default-recipient{,-self} directives in your ~/.gnupg/gnupg.conf.

Solution 2:

You can convert a SSH-Key to a OpenPGP key with the tool pem2openpgp from the monkeysphere project. This key can then be imported by gnupg as a regular private/public key pair. As the other answer mentions this is usually not a good idea because ssh has no concept of certificates, so you are effectively adding a capability to an existing key that it could not have had before. This is generally a no-go in cryptography.

I did it anyway with one of my ssh keys but I added the key pair to my other OpenPGP key as a subkey that has only one capability flag: authentication. This flag is meant for situations like this, where you do not want to sign or encrypt anything with a key pair (meaning --encrypt and --sign options for gnupg) but you want to have it in your keybox for authentication with OpenSSH and the gnupg-agent anyway.

For more details see the monkeysphere documentation.

Solution 3:

There can be good reasons to convert a regular PKCS-format key for import into gpg.

For example, if you want to put it onto a smart card. The facilities gpg provides with its card-info and card-edit commands are very helpful for this purpose, so why not use it as a tool? The only hurdle one needs to over come is... exactly: importing the key from the standard PKCS#8 format (or "raw" RSA PKCS#1 format) into the gpg key store for further processing.

So - note my objection to the approved answer! :)

An actually helpful answer to this sort of question is found here: