OpenPGP/X.509 bridge: how to verify public key?

Question

I'd like to use OpenPGP authentication over TLS, but lack of implementations made me use a temporary solution: an OpenPGP/X.509 bridge certificate.

The approach is very similar to the approach used in Foaf:
https://svn.java.net/svn/sommer~svn/trunk/misc/FoafServer/pgpx509/src/net/java/dev/sommer/foafserver/utils/PgpX509Bridge.java

Basically, you create a certificate request starting from a converted PGP private key, including your converted PGP public key into the certificate request. Then you sign the request with your converted PGP private key.

I'm using the word "converted" because OpenPGP and OpenSSL key formats are incompatible: I have to extract the key parameters from the OpenPGP key and use them to form a new X.509-compatible (OpenSSL) key. Nevertheless, it works as expected.

The result is a X.509 certificate with the PGP public key parameters used in the public key of the X.509 certificate, but without the user IDs and the public key signatures, thus making it unusable for authentication purposes.

The missing piece here is server authentication. The server has previously signed the user's PGP public key, but how do I verify that through the X.509 bridge certificate?

Even if I use my PGP user ID as my CN (Common Name), how do I certify that it's the same user ID used in the originating OpenPGP key?
There are no public key signatures on the X.509 bridge certificate, only the same key parameters. Can I safely just check against those?

Although I have to do this in Python, any suggestions on how to proceed in general would be really helpful.

Answer 1

I got the answer on crypto: https://crypto.stackexchange.com/a/11709/9284

If you can put the entire PGP certificate in a proprietary non-critical extension then you don't need to find the PGP certificate in a store. This solution depends on the condition that you are able to create your own OID and insert the PGP certificate in the extension. Furthermore, the server should accept such a certificate and contain methods of validating the PGP certificate as well.

The CA can accept or refuse requests containing a PGP certificate. It should at least check that the key in the PGP certificate matches the one in the signed request. One method of doing this is to validate that the modulus of the PGP and X5.09 public key match.