pgp2ssh/main.go

package main

import (
	"crypto/sha512"
	"fmt"
	"log"
	"os"
  "syscall"
	"strings"
  "encoding/pem"

	"github.com/ProtonMail/go-crypto/openpgp"
	"github.com/ProtonMail/go-crypto/openpgp/armor"
  "github.com/ProtonMail/go-crypto/openpgp/eddsa"
	"github.com/ProtonMail/go-crypto/openpgp/packet"

	"crypto/ed25519"
	"errors"
	"github.com/Mic92/ssh-to-age/bech32"
	"github.com/davecgh/go-spew/spew"
  "golang.org/x/term"
	"golang.org/x/crypto/curve25519"
	"golang.org/x/crypto/ssh"
	// "bytes"
	// "golang.org/x/crypto/ssh"
	// "golang.org/x/crypto/curve25519"
	// "https://pkg.go.dev/crypto/ed25519#PrivateKey
	// "crypto/ed25519"ccc1be8d-24dc-41ad-9d66-b657711419d7
	"reflect"
	// "filippo.io/edwards25519"
)

func readEntity(keypath string) (*openpgp.Entity, error) {
	f, err := os.Open(keypath)
	if err != nil {
		log.Println("Error opening file")
		return nil, err
	}
	defer f.Close()
	block, err := armor.Decode(f)
	if err != nil {
		log.Println("decoding")
		return nil, err
	}
	return openpgp.ReadEntity(packet.NewReader(block.Body))
}

var (
	UnsupportedKeyType = errors.New("only ed25519 keys are supported")
)

func ed25519PrivateKeyToCurve25519(pk ed25519.PrivateKey) ([]byte, error) {
	h := sha512.New()
	_, err := h.Write(pk.Seed())
	if err != nil {
		return []byte{}, err
	}
	out := h.Sum(nil)
	return out[:curve25519.ScalarSize], nil
}

func SSHPrivateKeyToAge(bytes []byte) (*string, error) {
	s, err := bech32.Encode("AGE-SECRET-KEY-", bytes)
	if err != nil {
		return nil, err
	}
	s = strings.ToUpper(s)
	return &s, nil
}

func main() {
  // TODO turn these into CLI inputs
	keyfile := "./priv-gpg"

	e, err := readEntity(keyfile)
	if err != nil {
		log.Fatal(err)
	}

	spew.Config.MaxDepth = 2
	spew.Config.Indent = "     "

  log.Println("Keys:")
  log.Println("[0]", e.PrimaryKey.KeyIdString() + " (primary)")
  for i := 0; i < len(e.Subkeys); i++ {
    log.Println(fmt.Sprintf("[%d]", i + 1), e.Subkeys[i].PublicKey.KeyIdString() + " (subkey)")
  }

  log.Println("Please choose a key by index (default: 0):")

  var keyIndex int
  _, err = fmt.Scanf("%d", &keyIndex)
  if err != nil && err.Error() == "unexpected newline" {
    keyIndex = 0
  } else if err != nil {
    log.Fatal(err)
  }

  var targetKey *packet.PrivateKey
  if keyIndex == 0 {
    log.Println(fmt.Sprintf("Continuing with key [%d]", keyIndex), e.PrimaryKey.KeyIdString())
    targetKey = e.PrivateKey
  } else if keyIndex > 0 {
    var subkey = e.Subkeys[keyIndex - 1]
    log.Println(fmt.Sprintf("Continuing with key [%d]", keyIndex), subkey.PublicKey.KeyIdString())
    targetKey = subkey.PrivateKey
  } else {
    log.Fatal("Invalid key index")
  }

  if targetKey.Encrypted {
    log.Println("Please enter passphrase to decrypt PGP key:")
    bytePassphrase, err := term.ReadPassword(int(syscall.Stdin))
    if err != nil {
      log.Fatal(err)
    }
    targetKey.Decrypt(bytePassphrase)
  }

  log.Println("private key type:", reflect.TypeOf(targetKey.PrivateKey))
  castkey, ok := targetKey.PrivateKey.(*eddsa.PrivateKey)
  if !ok {
    log.Fatal("failed to cast")
  }
	// spew.Dump(castkey)

  // get public key as OpenSSH key
  log.Println("public key type:", reflect.TypeOf(castkey.PublicKey))
	var pubkey ed25519.PublicKey = castkey.PublicKey.X

	agePub, err := bech32.Encode("age", pubkey)
  if err != nil {
    log.Fatal(err)
  }
  log.Println("public age key:", string(agePub))

  sshPub, err := ssh.NewPublicKey(pubkey)
  if err != nil {
    log.Fatal(err)
  }
  // log.Println("public key SSH key wire format:", sshPub.Marshal())
  // log.Println("public key SHA256:", ssh.FingerprintSHA256(sshPub))
  log.Println("public SSH key:", string(ssh.MarshalAuthorizedKey(sshPub)))

	// TODO: are these the correct bytes?
	var privkey ed25519.PrivateKey = castkey.D
	// var privkey ed25519.PrivateKey = castkey.MarshalByteSecret()
  // var privkey = ed25519.NewKeyFromSeed(castkey.D)

  // TODO is this right?
	bytes, err := ed25519PrivateKeyToCurve25519(privkey)
	if err != nil {
		log.Fatal(err)
	}

  // TODO trying to get private key as age key
	agekey, err := SSHPrivateKeyToAge(bytes)
	if err != nil {
		log.Fatal(err)
	}
	fmt.Println(*agekey)

  // TODO trying to get private key as OpenSSH key
  privPem, err := ssh.MarshalPrivateKey(privkey, "")
  if err != nil {
    log.Fatal(err)
  }
  if err := pem.Encode(os.Stdout, privPem); err != nil {
		log.Fatal(err)
	}

  // TODO make sure public key is still the same
  var priv ed25519.PrivateKey = bytes
  var pubkey2 = priv.Public()
  // var pubkey2 = privkey.Public()
  sshPub2, err := ssh.NewPublicKey(pubkey2)
  if err != nil {
    log.Fatal(err)
  }
  log.Println("verify public SSH key:", string(ssh.MarshalAuthorizedKey(sshPub2)))
}
initial commit 2024-03-20 20:34:29 +01:00			`package main`

			`import (`
			`"crypto/sha512"`
			`"fmt"`
			`"log"`
			`"os"`
feat: WIP 2024-03-26 22:25:47 +01:00			`"syscall"`
			`"strings"`
			`"encoding/pem"`
initial commit 2024-03-20 20:34:29 +01:00
			`"github.com/ProtonMail/go-crypto/openpgp"`
			`"github.com/ProtonMail/go-crypto/openpgp/armor"`
feat: WIP 2024-03-26 22:25:47 +01:00			`"github.com/ProtonMail/go-crypto/openpgp/eddsa"`
initial commit 2024-03-20 20:34:29 +01:00			`"github.com/ProtonMail/go-crypto/openpgp/packet"`

			`"crypto/ed25519"`
			`"errors"`
			`"github.com/Mic92/ssh-to-age/bech32"`
add test key 2024-03-25 17:22:47 +01:00			`"github.com/davecgh/go-spew/spew"`
feat: WIP 2024-03-26 22:25:47 +01:00			`"golang.org/x/term"`
initial commit 2024-03-20 20:34:29 +01:00			`"golang.org/x/crypto/curve25519"`
feat: WIP 2024-03-26 22:25:47 +01:00			`"golang.org/x/crypto/ssh"`
fix cast 2024-03-20 20:54:57 +01:00			`// "bytes"`
			`// "golang.org/x/crypto/ssh"`
initial commit 2024-03-20 20:34:29 +01:00			`// "golang.org/x/crypto/curve25519"`
add test key 2024-03-25 17:22:47 +01:00			`// "https://pkg.go.dev/crypto/ed25519#PrivateKey`
			`// "crypto/ed25519"ccc1be8d-24dc-41ad-9d66-b657711419d7`
			`"reflect"`
fix cast 2024-03-20 20:54:57 +01:00			`// "filippo.io/edwards25519"`
initial commit 2024-03-20 20:34:29 +01:00			`)`

			`func readEntity(keypath string) (*openpgp.Entity, error) {`
			`f, err := os.Open(keypath)`
			`if err != nil {`
			`log.Println("Error opening file")`
			`return nil, err`
			`}`
			`defer f.Close()`
			`block, err := armor.Decode(f)`
			`if err != nil {`
			`log.Println("decoding")`
			`return nil, err`
			`}`
			`return openpgp.ReadEntity(packet.NewReader(block.Body))`
			`}`

			`var (`
			`UnsupportedKeyType = errors.New("only ed25519 keys are supported")`
			`)`

			`func ed25519PrivateKeyToCurve25519(pk ed25519.PrivateKey) ([]byte, error) {`
			`h := sha512.New()`
			`_, err := h.Write(pk.Seed())`
			`if err != nil {`
			`return []byte{}, err`
			`}`
			`out := h.Sum(nil)`
			`return out[:curve25519.ScalarSize], nil`
			`}`

feat: WIP 2024-03-26 22:25:47 +01:00			`func SSHPrivateKeyToAge(bytes []byte) (*string, error) {`
initial commit 2024-03-20 20:34:29 +01:00			`s, err := bech32.Encode("AGE-SECRET-KEY-", bytes)`
			`if err != nil {`
			`return nil, err`
			`}`
			`s = strings.ToUpper(s)`
			`return &s, nil`
			`}`

			`func main() {`
feat: WIP 2024-03-26 22:25:47 +01:00			`// TODO turn these into CLI inputs`
			`keyfile := "./priv-gpg"`
add test key 2024-03-25 17:22:47 +01:00
			`e, err := readEntity(keyfile)`
initial commit 2024-03-20 20:34:29 +01:00			`if err != nil {`
			`log.Fatal(err)`
			`}`

add test key 2024-03-25 17:22:47 +01:00			`spew.Config.MaxDepth = 2`
			`spew.Config.Indent = " "`
feat: WIP 2024-03-26 22:25:47 +01:00
			`log.Println("Keys:")`
			`log.Println("[0]", e.PrimaryKey.KeyIdString() + " (primary)")`
			`for i := 0; i < len(e.Subkeys); i++ {`
			`log.Println(fmt.Sprintf("[%d]", i + 1), e.Subkeys[i].PublicKey.KeyIdString() + " (subkey)")`
			`}`

			`log.Println("Please choose a key by index (default: 0):")`

			`var keyIndex int`
			`_, err = fmt.Scanf("%d", &keyIndex)`
			`if err != nil && err.Error() == "unexpected newline" {`
			`keyIndex = 0`
			`} else if err != nil {`
			`log.Fatal(err)`
			`}`

			`var targetKey *packet.PrivateKey`
			`if keyIndex == 0 {`
			`log.Println(fmt.Sprintf("Continuing with key [%d]", keyIndex), e.PrimaryKey.KeyIdString())`
			`targetKey = e.PrivateKey`
			`} else if keyIndex > 0 {`
			`var subkey = e.Subkeys[keyIndex - 1]`
			`log.Println(fmt.Sprintf("Continuing with key [%d]", keyIndex), subkey.PublicKey.KeyIdString())`
			`targetKey = subkey.PrivateKey`
			`} else {`
			`log.Fatal("Invalid key index")`
			`}`

			`if targetKey.Encrypted {`
			`log.Println("Please enter passphrase to decrypt PGP key:")`
			`bytePassphrase, err := term.ReadPassword(int(syscall.Stdin))`
			`if err != nil {`
			`log.Fatal(err)`
			`}`
			`targetKey.Decrypt(bytePassphrase)`
			`}`

			`log.Println("private key type:", reflect.TypeOf(targetKey.PrivateKey))`
			`castkey, ok := targetKey.PrivateKey.(*eddsa.PrivateKey)`
			`if !ok {`
			`log.Fatal("failed to cast")`
			`}`
			`// spew.Dump(castkey)`

			`// get public key as OpenSSH key`
			`log.Println("public key type:", reflect.TypeOf(castkey.PublicKey))`
			`var pubkey ed25519.PublicKey = castkey.PublicKey.X`

			`agePub, err := bech32.Encode("age", pubkey)`
			`if err != nil {`
			`log.Fatal(err)`
			`}`
			`log.Println("public age key:", string(agePub))`

			`sshPub, err := ssh.NewPublicKey(pubkey)`
			`if err != nil {`
			`log.Fatal(err)`
			`}`
			`// log.Println("public key SSH key wire format:", sshPub.Marshal())`
			`// log.Println("public key SHA256:", ssh.FingerprintSHA256(sshPub))`
			`log.Println("public SSH key:", string(ssh.MarshalAuthorizedKey(sshPub)))`
add test key 2024-03-25 17:22:47 +01:00
			`// TODO: are these the correct bytes?`
feat: WIP 2024-03-26 22:25:47 +01:00			`var privkey ed25519.PrivateKey = castkey.D`
			`// var privkey ed25519.PrivateKey = castkey.MarshalByteSecret()`
			`// var privkey = ed25519.NewKeyFromSeed(castkey.D)`
initial commit 2024-03-20 20:34:29 +01:00
feat: WIP 2024-03-26 22:25:47 +01:00			`// TODO is this right?`
add test key 2024-03-25 17:22:47 +01:00			`bytes, err := ed25519PrivateKeyToCurve25519(privkey)`
			`if err != nil {`
			`log.Fatal(err)`
			`}`
initial commit 2024-03-20 20:34:29 +01:00
feat: WIP 2024-03-26 22:25:47 +01:00			`// TODO trying to get private key as age key`
			`agekey, err := SSHPrivateKeyToAge(bytes)`
initial commit 2024-03-20 20:34:29 +01:00			`if err != nil {`
			`log.Fatal(err)`
			`}`
fix cast 2024-03-20 20:54:57 +01:00			`fmt.Println(*agekey)`
initial commit 2024-03-20 20:34:29 +01:00
feat: WIP 2024-03-26 22:25:47 +01:00			`// TODO trying to get private key as OpenSSH key`
			`privPem, err := ssh.MarshalPrivateKey(privkey, "")`
			`if err != nil {`
			`log.Fatal(err)`
			`}`
			`if err := pem.Encode(os.Stdout, privPem); err != nil {`
			`log.Fatal(err)`
			`}`

			`// TODO make sure public key is still the same`
			`var priv ed25519.PrivateKey = bytes`
			`var pubkey2 = priv.Public()`
			`// var pubkey2 = privkey.Public()`
			`sshPub2, err := ssh.NewPublicKey(pubkey2)`
			`if err != nil {`
			`log.Fatal(err)`
			`}`
			`log.Println("verify public SSH key:", string(ssh.MarshalAuthorizedKey(sshPub2)))`
initial commit 2024-03-20 20:34:29 +01:00			`}`