Using ssh key pair to encrypt files

Is it possible to encrypt a text file using a ssh key pair using gnupg? Where I work we already have our pair created and will be very useful to use these keys to send encrypted files. Thanks!


Solution 1:

In terms of security, it is highly not recommended to use the same keypair for authentication and data encryption. For example, if a key used for authentication is compromised, it would also reveal all data previously encrypted with it. (I'm not good at at all when it comes to cryptography, but I believe there are several problems from that side as well.)

Besides, generating a second key takes less 10 seconds (and that on a five-year-old computer).


It is technically possible to encrypt data using a SSH keypair, although as @DavidSchwartz noted, only RSA keys can be used for this – DSA and ECDSA can only be used for signing.

However, it doesn't mean you can simply import the key into GnuPG and expect it to work. This post shows a few differences between PGP certificates used by GnuPG and bare RSA keys used by SSH; in short, GnuPG "keys" contain a lot more information than just RSA parameters, and there simply aren't any tools written that could wrap an existing key in a GPG certificate – primarily to avoid the security issues.

The "other" email encryption standard, S/MIME, uses a simpler certificate format (X.509) and there are widely available tools for creating a certificate based on an existing RSA key. Finally, you could ditch existing standards and roll your own, using plain old RSA functions to encrypt, which are available for practically every programming language and even as shell commands via openssl. Digging their own grave is left as an exercise to the reader.