====== PGP ======
Via [[https://fr.wikipedia.org/wiki/Pretty_Good_Privacy|Wikipedia]] : //''Pretty Good Privacy (en français : « assez bonne confidentialité »), plus connu sous le sigle PGP, est un logiciel de chiffrement cryptographique, développé et diffusé aux États-Unis par Philip Zimmermann en 1991.''//
====== GPG ======
Via [[https://fr.wikipedia.org/wiki/GNU_Privacy_Guard|Wikipedia]] : //''GnuPG (ou GPG, de l'anglais GNU Privacy Guard) est l'implémentation GNU du standard OpenPGP défini dans la RFC 48806, distribuée selon les termes de la licence publique générale GNU.''//

Via [[http://blog.dasroot.net/2015-gpg-made-a-comeback-in-my-workflow.html]] :
<code>{{:applications:gpg-cheat-sheet.png?nolink|}}</code>
====== Conversion de clés ======
Via : http://sysmic.org/dotclear/index.php?post/2010/03/24/Convert-keys-betweens-GnuPG%2C-OpenSsh-and-OpenSSL
==== OpenSSH to OpenSSL ====
OpenSSH private keys are directly understable by OpenSSL. You can test for example:

<code bash>openssl rsa -in ~/.ssh/id_rsa -text
openssl dsa -in ~/.ssh/id_dsa -text</code>

So, you can directly use it to create a certification request:

<code bash>openssl req -new -key ~/.ssh/id_dsa -out myid.csr</code>

You can also use your ssh key to create a sef-signed certificate:

<code bash>openssl x509 -req -days 3650 -in myid.csr -signkey ~/.ssh/id_rsa -out myid.crt</code>

Notice I have not found how to manipulate ssh public key with OpenSSL
==== OpenSSL to OpenSSH ====

Private keys format is same between OpenSSL and OpenSSH. So you just a have to rename your OpenSSL key:

<code bash>cp myid.key id_rsa</code>

In OpenSSL, there is no specific file for public key (public keys are generally embeded in certificates). However, you extract public key from private key file:

<code bash>ssh-keygen -y -f  myid.key > id_rsa.pub</code>

==== GnuPG to OpenSSH ====

The best way is to use openpgp2ssh tool distributed in with monkeyshpere project:

<code bash>gpg --export-options export-reset-subkey-passwd,export-minimal,no-export-attributes --export-secret-keys --no-armor 0x01234567! | openpgp2ssh 01234567 > id_rsa</code>

Notice 0x01234567 must be a RSA key (or subkey).

You can now extract ssh public key using:

<code bash>ssh-keygen -y -f id_rsa > id_rsa.pub</code>

==== GnuPG to OpenSSL ====

We already saw all steps. Extract key as for ssh:

<code bash>gpg --export-options export-reset-subkey-passwd,export-minimal,no-export-attributes --export-secret-keys --no-armor 0x01234567! | openpgp2ssh 01234567 > myid.key</code>

You can create a certification request:

<code bash>openssl req -new -key myid.key -out myid.csr</code>

You can create a sef-signed certificate:

<code bash>openssl x509 -req -days 3650 -in myid.csr -signkey myid.key -out myid.crt</code>

==== GnuPG S/MIME to OpenSSL ====

Gpgsm utility can exports keys and certificate in PCSC12:

<code bash>gpgsm -o  secret-gpg-key.p12 --export-secret-key-p12 0xXXXXXXXX</code>

You have to extract Key and Certificates separatly:

<code bash>openssl pkcs12 -in secret-gpg-key.p12 -nocerts -out gpg-key.pem
openssl pkcs12 -in secret-gpg-key.p12 -nokeys -out gpg-certs.pem</code>

You can now use it in OpenSSL.

You can also do similar thing with GnuPG public keys. There will be only certificates output.
==== OpenSSL to GnuPG S/MIME ====

Invert process:

<code bash>openssl pkcs12 -export -in gpg-certs.pem -inkey gpg-key.pem -out gpg-key.p12
gpgsm --import gpg-key.p12</code>

==== GnuPG S/MIME to OpenSSH ====

Now, chain processes:

<code bash>gpgsm -o  secret-gpg-key.p12 --export-secret-key-p12 0xXXXXXXXX
openssl pkcs12 -in secret-gpg-key.p12 -nocerts -out gpg-key.pem</code>

We need to protect key, else ssh refuse it.

<code bash>chmod 600 gpg-key.pem
cp gpg-key.pem ~/.ssh/id_rsa
ssh-keygen -y -f gpg-key.pem > ~/.ssh/id_rsa.pub</code>

==== OpenSSH to GnuPG S/MIME ====

First we need to create a certificate (self-signed) for our ssh key:

<code bash>openssl req -new -x509 -key ~/.ssh/id_rsa -out ssh-cert.pem</code>

We can now import it in GnuPG

<code bash>openssl pkcs12 -export -in ssh-certs.pem -inkey ~/.ssh/id_rsa -out ssh-key.p12
gpgsm --import ssh-key.p12</code>

''Notice you cannot import/export DSA ssh keys to/from GnuPG.''
====== Ressources ======
  * https://www.gpg4win.org
  * https://www.enigmail.net/index.php/en/
  * https://keybase.io
  * https://riseup.net/fr/security/message-security/openpgp/best-practices
  * https://www.22decembre.eu/2015/03/21/introduction-fr/
  * https://www.howtoforge.com/thunderbird-email-encryption-with-gnupg2
  * https://www.nextinpact.com/news/98374-gnupg-creation-votre-premiere-paire-clefs-et-chiffrement-dun-fichier.htm
  * https://www.nextinpact.com/news/102685-gpg-comment-creer-paire-clefs-presque-parfaite.htm