Enscand, Inc.

PGP to GPG Key Export

This howto is for people who are using PGP for encrypting files and/or email, and want to be able to use the same set of keys when using GPG. This is a common use case when working on both Windows® and Linux/UN*X platforms. The impetus for this exercise was using Ilohamail to provide a webmail front end. Ilohamail provides basic support for encrypted email, which is to say that it will make system calls to gpg to perform the encryption/decryption.

My Configuration

So you know what versions of software I was using with this process, here they are: 

PGP Commercial Version 8.0 for Windows 2000 Pro

collette:/home/nscan # rpm --query gpg
gpg-1.0.7-82
collette:/home/nscan # uname
Linux
collette:/home/nscan # uname -r
2.4.21-261-collette


Prerequisites

This howto assumes you have installed both PGP for Windows and GPG on Un*x, and have generated a key pair in PGP. If you are interested in the ilohamail portion, then it assumes you have installed that, too, and you know where the data/gpg directory is. NOTE: follow the gpg instructions regarding running gpg setuid to avoid insecure memory access: 

gpg: Warning: using insecure memory!
gpg: please see http://www.gnupg.org/faq.html for more information
and if using PHP ilohamail also make sure the owner of the webserver process is authorized to use your private key!


Steps

1) First step, find your secring and pubring from PGP (they should be called secring.skr and pubring.pkr or something like that ... the extensions are correct but your rings' filenames may be different) and copy them to your linux box, or wherever you have gpg installed. Then, use 

gpg --import secring.skr
and repeat with your pubring file, pubring.pkr. GPG will automatically detect whether it's a public key or a private key and put it in the right gnupg keyring.

2) Next, is configuring ilohamail. It's actually quite simple. The only problem is, you have to give read access to your keyrings to whatever user the httpd is running on. The way I did this is to use a separate directory, i.e. one inside the ilohamail's root dir ($ILOHAMAIL_ROOT = /var/www/ilohamail/). The directory is in
$ILOHAMAIL_ROOT/data/gpg/username.localhost
(where username is whatever user you're logged into ilohamail as). In there you can copy your pubring.gpg, secring.gpg and trustdb.gpg. The webserver needs to have read access to all three files. I chmod'ed mine to 400 (read only for user only) for wwwrun.wwwrun... but that would be changed to the 'user.group' of your webserver process.

3) Last, make sure ilohamail is set to use that directory instead of your home directory. The setting is in $ILOHAMAIL_ROOT/conf/conf.inc, at the bottom. Make sure 

$GPG_ENABLE=1; 
$GPG_HOME_STR = "../data/gpg/%u.%h";
and the gpg path points to your gpg.

That should be it... whenever you get an email that has the ---------BEGIN PGP MESSAGE-------- header it will prompt for the password to encrypt/decrypt with the private key (it detects which private key to use), submit and viola!


Copyright © 2003-2024 Enscand, Inc.
All Rights Reserved