Use case in Certificate Manager: Import PGP Certification Keys

This article is valid for Certificate Manager 8.4 and later.

This article describes how to import PGP certification keys (that is, the CA keys), used in Smart ID Certificate Manager (CM). PGP stands for "Pretty Good Privacy". PGP is used for signing, encrypting and decrypting.

Import PGP certification secret key

If the secret key is located in an HSM or available in PKCS#12 format, then the general import of CA key is used, see Use case in Certificate Manager: Import PKI, heading "Import original CA key and certificate".

A certification key in PGP format (.pgp file) must first be converted to PKCS#12 format. The conversion tool is available in the cm-tools.jar file in the tools folder in a CM client or server installation.

1. Assume that the certification PGP key pair is stored in the cakey.asc and cakey.pgp. Use this command to convert the key pair to PKCS#12 format in file cakey.p12:

   Example: Convert key pair to PKCS#12 format

   CODE

   java -jar cm-tools.jar pgp -pkcs12 cakey.p12 cakey <password>

2. Import cakey.p12 as described in Use case in Certificate Manager: Import PKI, heading "Import original CA key and certificate".

Import PGP certification public key

The PGP public key, in PGP armored encoding in a .asc file, can directly be imported with the Administrator's workbench (AWB) in Certificate Manager, see Use case in Certificate Manager: Import PKI, heading "Import original CA key and certificate".

The PGP tool

The following command shows the help text from the PGP tool.

java -jar cm-tools.jar pgp -help

Related information

• Administrator's workbench (AWB)

• Smart ID Certificate Manager

• Use case in Certificate Manager: Import PKI