I need to export one of my GPG keys as a PKCS12 key/certificate. gpg is incapable of doing this, but the tool gpgsm is. However, entering gpgsm -o <file> --export-secret-key-p12 <key-id> returns gpgsm: can't export secret key `<key-id>'. I tested gpgsm --list-keys and it returned nothing.
Is GPGSM supposed to work with GPG? I noticed that on my first time running it a new file was created for it. I'd assume that it wouldn't have to if GPG has already been run and configured. Are both mean to have access to the same keyring? If so, how do I fix this? If not, how can I export my key from GPG and import it into GPGSM?
Best Answer
It would be more useful to describe why you want to do something, not just what you want to do. I'm guessing that you're trying to use your PGP key with S/MIME email encryption or signing, which isn't really possible.
To answer the question, no, GPG and GPGSM use different formats and protocols, which is why they're implemented as separate tools in the first place. GPG is an implementation of OpenPGP, while GPGSM works with X.509 (mostly S/MIME).
While both use the same cryptographic algorithms and could in theory use the same key material (e.g. identical RSA parameters), that's where the similarity ends – you cannot translate an OpenPGP user certificate directly to an X.509 certificate, therefore you cannot usefully export it in PKCS#12 format either.
(gpg-agent is capable of using OpenPGP keys for SSH authentication, but that's only because the SSH key format has no metadata attached, so the "conversion" is merely extracting the RSA parameters. On the other hand, X.509 certificates have such metadata as the subject name which uses a different syntax from OpenPGP; issuer name which OpenPGP doesn't have (being based on web-of-trust); and key usage (which is tricky since most OpenPGP implementations use two separate keys within a single 'certificate', one for signing and one for encrypting).)