mirror of
https://github.com/pinpox/pgp2ssh.git
synced 2025-10-10 06:29:53 +02:00
feat: fix & clean up
We did it! It's working! I've also removed lots of code that we don't need anymore.
This commit is contained in:
parent
4cc344b2b2
commit
3c97a34ec4
GPG key ID:
671E39E6744C807D
3 changed files with 56 additions and 130 deletions
180
main.go
180
main.go
|
|
@ -1,33 +1,22 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"crypto/sha512"
|
||||
"encoding/pem"
|
||||
"fmt"
|
||||
"log"
|
||||
"os"
|
||||
"syscall"
|
||||
"strings"
|
||||
"encoding/pem"
|
||||
"syscall"
|
||||
|
||||
"github.com/ProtonMail/go-crypto/openpgp"
|
||||
"github.com/ProtonMail/go-crypto/openpgp/armor"
|
||||
"github.com/ProtonMail/go-crypto/openpgp/eddsa"
|
||||
"github.com/ProtonMail/go-crypto/openpgp/eddsa"
|
||||
"github.com/ProtonMail/go-crypto/openpgp/packet"
|
||||
|
||||
"crypto/ed25519"
|
||||
"errors"
|
||||
"github.com/Mic92/ssh-to-age/bech32"
|
||||
"github.com/davecgh/go-spew/spew"
|
||||
"golang.org/x/term"
|
||||
"golang.org/x/crypto/curve25519"
|
||||
"golang.org/x/crypto/ssh"
|
||||
// "bytes"
|
||||
// "golang.org/x/crypto/ssh"
|
||||
// "golang.org/x/crypto/curve25519"
|
||||
// "https://pkg.go.dev/crypto/ed25519#PrivateKey
|
||||
// "crypto/ed25519"ccc1be8d-24dc-41ad-9d66-b657711419d7
|
||||
"golang.org/x/term"
|
||||
"reflect"
|
||||
// "filippo.io/edwards25519"
|
||||
)
|
||||
|
||||
func readEntity(keypath string) (*openpgp.Entity, error) {
|
||||
|
|
@ -49,136 +38,79 @@ var (
|
|||
UnsupportedKeyType = errors.New("only ed25519 keys are supported")
|
||||
)
|
||||
|
||||
func ed25519PrivateKeyToCurve25519(pk ed25519.PrivateKey) ([]byte, error) {
|
||||
h := sha512.New()
|
||||
_, err := h.Write(pk.Seed())
|
||||
if err != nil {
|
||||
return []byte{}, err
|
||||
}
|
||||
out := h.Sum(nil)
|
||||
return out[:curve25519.ScalarSize], nil
|
||||
}
|
||||
|
||||
func SSHPrivateKeyToAge(bytes []byte) (*string, error) {
|
||||
s, err := bech32.Encode("AGE-SECRET-KEY-", bytes)
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
s = strings.ToUpper(s)
|
||||
return &s, nil
|
||||
}
|
||||
|
||||
func main() {
|
||||
// TODO turn these into CLI inputs
|
||||
// keyfile := "/home/pinpox/gnutmp/0xA5BCEFD22D30118A.priv.asc"
|
||||
keyfile := "./test-key.asc"
|
||||
var keyfile string
|
||||
log.Println("Enter path to private PGP key (default: ./priv.asc):")
|
||||
_, err := fmt.Scanf("%s", &keyfile)
|
||||
if err != nil && err.Error() == "unexpected newline" {
|
||||
keyfile := "./priv.asc"
|
||||
} else if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
||||
e, err := readEntity(keyfile)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
||||
spew.Config.MaxDepth = 2
|
||||
spew.Config.Indent = " "
|
||||
log.Println("Keys:")
|
||||
log.Println("[0]", e.PrimaryKey.KeyIdString()+" (primary)")
|
||||
for i := 0; i < len(e.Subkeys); i++ {
|
||||
log.Println(fmt.Sprintf("[%d]", i+1), e.Subkeys[i].PublicKey.KeyIdString()+" (subkey)")
|
||||
}
|
||||
|
||||
log.Println("Keys:")
|
||||
log.Println("[0]", e.PrimaryKey.KeyIdString() + " (primary)")
|
||||
for i := 0; i < len(e.Subkeys); i++ {
|
||||
log.Println(fmt.Sprintf("[%d]", i + 1), e.Subkeys[i].PublicKey.KeyIdString() + " (subkey)")
|
||||
}
|
||||
log.Println("Choose key by index (default: 0):")
|
||||
|
||||
log.Println("Please choose a key by index (default: 0):")
|
||||
var keyIndex int
|
||||
_, err = fmt.Scanf("%d", &keyIndex)
|
||||
if err != nil && err.Error() == "unexpected newline" {
|
||||
keyIndex = 0
|
||||
} else if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
||||
var keyIndex int
|
||||
_, err = fmt.Scanf("%d", &keyIndex)
|
||||
if err != nil && err.Error() == "unexpected newline" {
|
||||
keyIndex = 0
|
||||
} else if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
var targetKey *packet.PrivateKey
|
||||
if keyIndex == 0 {
|
||||
log.Println(fmt.Sprintf("Continuing with key [%d]", keyIndex), e.PrimaryKey.KeyIdString())
|
||||
targetKey = e.PrivateKey
|
||||
} else if keyIndex > 0 {
|
||||
var subkey = e.Subkeys[keyIndex-1]
|
||||
log.Println(fmt.Sprintf("Continuing with key [%d]", keyIndex), subkey.PublicKey.KeyIdString())
|
||||
targetKey = subkey.PrivateKey
|
||||
} else {
|
||||
log.Fatal("Invalid key index")
|
||||
}
|
||||
|
||||
var targetKey *packet.PrivateKey
|
||||
if keyIndex == 0 {
|
||||
log.Println(fmt.Sprintf("Continuing with key [%d]", keyIndex), e.PrimaryKey.KeyIdString())
|
||||
targetKey = e.PrivateKey
|
||||
} else if keyIndex > 0 {
|
||||
var subkey = e.Subkeys[keyIndex - 1]
|
||||
log.Println(fmt.Sprintf("Continuing with key [%d]", keyIndex), subkey.PublicKey.KeyIdString())
|
||||
targetKey = subkey.PrivateKey
|
||||
} else {
|
||||
log.Fatal("Invalid key index")
|
||||
}
|
||||
if targetKey.Encrypted {
|
||||
log.Println("Please enter passphrase to decrypt PGP key:")
|
||||
bytePassphrase, err := term.ReadPassword(int(syscall.Stdin))
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
targetKey.Decrypt(bytePassphrase)
|
||||
}
|
||||
|
||||
if targetKey.Encrypted {
|
||||
log.Println("Please enter passphrase to decrypt PGP key:")
|
||||
bytePassphrase, err := term.ReadPassword(int(syscall.Stdin))
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
targetKey.Decrypt(bytePassphrase)
|
||||
}
|
||||
log.Println("private key type:", reflect.TypeOf(targetKey.PrivateKey))
|
||||
castkey, ok := targetKey.PrivateKey.(*eddsa.PrivateKey)
|
||||
if !ok {
|
||||
log.Fatal("failed to cast")
|
||||
}
|
||||
|
||||
log.Println("private key type:", reflect.TypeOf(targetKey.PrivateKey))
|
||||
castkey, ok := targetKey.PrivateKey.(*eddsa.PrivateKey)
|
||||
if !ok {
|
||||
log.Fatal("failed to cast")
|
||||
}
|
||||
// spew.Dump(castkey)
|
||||
|
||||
// get public key as OpenSSH key
|
||||
log.Println("public key type:", reflect.TypeOf(castkey.PublicKey))
|
||||
log.Println("public key type:", reflect.TypeOf(castkey.PublicKey))
|
||||
var pubkey ed25519.PublicKey = castkey.PublicKey.X
|
||||
|
||||
agePub, err := bech32.Encode("age", pubkey)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
log.Println("public age key:", string(agePub))
|
||||
|
||||
sshPub, err := ssh.NewPublicKey(pubkey)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
// log.Println("public key SSH key wire format:", sshPub.Marshal())
|
||||
// log.Println("public key SHA256:", ssh.FingerprintSHA256(sshPub))
|
||||
log.Println("public SSH key:", string(ssh.MarshalAuthorizedKey(sshPub)))
|
||||
|
||||
// TODO: are these the correct bytes?
|
||||
// var privkey ed25519.PrivateKey = castkey.D
|
||||
// var privkey ed25519.PrivateKey = castkey.MarshalByteSecret()
|
||||
var privkey = ed25519.NewKeyFromSeed(castkey.D)
|
||||
|
||||
// TODO is this right?
|
||||
bytes, err := ed25519PrivateKeyToCurve25519(privkey)
|
||||
sshPub, err := ssh.NewPublicKey(pubkey)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
log.Println("public SSH key:\n" + string(ssh.MarshalAuthorizedKey(sshPub)))
|
||||
|
||||
// bytes = privkee
|
||||
var privkey = ed25519.NewKeyFromSeed(castkey.D)
|
||||
|
||||
// TODO trying to get private key as age key
|
||||
agekey, err := SSHPrivateKeyToAge(bytes)
|
||||
privPem, err := ssh.MarshalPrivateKey(&privkey, "")
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
fmt.Println(*agekey)
|
||||
|
||||
// TODO trying to get private key as OpenSSH key
|
||||
privPem, err := ssh.MarshalPrivateKey(privkey, "")
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
if err := pem.Encode(os.Stdout, privPem); err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
|
||||
// TODO make sure public key is still the same
|
||||
var priv ed25519.PrivateKey = bytes
|
||||
var pubkey2 = priv.Public()
|
||||
// var pubkey2 = privkey.Public()
|
||||
sshPub2, err := ssh.NewPublicKey(pubkey2)
|
||||
if err != nil {
|
||||
log.Fatal(err)
|
||||
}
|
||||
log.Println("verify public SSH key:", string(ssh.MarshalAuthorizedKey(sshPub2)))
|
||||
privateKeyPem := pem.EncodeToMemory(privPem)
|
||||
log.Println("Private SSH key:\n" + string(privateKeyPem))
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue