From 3668cbc2de18e9900f897397623c8f5a2a565fac Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Felix=20Schr=C3=B6ter?= Date: Tue, 26 Mar 2024 22:25:47 +0100 Subject: [PATCH] feat: WIP --- go.mod | 7 ++-- go.sum | 11 +++--- main.go | 110 ++++++++++++++++++++++++++++++++++++++++++++++++-------- 3 files changed, 105 insertions(+), 23 deletions(-) diff --git a/go.mod b/go.mod index 5891455..539d3f4 100644 --- a/go.mod +++ b/go.mod @@ -1,15 +1,16 @@ module gpg2age -go 1.21.7 +go 1.21.8 require ( github.com/Mic92/ssh-to-age v0.0.0-20240304065525-796b05d6e3b3 github.com/ProtonMail/go-crypto v1.0.0 github.com/davecgh/go-spew v1.1.1 golang.org/x/crypto v0.20.0 + golang.org/x/term v0.18.0 ) require ( - github.com/cloudflare/circl v1.3.3 // indirect - golang.org/x/sys v0.17.0 // indirect + github.com/cloudflare/circl v1.3.7 // indirect + golang.org/x/sys v0.18.0 // indirect ) diff --git a/go.sum b/go.sum index 64ef460..8682c81 100644 --- a/go.sum +++ b/go.sum @@ -3,8 +3,9 @@ github.com/Mic92/ssh-to-age v0.0.0-20240304065525-796b05d6e3b3/go.mod h1:M/OUOt0 github.com/ProtonMail/go-crypto v1.0.0 h1:LRuvITjQWX+WIfr930YHG2HNfjR1uOfyf5vE0kC2U78= github.com/ProtonMail/go-crypto v1.0.0/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0= github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0= -github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs= github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA= +github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU= +github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA= github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c= github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY= @@ -34,15 +35,15 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y= -golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4= +golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc= golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k= golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U= -golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U= -golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk= +golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8= +golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ= diff --git a/main.go b/main.go index f3f43e3..b15bdc0 100644 --- a/main.go +++ b/main.go @@ -5,19 +5,22 @@ import ( "fmt" "log" "os" + "syscall" + "strings" + "encoding/pem" "github.com/ProtonMail/go-crypto/openpgp" "github.com/ProtonMail/go-crypto/openpgp/armor" - "github.com/ProtonMail/go-crypto/openpgp/eddsa" + "github.com/ProtonMail/go-crypto/openpgp/eddsa" "github.com/ProtonMail/go-crypto/openpgp/packet" - "strings" - "crypto/ed25519" "errors" "github.com/Mic92/ssh-to-age/bech32" "github.com/davecgh/go-spew/spew" + "golang.org/x/term" "golang.org/x/crypto/curve25519" + "golang.org/x/crypto/ssh" // "bytes" // "golang.org/x/crypto/ssh" // "golang.org/x/crypto/curve25519" @@ -56,8 +59,7 @@ func ed25519PrivateKeyToCurve25519(pk ed25519.PrivateKey) ([]byte, error) { return out[:curve25519.ScalarSize], nil } -func SSHPrivateKeyToAge(bytes, passphrase []byte) (*string, error) { - +func SSHPrivateKeyToAge(bytes []byte) (*string, error) { s, err := bech32.Encode("AGE-SECRET-KEY-", bytes) if err != nil { return nil, err @@ -67,8 +69,8 @@ func SSHPrivateKeyToAge(bytes, passphrase []byte) (*string, error) { } func main() { - - keyfile := "./gnupg/test-key.asc" + // TODO turn these into CLI inputs + keyfile := "./priv-gpg" e, err := readEntity(keyfile) if err != nil { @@ -77,25 +79,103 @@ func main() { spew.Config.MaxDepth = 2 spew.Config.Indent = " " - log.Println(reflect.TypeOf(e.PrivateKey.PrivateKey)) - castkey, ok := e.PrivateKey.PrivateKey.(*eddsa.PrivateKey) - if !ok { - log.Fatal("failed to cast") - } - spew.Dump(castkey) + + log.Println("Keys:") + log.Println("[0]", e.PrimaryKey.KeyIdString() + " (primary)") + for i := 0; i < len(e.Subkeys); i++ { + log.Println(fmt.Sprintf("[%d]", i + 1), e.Subkeys[i].PublicKey.KeyIdString() + " (subkey)") + } + + log.Println("Please choose a key by index (default: 0):") + + var keyIndex int + _, err = fmt.Scanf("%d", &keyIndex) + if err != nil && err.Error() == "unexpected newline" { + keyIndex = 0 + } else if err != nil { + log.Fatal(err) + } + + var targetKey *packet.PrivateKey + if keyIndex == 0 { + log.Println(fmt.Sprintf("Continuing with key [%d]", keyIndex), e.PrimaryKey.KeyIdString()) + targetKey = e.PrivateKey + } else if keyIndex > 0 { + var subkey = e.Subkeys[keyIndex - 1] + log.Println(fmt.Sprintf("Continuing with key [%d]", keyIndex), subkey.PublicKey.KeyIdString()) + targetKey = subkey.PrivateKey + } else { + log.Fatal("Invalid key index") + } + + if targetKey.Encrypted { + log.Println("Please enter passphrase to decrypt PGP key:") + bytePassphrase, err := term.ReadPassword(int(syscall.Stdin)) + if err != nil { + log.Fatal(err) + } + targetKey.Decrypt(bytePassphrase) + } + + log.Println("private key type:", reflect.TypeOf(targetKey.PrivateKey)) + castkey, ok := targetKey.PrivateKey.(*eddsa.PrivateKey) + if !ok { + log.Fatal("failed to cast") + } + // spew.Dump(castkey) + + // get public key as OpenSSH key + log.Println("public key type:", reflect.TypeOf(castkey.PublicKey)) + var pubkey ed25519.PublicKey = castkey.PublicKey.X + + agePub, err := bech32.Encode("age", pubkey) + if err != nil { + log.Fatal(err) + } + log.Println("public age key:", string(agePub)) + + sshPub, err := ssh.NewPublicKey(pubkey) + if err != nil { + log.Fatal(err) + } + // log.Println("public key SSH key wire format:", sshPub.Marshal()) + // log.Println("public key SHA256:", ssh.FingerprintSHA256(sshPub)) + log.Println("public SSH key:", string(ssh.MarshalAuthorizedKey(sshPub))) // TODO: are these the correct bytes? - var privkey ed25519.PrivateKey = castkey.D + var privkey ed25519.PrivateKey = castkey.D + // var privkey ed25519.PrivateKey = castkey.MarshalByteSecret() + // var privkey = ed25519.NewKeyFromSeed(castkey.D) + // TODO is this right? bytes, err := ed25519PrivateKeyToCurve25519(privkey) if err != nil { log.Fatal(err) } - agekey, err := SSHPrivateKeyToAge(bytes, []byte{}) + // TODO trying to get private key as age key + agekey, err := SSHPrivateKeyToAge(bytes) if err != nil { log.Fatal(err) } fmt.Println(*agekey) + // TODO trying to get private key as OpenSSH key + privPem, err := ssh.MarshalPrivateKey(privkey, "") + if err != nil { + log.Fatal(err) + } + if err := pem.Encode(os.Stdout, privPem); err != nil { + log.Fatal(err) + } + + // TODO make sure public key is still the same + var priv ed25519.PrivateKey = bytes + var pubkey2 = priv.Public() + // var pubkey2 = privkey.Public() + sshPub2, err := ssh.NewPublicKey(pubkey2) + if err != nil { + log.Fatal(err) + } + log.Println("verify public SSH key:", string(ssh.MarshalAuthorizedKey(sshPub2))) }