Problem: Lost private key file ~/.ssh/id_rsa, but could connect to remote hosts via pubkey auth anyway: gpg-agent cached the private key. How to get the private key?
Solution: Use gpg-protect-tool to get the key (you need to know the passphrase of course):
gpgsm --call-protect-tool --p12-export ~/.gnupg/private-keys-v1.d/your-keyfile.key >key.p12
Now you have a PKCS12 file and you can extract the private key like this:
openssl pkcs12 -in key.p12 -out privkey.pem
And there is your extracted private key.
While this is blocked on support in an up-to-date
gpgsm
you can just use an old version .. for example Debian 8 "Jessie" hasgpgsm (GnuPG) 2.0.26
, which still has--p12-export
. The quickest way for me to use it was in a container, something like this: