pgp2ssh/main.go

package main

import (
	"crypto/sha512"
	"fmt"
	"log"
	"os"

	"github.com/ProtonMail/go-crypto/openpgp"
	"github.com/ProtonMail/go-crypto/openpgp/armor"
	"github.com/ProtonMail/go-crypto/openpgp/eddsa"
	"github.com/ProtonMail/go-crypto/openpgp/packet"

	"strings"

	"crypto/ed25519"
	"errors"
	"github.com/Mic92/ssh-to-age/bech32"
	"github.com/davecgh/go-spew/spew"
	"golang.org/x/crypto/curve25519"
	// "bytes"
	// "golang.org/x/crypto/ssh"
	// "golang.org/x/crypto/curve25519"
	// "https://pkg.go.dev/crypto/ed25519#PrivateKey
	// "crypto/ed25519"ccc1be8d-24dc-41ad-9d66-b657711419d7
	"reflect"
	// "filippo.io/edwards25519"
)

func readEntity(keypath string) (*openpgp.Entity, error) {
	f, err := os.Open(keypath)
	if err != nil {
		log.Println("Error opening file")
		return nil, err
	}
	defer f.Close()
	block, err := armor.Decode(f)
	if err != nil {
		log.Println("decoding")
		return nil, err
	}
	return openpgp.ReadEntity(packet.NewReader(block.Body))
}

var (
	UnsupportedKeyType = errors.New("only ed25519 keys are supported")
)

func ed25519PrivateKeyToCurve25519(pk ed25519.PrivateKey) ([]byte, error) {
	h := sha512.New()
	_, err := h.Write(pk.Seed())
	if err != nil {
		return []byte{}, err
	}
	out := h.Sum(nil)
	return out[:curve25519.ScalarSize], nil
}

func SSHPrivateKeyToAge(bytes, passphrase []byte) (*string, error) {

	s, err := bech32.Encode("AGE-SECRET-KEY-", bytes)
	if err != nil {
		return nil, err
	}
	s = strings.ToUpper(s)
	return &s, nil
}

func main() {

	keyfile := "./gnupg/test-key.asc"

	e, err := readEntity(keyfile)
	if err != nil {
		log.Fatal(err)
	}

	spew.Config.MaxDepth = 2
	spew.Config.Indent = "     "
	log.Println(reflect.TypeOf(e.PrivateKey.PrivateKey))
	castkey, ok := e.PrivateKey.PrivateKey.(*eddsa.PrivateKey)
	if !ok {
		log.Fatal("failed to cast")
	}
	spew.Dump(castkey)

	// TODO: are these the correct bytes?
	var privkey ed25519.PrivateKey  = castkey.D

	bytes, err := ed25519PrivateKeyToCurve25519(privkey)
	if err != nil {
		log.Fatal(err)
	}

	agekey, err := SSHPrivateKeyToAge(bytes, []byte{})
	if err != nil {
		log.Fatal(err)
	}
	fmt.Println(*agekey)

}
initial commit 2024-03-20 20:34:29 +01:00			`package main`

			`import (`
			`"crypto/sha512"`
			`"fmt"`
			`"log"`
			`"os"`

			`"github.com/ProtonMail/go-crypto/openpgp"`
			`"github.com/ProtonMail/go-crypto/openpgp/armor"`
			`"github.com/ProtonMail/go-crypto/openpgp/eddsa"`
			`"github.com/ProtonMail/go-crypto/openpgp/packet"`

			`"strings"`

			`"crypto/ed25519"`
			`"errors"`
			`"github.com/Mic92/ssh-to-age/bech32"`
add test key 2024-03-25 17:22:47 +01:00			`"github.com/davecgh/go-spew/spew"`
initial commit 2024-03-20 20:34:29 +01:00			`"golang.org/x/crypto/curve25519"`
fix cast 2024-03-20 20:54:57 +01:00			`// "bytes"`
			`// "golang.org/x/crypto/ssh"`
initial commit 2024-03-20 20:34:29 +01:00			`// "golang.org/x/crypto/curve25519"`
add test key 2024-03-25 17:22:47 +01:00			`// "https://pkg.go.dev/crypto/ed25519#PrivateKey`
			`// "crypto/ed25519"ccc1be8d-24dc-41ad-9d66-b657711419d7`
			`"reflect"`
fix cast 2024-03-20 20:54:57 +01:00			`// "filippo.io/edwards25519"`
initial commit 2024-03-20 20:34:29 +01:00			`)`

			`func readEntity(keypath string) (*openpgp.Entity, error) {`
			`f, err := os.Open(keypath)`
			`if err != nil {`
			`log.Println("Error opening file")`
			`return nil, err`
			`}`
			`defer f.Close()`
			`block, err := armor.Decode(f)`
			`if err != nil {`
			`log.Println("decoding")`
			`return nil, err`
			`}`
			`return openpgp.ReadEntity(packet.NewReader(block.Body))`
			`}`

			`var (`
			`UnsupportedKeyType = errors.New("only ed25519 keys are supported")`
			`)`

			`func ed25519PrivateKeyToCurve25519(pk ed25519.PrivateKey) ([]byte, error) {`
			`h := sha512.New()`
			`_, err := h.Write(pk.Seed())`
			`if err != nil {`
			`return []byte{}, err`
			`}`
			`out := h.Sum(nil)`
			`return out[:curve25519.ScalarSize], nil`
			`}`

add test key 2024-03-25 17:22:47 +01:00			`func SSHPrivateKeyToAge(bytes, passphrase []byte) (*string, error) {`
initial commit 2024-03-20 20:34:29 +01:00
			`s, err := bech32.Encode("AGE-SECRET-KEY-", bytes)`
			`if err != nil {`
			`return nil, err`
			`}`
			`s = strings.ToUpper(s)`
			`return &s, nil`
			`}`

			`func main() {`

add test key 2024-03-25 17:22:47 +01:00			`keyfile := "./gnupg/test-key.asc"`

			`e, err := readEntity(keyfile)`
initial commit 2024-03-20 20:34:29 +01:00			`if err != nil {`
			`log.Fatal(err)`
			`}`

add test key 2024-03-25 17:22:47 +01:00			`spew.Config.MaxDepth = 2`
			`spew.Config.Indent = " "`
			`log.Println(reflect.TypeOf(e.PrivateKey.PrivateKey))`
initial commit 2024-03-20 20:34:29 +01:00			`castkey, ok := e.PrivateKey.PrivateKey.(*eddsa.PrivateKey)`
			`if !ok {`
			`log.Fatal("failed to cast")`
			`}`
add test key 2024-03-25 17:22:47 +01:00			`spew.Dump(castkey)`

			`// TODO: are these the correct bytes?`
			`var privkey ed25519.PrivateKey = castkey.D`
initial commit 2024-03-20 20:34:29 +01:00
add test key 2024-03-25 17:22:47 +01:00			`bytes, err := ed25519PrivateKeyToCurve25519(privkey)`
			`if err != nil {`
			`log.Fatal(err)`
			`}`
initial commit 2024-03-20 20:34:29 +01:00
add test key 2024-03-25 17:22:47 +01:00			`agekey, err := SSHPrivateKeyToAge(bytes, []byte{})`
initial commit 2024-03-20 20:34:29 +01:00			`if err != nil {`
			`log.Fatal(err)`
			`}`
fix cast 2024-03-20 20:54:57 +01:00			`fmt.Println(*agekey)`
initial commit 2024-03-20 20:34:29 +01:00
			`}`