This article describes how to import PGP certification keys (that is, the CA keys), used in Smart ID Certificate Manager (CM). PGP stands for "Pretty Good Privacy". PGP is used for signing, encrypting and decrypting.

Import PGP certification secret key

If the secret key is located in an HSM or available in PKCS#12 format, then the general import of CA key is used, see Use case in Certificate Manager: Import PKI, heading "Import original CA key and certificate".

A certification key in PGP format (.pgp file) must first be converted to PKCS#12 format. The conversion tool is available in the cm-tools.jar file in the tools folder in a CM client or server installation.

1. Assume that the certification PGP key pair is stored in the cakey.asc and cakey.pgp. Use this command to convert the key pair to PKCS#12 format in file cakey.p12:

   Example: Convert key pair to PKCS#12 format

   java -jar cm-tools.jar pgp -pkcs12 cakey.p12 cakey <password>

2. Import cakey.p12 as described in Use case in Certificate Manager: Import PKI, heading "Import original CA key and certificate".

Import PGP certification public key

The PGP public key, in PGP armored encoding in a .asc file, can directly be imported with the Administrator's workbench (AWB) in Certificate Manager, see Use case in Certificate Manager: Import PKI, heading "Import original CA key and certificate".

The PGP tool

The following command shows the help text from the PGP tool.

Related information

• Administrator's workbench (AWB)

• Smart ID Certificate Manager

• Use case in Certificate Manager: Import PKI