Protect exported PGP keys with a passphrase.įor more details about PGP, refer to the blog PGP with secrets in the cloud.Support custom expiration timestamps ( -expires, -expires-in).Support auth credentials as options ( -api-key, -client-cert, -app-uuid).Support key import ( sq-dsm key dsm-import).Reflect PGP key deactivation date in Fortanix DSM objects.Unlock PKCS12 identity with FORTANIX_PKCS12_PASSPHRASE.Unlock PKCS12 identity with -pkcs12-passphrase.Make sure that the RSA Padding policy allows PKCS1v15, as dictated by RFC4880bis. Use a different Security Object name, for example, use a different value for the -dsm-key option.Įrror: dsm client could not create sobjectĮrror: Given RSA key policy not allowed by policy Make sure that the proxy is reachable, and check the proxy logs. If you are using an http proxy, also make sure that the http_proxy is set, and the DSM API endpoint is not in the no_proxy list ( env | grep proxy). Make sure that the API key is correct ( env | grep FORTANIX). You can import someones public key in a variety of ways. Neither HTTP Basic header nor client certificate was provided GPG would be pretty useless if you could not accept other public keys from people you wished to communicate with. Set FORTANIX_API_ENDPOINT and FORTANIX_API_KEYĪuthentication failed. See the test runs on the Fortanix GitHub repository for more example usages, such as exporting secrets and importing them into a local gpg keyring. Given a valid PGP key, you can import it into Fortanix DSM with the dsm-import sub-command: sq-dsm key dsm-import -dsm-key= "Alice " < existing_ pgp_private_key.asc More Examples $ sq-dsm decrypt -recipient-key=charlie.asc -signer-cert=alice.asc -signer-cert=bob.sec to_charlie.asc $ sq-dsm encrypt -recipient-cert=charlie.asc -signer-dsm-key=alice -signer-key=bob.sec msg.txt > to_charlie.asc sq-dsm and can be composed with several commands.
FORTANIX_APP_UUID, the UUID of your DSM app, for certificate-based authentication (for example, this environment variable is used together with FORTANIX_PKCS12_ID). gpg -export-secret-key -a KEYUID > private key That’s all, your GPG key was successfully exported and you are ready to import it on your new computer.
#Gpg suite import existing key password
If a password is set for the PKCS12 file, then sq-dsm will ask for it on each key usage (which can happen several times on one PGP operation). Openssl pkcs12 -export -out identity.pfx -inkey private.key -in public.crt Given a PKCS8 pair private.key and public.crt, the public certificate needs to be configured in Fortanix DSM for your app, and the PKCS12 file can be generated with the following command.
0 kommentar(er)
