8

i have a pgp public/private (RSA) key pair that my friends trust. i have a webserver running and i'd like to generate an ssl certificate whose public key matches my pgp public key.

does that make any sense ? is that possible ? is that safe ?

Sam Goto
  • 475
  • 6
  • 11
  • For what sake do you need that? Physically, it will be the same key, but you will not make any use of that. – Nickolay Olshevsky Nov 12 '10 at 17:34
  • Though both are a form of public-key cryptography, they are different. See http://forums.comodo.com/digital-certificates-encryption-and-digital-signing/what-is-the-difference-between-ssl-public-key-and-pgp-public-key-t21909.0.html – Eugene Oct 31 '10 at 00:59
  • Yep, understood that they serve different purposes (packaging and intended usage). The question, however, is whether you can use the same public key for both cases. – Sam Goto Oct 31 '10 at 17:02
  • That link is quite confusing, what a lot of people call "PGP public keys" are in fact certificates: http://www.pgpi.org/doc/pgpintro/ (This being said, the purpose of a PGP certificate and that of an X.509 certificate are different indeed.) – Bruno Oct 31 '10 at 21:34

2 Answers2

8

If the key format in your PGP key is supported in the X.509 format too, it's possible. RSA is one of them.

Here is a Java implementation that turns a PGP certificate into a self-signed X.509 certificate, using BouncyCastle (You'll need to load the BouncyCastle security provider before loading it).

Note that what most people call a PGP public key is in fact a PGP certificate. The public key itself is the RSA key (or other format) which is contained within those certificates. Hence it's possible to take the key material and use it in the other. However, by doing so, you lose the information that makes the PGP certificate a certificate: the binding of the key to an identity and the signatures added by others (following the PGP model).

You could potentially put the extra information of the PGP certificate into your own extension in the X.509 certificate perhaps.

Whether it makes sense to do so probably depends on what you want to achieve. Re-using the same key material more or less implies that "you" (ID behind the PGP certificate) and your webserver become one and the same, since if one private key is compromised, so is the other (Apache Httpd, for example, requires the private key not to be password-protected when they're stored on the server, although it would often only be accessible by the root user). In addition, this probably won't help much your visitors who're going to visit the website, unless they want to dig within the "unknown certificate" warning box to check the public key matches yours (which they may know).

Bruno
  • 119,590
  • 31
  • 270
  • 376
  • that was the answer i was looking for bruno! it validates what i had in mind and brings up the difference between certificates and identity. thanks! – Sam Goto Nov 01 '10 at 15:58
  • If you create one RSA key that your server uses as its X.509 certificate, and you use your personal PGP key to sign your server key, showing that you trust your own server, then shouldn't the web of trust let your friends trust your server? I believe that's more or less how monkeysphere (mentioned by http://stackoverflow.com/a/7629599/69663) works. – unhammer Oct 16 '12 at 10:34
  • 1
    @unhammer, you need a way to present it. Browsers only use X.509 certificates. (There is a spec for using OpenPGP certs with TLS directly, but there's very few implementations.) It's never just the key that you sign, but the binding between the identity and the key. It wouldn't make sense to sign the key independently of the server's identity and other attributes, that would effectively be a distinct certificate. There are other problems with the WoT model unfortunately: the models can quickly become very complex. – Bruno Oct 16 '12 at 10:49
  • As a bonus, check this http://crypto.stackexchange.com/q/11582/9284 for how to certify that a certificate matches the corresponding PGP key. – Daniele Ricci Jun 23 '15 at 15:54
  • @DanieleRicci, yes, there was a point in the early FOAF+SSL experiments where some of the code had store the entire PGP key (including its signatures) as a blob of binary data in a custom extension. Not sure where that code remains. – Bruno Jun 23 '15 at 16:02
  • @Bruno I know, I'm currently using a derivation of that code in my project :-) – Daniele Ricci Jun 23 '15 at 16:03
4

Checkout the MonkeySphere project: http://web.monkeysphere.info/

Instructions for how to generate your SSL cert: http://web.monkeysphere.info/doc/host-keys/

and it has a firefox extension, so your friends can verify it through your PGP key.

Schuyler
  • 71
  • 3