Creating a new PGP key from your X.509 cert

This document was created for use with PGP 8.1

/!\ IMPORTANT: If you are using a smartcard do this BEFORE importing your new cert to your smartcard, PGP will fail with "Key already exists" if you try to send your new PGP key to your smartcard if the cert is already there.

  1. Create your new cert
  2. Export it to a p12 or PFX file
  3. import it into PGP
  4. opening PGPKeys
  5. choose the "keys" menu
  6. choose "import" from that menu
  7. choose the file
  8. click "open"
  9. enter the passphrase for the cert if necessary.

/!\ NOTE: At this point you will receive a message saying "some of the keys imported are private keys. Trust values on these keys must be set manually via the Key Properties dialog.

You now have a PGP version of your cert, or if you choose to look at it another way, you have made a PGP keypair that is signed by your cert. However it is only good for signing.

  1. right click on the key, choose "key properties"
  2. click the "implicit trust" check box
  3. click "close"
  4. right click on your new key
  5. Choose "sign"
  6. click the checkbox that says "Allow signature to be exported. Others may rely upon your signature".
  7. Click OK
  8. If your keyring contains more than a single private key you will have to choose the key you are using.
  9. enter the passphrase for the cert if necessary
  10. click "ok"

NOTE: You now have a key that can be exported and used in GPG

/!\ IF YOU WANT TO USE THIS KEY FOR ENCRYPTION YOU MAY CONTINUE ON, otherwise skip to "IF YOU ARE USING A SMARTCARD"

  1. Right click on the key and choose "Key Properties"
  2. choose the "subkeys" tab
  3. push the "new" button
  4. choose the new key size, start date and expiration date
  5. click "ok"
  6. click "close"

/!\ IF YOU ARE USING A SMARTCARD: If you wish to keep a backup of the key, EXPORT THE KEYPAIR AND STORE IT IN A SAFE LOCATION, AS ONCE IT IS IMPORTED TO THE SMARTCARD YOU WILL NOT BE ABLE TO GET THE PRIVATE KEYS BACK OFF THE CARD.

  1. Right click on your key and choose "send to" > "smart card"

  2. Answer "yes" to the question "Do you want to delete the local copy of the private key"

You may now import your cert to your smartcard without issue.


ConvertingCertificateToPgp (last edited 2016-05-05 09:20:47 by AlesKastner)