Use case in Certificate Manager: Import PGP Certification Keys
This article is valid for Certificate Manager 8.4 and later.
This article describes how to import PGP certification keys (that is, the CA keys), used in Smart ID Certificate Manager (CM). PGP stands for "Pretty Good Privacy". PGP is used for signing, encrypting and decrypting.
Import PGP certification secret key
If the secret key is located in an HSM or available in PKCS#12 format, then the general import of CA key is used, see Use case in Certificate Manager: Import PKI, heading "Import original CA key and certificate".
A certification key in PGP format (.pgp file) must first be converted to PKCS#12 format. The conversion tool is available in the cm-tools.jar file in the tools folder in a CM client or server installation.
Assume that the certification PGP key pair is stored in the cakey.asc and cakey.pgp. Use this command to convert the key pair to PKCS#12 format in file cakey.p12:
Example: Convert key pair to PKCS#12 format
CODEjava -jar cm-tools.jar pgp -pkcs12 cakey.p12 cakey <password>
Import cakey.p12 as described in Use case in Certificate Manager: Import PKI, heading "Import original CA key and certificate".
Import PGP certification public key
The PGP public key, in PGP armored encoding in a .asc file, can directly be imported with the Administrator's workbench (AWB) in Certificate Manager, see Use case in Certificate Manager: Import PKI, heading "Import original CA key and certificate".
The PGP tool
The following command shows the help text from the PGP tool.
java -jar cm-tools.jar pgp -help