Merge pull request #1 from felschr/main

some more experimentation

go.mod

@@ -1,15 +1,16 @@
 module gpg2age
 
-go 1.21.7
+go 1.21.8
 
 require (
 	github.com/Mic92/ssh-to-age v0.0.0-20240304065525-796b05d6e3b3
 	github.com/ProtonMail/go-crypto v1.0.0
 	github.com/davecgh/go-spew v1.1.1
 	golang.org/x/crypto v0.20.0
+	golang.org/x/term v0.18.0
 )
 
 require (
-	github.com/cloudflare/circl v1.3.3 // indirect
+	github.com/cloudflare/circl v1.3.7 // indirect
-	golang.org/x/sys v0.17.0 // indirect
+	golang.org/x/sys v0.18.0 // indirect
 )

go.sum

@@ -3,8 +3,9 @@ github.com/Mic92/ssh-to-age v0.0.0-20240304065525-796b05d6e3b3/go.mod h1:M/OUOt0
 github.com/ProtonMail/go-crypto v1.0.0 h1:LRuvITjQWX+WIfr930YHG2HNfjR1uOfyf5vE0kC2U78=
 github.com/ProtonMail/go-crypto v1.0.0/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
 github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
-github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs=
 github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
+github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU=
+github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
 github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
@@ -34,15 +35,15 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y=
+golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
-golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
+golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
 golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
 golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
 golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
-golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U=
+golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8=
-golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
+golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
 golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=

main.go

@@ -5,19 +5,22 @@ import (
 	"fmt"
 	"log"
 	"os"
+  "syscall"
+	"strings"
+  "encoding/pem"
 
 	"github.com/ProtonMail/go-crypto/openpgp"
 	"github.com/ProtonMail/go-crypto/openpgp/armor"
   "github.com/ProtonMail/go-crypto/openpgp/eddsa"
 	"github.com/ProtonMail/go-crypto/openpgp/packet"
 
-	"strings"
-
 	"crypto/ed25519"
 	"errors"
 	"github.com/Mic92/ssh-to-age/bech32"
 	"github.com/davecgh/go-spew/spew"
+  "golang.org/x/term"
 	"golang.org/x/crypto/curve25519"
+	"golang.org/x/crypto/ssh"
 	// "bytes"
 	// "golang.org/x/crypto/ssh"
 	// "golang.org/x/crypto/curve25519"
@@ -56,8 +59,7 @@ func ed25519PrivateKeyToCurve25519(pk ed25519.PrivateKey) ([]byte, error) {
 	return out[:curve25519.ScalarSize], nil
 }
 
-func SSHPrivateKeyToAge(bytes, passphrase []byte) (*string, error) {
+func SSHPrivateKeyToAge(bytes []byte) (*string, error) {
-
 	s, err := bech32.Encode("AGE-SECRET-KEY-", bytes)
 	if err != nil {
 		return nil, err
@@ -67,8 +69,8 @@ func SSHPrivateKeyToAge(bytes, passphrase []byte) (*string, error) {
 }
 
 func main() {
-
+  // TODO turn these into CLI inputs
-	keyfile := "./gnupg/test-key.asc"
+	keyfile := "./priv-gpg"
 
 	e, err := readEntity(keyfile)
 	if err != nil {
@@ -77,25 +79,103 @@ func main() {
 
 	spew.Config.MaxDepth = 2
 	spew.Config.Indent = "     "
-	log.Println(reflect.TypeOf(e.PrivateKey.PrivateKey))
+
-	castkey, ok := e.PrivateKey.PrivateKey.(*eddsa.PrivateKey)
+  log.Println("Keys:")
+  log.Println("[0]", e.PrimaryKey.KeyIdString() + " (primary)")
+  for i := 0; i < len(e.Subkeys); i++ {
+    log.Println(fmt.Sprintf("[%d]", i + 1), e.Subkeys[i].PublicKey.KeyIdString() + " (subkey)")
+  }
+
+  log.Println("Please choose a key by index (default: 0):")
+
+  var keyIndex int
+  _, err = fmt.Scanf("%d", &keyIndex)
+  if err != nil && err.Error() == "unexpected newline" {
+    keyIndex = 0
+  } else if err != nil {
+    log.Fatal(err)
+  }
+
+  var targetKey *packet.PrivateKey
+  if keyIndex == 0 {
+    log.Println(fmt.Sprintf("Continuing with key [%d]", keyIndex), e.PrimaryKey.KeyIdString())
+    targetKey = e.PrivateKey
+  } else if keyIndex > 0 {
+    var subkey = e.Subkeys[keyIndex - 1]
+    log.Println(fmt.Sprintf("Continuing with key [%d]", keyIndex), subkey.PublicKey.KeyIdString())
+    targetKey = subkey.PrivateKey
+  } else {
+    log.Fatal("Invalid key index")
+  }
+
+  if targetKey.Encrypted {
+    log.Println("Please enter passphrase to decrypt PGP key:")
+    bytePassphrase, err := term.ReadPassword(int(syscall.Stdin))
+    if err != nil {
+      log.Fatal(err)
+    }
+    targetKey.Decrypt(bytePassphrase)
+  }
+
+  log.Println("private key type:", reflect.TypeOf(targetKey.PrivateKey))
+  castkey, ok := targetKey.PrivateKey.(*eddsa.PrivateKey)
   if !ok {
     log.Fatal("failed to cast")
   }
-	spew.Dump(castkey)
+	// spew.Dump(castkey)
+
+  // get public key as OpenSSH key
+  log.Println("public key type:", reflect.TypeOf(castkey.PublicKey))
+	var pubkey ed25519.PublicKey = castkey.PublicKey.X
+
+	agePub, err := bech32.Encode("age", pubkey)
+  if err != nil {
+    log.Fatal(err)
+  }
+  log.Println("public age key:", string(agePub))
+
+  sshPub, err := ssh.NewPublicKey(pubkey)
+  if err != nil {
+    log.Fatal(err)
+  }
+  // log.Println("public key SSH key wire format:", sshPub.Marshal())
+  // log.Println("public key SHA256:", ssh.FingerprintSHA256(sshPub))
+  log.Println("public SSH key:", string(ssh.MarshalAuthorizedKey(sshPub)))
 
 	// TODO: are these the correct bytes?
 	var privkey ed25519.PrivateKey = castkey.D
+	// var privkey ed25519.PrivateKey = castkey.MarshalByteSecret()
+  // var privkey = ed25519.NewKeyFromSeed(castkey.D)
 
+  // TODO is this right?
 	bytes, err := ed25519PrivateKeyToCurve25519(privkey)
 	if err != nil {
 		log.Fatal(err)
 	}
 
-	agekey, err := SSHPrivateKeyToAge(bytes, []byte{})
+  // TODO trying to get private key as age key
+	agekey, err := SSHPrivateKeyToAge(bytes)
 	if err != nil {
 		log.Fatal(err)
 	}
 	fmt.Println(*agekey)
 
+  // TODO trying to get private key as OpenSSH key
+  privPem, err := ssh.MarshalPrivateKey(privkey, "")
+  if err != nil {
+    log.Fatal(err)
+  }
+  if err := pem.Encode(os.Stdout, privPem); err != nil {
+		log.Fatal(err)
+	}
+
+  // TODO make sure public key is still the same
+  var priv ed25519.PrivateKey = bytes
+  var pubkey2 = priv.Public()
+  // var pubkey2 = privkey.Public()
+  sshPub2, err := ssh.NewPublicKey(pubkey2)
+  if err != nil {
+    log.Fatal(err)
+  }
+  log.Println("verify public SSH key:", string(ssh.MarshalAuthorizedKey(sshPub2)))
 }