felschr/pgp2ssh
1
0
Fork 0
mirror of https://github.com/pinpox/pgp2ssh.git synced 2025-02-05 10:59:19 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #1 from felschr/main

Browse source 
some more experimentation
This commit is contained in:
Pablo Ovelleiro Corral 2024-03-27 12:16:51 +01:00 committed by GitHub
parent 89c692f60e 3668cbc2de
commit 961114b44a
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
3 changed files with 105 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
go.mod
View file

@ -1,15 +1,16 @@
module gpg2age
go 1.21.7
go 1.21.8
require (
github.com/Mic92/ssh-to-age v0.0.0-20240304065525-796b05d6e3b3
github.com/ProtonMail/go-crypto v1.0.0
github.com/davecgh/go-spew v1.1.1
golang.org/x/crypto v0.20.0
golang.org/x/term v0.18.0
)
require (
github.com/cloudflare/circl v1.3.3 // indirect
golang.org/x/sys v0.17.0 // indirect
github.com/cloudflare/circl v1.3.7 // indirect
golang.org/x/sys v0.18.0 // indirect
)

11
go.sum
View file

@ -3,8 +3,9 @@ github.com/Mic92/ssh-to-age v0.0.0-20240304065525-796b05d6e3b3/go.mod h1:M/OUOt0
github.com/ProtonMail/go-crypto v1.0.0 h1:LRuvITjQWX+WIfr930YHG2HNfjR1uOfyf5vE0kC2U78=
github.com/ProtonMail/go-crypto v1.0.0/go.mod h1:EjAoLdwvbIOoOQr3ihjnSoLZRtE8azugULFRteWMNc0=
github.com/bwesterb/go-ristretto v1.2.3/go.mod h1:fUIoIZaG73pV5biE2Blr2xEzDoMj7NFEuV9ekS419A0=
github.com/cloudflare/circl v1.3.3 h1:fE/Qz0QdIGqeWfnwq0RE0R7MI51s0M2E4Ga9kq5AEMs=
github.com/cloudflare/circl v1.3.3/go.mod h1:5XYMA4rFBvNIrhs50XuiBJ15vF2pZn4nnUKZrLbUZFA=
github.com/cloudflare/circl v1.3.7 h1:qlCDlTPz2n9fu58M0Nh1J/JzcFpfgkFHHX3O35r5vcU=
github.com/cloudflare/circl v1.3.7/go.mod h1:sRTcRWXGLrKw6yIGJ+l7amYJFfAXbZG0kBSc8r4zxgA=
github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
github.com/yuin/goldmark v1.4.13/go.mod h1:6yULJ656Px+3vBD8DxQVa3kxgyrAnzto9xy5taEt/CY=
@ -34,15 +35,15 @@ golang.org/x/sys v0.2.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.3.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.5.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
golang.org/x/sys v0.17.0 h1:25cE3gD+tdBA7lp7QfhuV+rJiE9YXTcS3VG1SqssI/Y=
golang.org/x/sys v0.17.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/sys v0.18.0 h1:DBdB3niSjOA/O0blCZBqDefyWNYveAYMNF1Wum0DYQ4=
golang.org/x/sys v0.18.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8=
golang.org/x/term v0.2.0/go.mod h1:TVmDHMZPmdnySmBfhjOoOdhjzdE1h4u1VwSiw2l1Nuc=
golang.org/x/term v0.5.0/go.mod h1:jMB1sMXY+tzblOD4FWmEbocvup2/aLOaQEp7JmGp78k=
golang.org/x/term v0.6.0/go.mod h1:m6U89DPEgQRMq3DNkDClhWw02AUbt2daBVO4cn4Hv9U=
golang.org/x/term v0.17.0 h1:mkTF7LCd6WGJNL3K1Ad7kwxNfYAW6a8a8QqtMblp/4U=
golang.org/x/term v0.17.0/go.mod h1:lLRBjIVuehSbZlaOtGMbcMncT+aqLLLmKrsjNrUguwk=
golang.org/x/term v0.18.0 h1:FcHjZXDMxI8mM3nwhX9HlKop4C0YQvCVCdwYl2wOtE8=
golang.org/x/term v0.18.0/go.mod h1:ILwASektA3OnRv7amZ1xhE/KTR+u50pbXfZ03+6Nx58=
golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
golang.org/x/text v0.3.3/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
golang.org/x/text v0.3.7/go.mod h1:u+2+/6zg+i71rQMx5EYifcz6MCKuco9NR6JIITiCfzQ=

100
main.go
View file

@ -5,19 +5,22 @@ import (
"fmt"
"log"
"os"
"syscall"
"strings"
"encoding/pem"
"github.com/ProtonMail/go-crypto/openpgp"
"github.com/ProtonMail/go-crypto/openpgp/armor"
"github.com/ProtonMail/go-crypto/openpgp/eddsa"
"github.com/ProtonMail/go-crypto/openpgp/packet"
"strings"
"crypto/ed25519"
"errors"
"github.com/Mic92/ssh-to-age/bech32"
"github.com/davecgh/go-spew/spew"
"golang.org/x/term"
"golang.org/x/crypto/curve25519"
"golang.org/x/crypto/ssh"
// "bytes"
// "golang.org/x/crypto/ssh"
// "golang.org/x/crypto/curve25519"
@ -56,8 +59,7 @@ func ed25519PrivateKeyToCurve25519(pk ed25519.PrivateKey) ([]byte, error) {
return out[:curve25519.ScalarSize], nil
}
func SSHPrivateKeyToAge(bytes, passphrase []byte) (*string, error) {
func SSHPrivateKeyToAge(bytes []byte) (*string, error) {
s, err := bech32.Encode("AGE-SECRET-KEY-", bytes)
if err != nil {
return nil, err
@ -67,8 +69,8 @@ func SSHPrivateKeyToAge(bytes, passphrase []byte) (*string, error) {
}
func main() {
keyfile := "./gnupg/test-key.asc"
// TODO turn these into CLI inputs
keyfile := "./priv-gpg"
e, err := readEntity(keyfile)
if err != nil {
@ -77,25 +79,103 @@ func main() {
spew.Config.MaxDepth = 2
spew.Config.Indent = " "
log.Println(reflect.TypeOf(e.PrivateKey.PrivateKey))
castkey, ok := e.PrivateKey.PrivateKey.(*eddsa.PrivateKey)
log.Println("Keys:")
log.Println("[0]", e.PrimaryKey.KeyIdString() + " (primary)")
for i := 0; i < len(e.Subkeys); i++ {
log.Println(fmt.Sprintf("[%d]", i + 1), e.Subkeys[i].PublicKey.KeyIdString() + " (subkey)")
}
log.Println("Please choose a key by index (default: 0):")
var keyIndex int
_, err = fmt.Scanf("%d", &keyIndex)
if err != nil && err.Error() == "unexpected newline" {
keyIndex = 0
} else if err != nil {
log.Fatal(err)
}
var targetKey *packet.PrivateKey
if keyIndex == 0 {
log.Println(fmt.Sprintf("Continuing with key [%d]", keyIndex), e.PrimaryKey.KeyIdString())
targetKey = e.PrivateKey
} else if keyIndex > 0 {
var subkey = e.Subkeys[keyIndex - 1]
log.Println(fmt.Sprintf("Continuing with key [%d]", keyIndex), subkey.PublicKey.KeyIdString())
targetKey = subkey.PrivateKey
} else {
log.Fatal("Invalid key index")
}
if targetKey.Encrypted {
log.Println("Please enter passphrase to decrypt PGP key:")
bytePassphrase, err := term.ReadPassword(int(syscall.Stdin))
if err != nil {
log.Fatal(err)
}
targetKey.Decrypt(bytePassphrase)
}
log.Println("private key type:", reflect.TypeOf(targetKey.PrivateKey))
castkey, ok := targetKey.PrivateKey.(*eddsa.PrivateKey)
if !ok {
log.Fatal("failed to cast")
}
spew.Dump(castkey)
// spew.Dump(castkey)
// get public key as OpenSSH key
log.Println("public key type:", reflect.TypeOf(castkey.PublicKey))
var pubkey ed25519.PublicKey = castkey.PublicKey.X
agePub, err := bech32.Encode("age", pubkey)
if err != nil {
log.Fatal(err)
}
log.Println("public age key:", string(agePub))
sshPub, err := ssh.NewPublicKey(pubkey)
if err != nil {
log.Fatal(err)
}
// log.Println("public key SSH key wire format:", sshPub.Marshal())
// log.Println("public key SHA256:", ssh.FingerprintSHA256(sshPub))
log.Println("public SSH key:", string(ssh.MarshalAuthorizedKey(sshPub)))
// TODO: are these the correct bytes?
var privkey ed25519.PrivateKey = castkey.D
// var privkey ed25519.PrivateKey = castkey.MarshalByteSecret()
// var privkey = ed25519.NewKeyFromSeed(castkey.D)
// TODO is this right?
bytes, err := ed25519PrivateKeyToCurve25519(privkey)
if err != nil {
log.Fatal(err)
}
agekey, err := SSHPrivateKeyToAge(bytes, []byte{})
// TODO trying to get private key as age key
agekey, err := SSHPrivateKeyToAge(bytes)
if err != nil {
log.Fatal(err)
}
fmt.Println(*agekey)
// TODO trying to get private key as OpenSSH key
privPem, err := ssh.MarshalPrivateKey(privkey, "")
if err != nil {
log.Fatal(err)
}
if err := pem.Encode(os.Stdout, privPem); err != nil {
log.Fatal(err)
}
// TODO make sure public key is still the same
var priv ed25519.PrivateKey = bytes
var pubkey2 = priv.Public()
// var pubkey2 = privkey.Public()
sshPub2, err := ssh.NewPublicKey(pubkey2)
if err != nil {
log.Fatal(err)
}
log.Println("verify public SSH key:", string(ssh.MarshalAuthorizedKey(sshPub2)))
}