diff --git a/keys/customer-pub.gpg b/keys/customer-pub.gpg index 2ee1f9d..6bebca7 100644 Binary files a/keys/customer-pub.gpg and b/keys/customer-pub.gpg differ diff --git a/keys/generate-keys.go b/keys/generate-keys.go index cb4395c..7c18b61 100644 --- a/keys/generate-keys.go +++ b/keys/generate-keys.go @@ -1,16 +1,19 @@ package main import ( - "crypto/rand" - "crypto/rsa" - "crypto/x509" - "encoding/pem" + //"crypto/rand" + //"crypto/rsa" + //"crypto/x509" + //"encoding/pem" "fmt" "os" "path/filepath" + //"bytes" //"io" - //"github.com/ProtonMail/go-crypto/openpgp/armor" + "github.com/ProtonMail/go-crypto/openpgp" + "github.com/ProtonMail/go-crypto/openpgp/packet" + "github.com/ProtonMail/go-crypto/openpgp/armor" ) func main() { @@ -21,19 +24,19 @@ func main() { } } -func run() error { - names := []string{ - "internal-A", - "internal-B", +type Ident struct { + Name, Comment, Email string +} - "customer-A", - "customer-B", - "customer-C", +func run() error { + idents := []Ident{ + {"Company", "", "main@company.com"}, + {"Customer", "", "customer@example.com"}, } - for _, name := range names { - fmt.Println("Generating keypair for", name) - err := keypair(name) + for _, ident := range idents { + fmt.Println("Generating keypair for", ident.Name) + err := keypair(ident) if err != nil { return err } @@ -46,78 +49,50 @@ const ( keyDir string = "./" ) -func keypair(name string) error { - const bitSize int = 4096 - - key, err := rsa.GenerateKey(rand.Reader, bitSize) +func keypair(ident Ident) error { + ent, err := openpgp.NewEntity(ident.Name, ident.Comment, ident.Email, &packet.Config{ + RSABits: 4096, + Algorithm: packet.PubKeyAlgoRSA, + }) if err != nil { return err } - pub := key.Public() + // Public + pubOut, err := os.Create(filepath.Join(keyDir, "public", ident.Name+".asc")) + if err != nil { + return err + } + defer pubOut.Close() - keyPem := pem.EncodeToMemory( - &pem.Block{ - Type: "RSA PRIVATE KEY", - Bytes: x509.MarshalPKCS1PrivateKey(key), - }, - ) + pubWriter, err := armor.Encode(pubOut, "PGP PUBLIC KEY BLOCK", nil) + if err != nil { + return err + } + defer pubWriter.Close() - pubPem := pem.EncodeToMemory( - &pem.Block{ - Type: "RSA PUBLIC KEY", - Bytes: x509.MarshalPKCS1PublicKey(pub.(*rsa.PublicKey)), - }, - ) - - err = os.WriteFile(filepath.Join(keyDir, "public", name+".pem"), pubPem, 0644) + err = ent.Serialize(pubWriter) if err != nil { return err } - err = os.WriteFile(filepath.Join(keyDir, "private", name+".pem"), keyPem, 0644) + // Private + privOut, err := os.Create(filepath.Join(keyDir, "private", ident.Name+".asc")) if err != nil { return err } + defer privOut.Close() - pubDerRaw, err := x509.MarshalPKIXPublicKey(pub.(*rsa.PublicKey)) + privWriter, err := armor.Encode(privOut, "PGP PRIVATE KEY BLOCK", nil) if err != nil { return err } + defer privWriter.Close() - pubDer := pem.EncodeToMemory( - &pem.Block{ - Type: "RSA PUBLIC KEY", - Bytes: pubDerRaw, - }, - ) - - err = os.WriteFile(filepath.Join(keyDir, "public", name+".asc"), pubDer, 0644) + err = ent.SerializePrivate(privWriter, nil) if err != nil { return err } - //err = encodeToArmor(filepath.Join(keyDir, "public", name+".asc"), pub.(*rsa.PublicKey)) - //if err != nil { - // return err - //} - return nil } - -//func encodeToArmor(filename string, key *rsa.PublicKey) error { -// outfile, err := os.Create(filename) -// if err != nil { -// return err -// } -// defer outfile.Close() -// -// writer, err := armor.Encode(outfile, "PGP PUBLIC KEY", nil) -// if err != nil { -// return err -// } -// defer writer.Close() -// -// _, err = writer.Write(key.) -// return err -//} diff --git a/keys/internal.gpg b/keys/internal.gpg deleted file mode 100644 index 7187ea0..0000000 Binary files a/keys/internal.gpg and /dev/null differ diff --git a/keys/private/.gitignore b/keys/private/.gitignore new file mode 100644 index 0000000..1053c0d --- /dev/null +++ b/keys/private/.gitignore @@ -0,0 +1 @@ +*.asc diff --git a/keys/public/.gitignore b/keys/public/.gitignore new file mode 100644 index 0000000..1053c0d --- /dev/null +++ b/keys/public/.gitignore @@ -0,0 +1 @@ +*.asc diff --git a/server.go b/server.go index 5876370..7b0ca03 100644 --- a/server.go +++ b/server.go @@ -122,6 +122,7 @@ func (s *Server) handler_privatekey(w http.ResponseWriter, r *http.Request) { func (s *Server) findPrivKey(search string) *openpgp.Entity { for _, k := range s.PrivateKeys { + fmt.Printf("%X\n", k.PrimaryKey.KeyId) for _, id := range k.Identities { if strings.ToLower(id.UserId.Name) == search { return k @@ -133,6 +134,10 @@ func (s *Server) findPrivKey(search string) *openpgp.Entity { } for _, sub := range k.Subkeys { + fmt.Printf("%#v\n", sub) + if sub.PrivateKey == nil { + continue + } if fmt.Sprintf("%x", sub.PrivateKey.KeyId) == search { return k } @@ -186,12 +191,15 @@ func handler_default(w http.ResponseWriter, r *http.Request) { func run() error { sv, err := NewServer( []string{ - "keys/gpg-generated/cust-a.pub", - "keys/gpg-generated/cust-b.pub", - "keys/gpg-generated/internal-public.asc", + //"keys/gpg-generated/cust-a.pub", + //"keys/gpg-generated/cust-b.pub", + //"keys/gpg-generated/internal-public.asc", + "keys/public/Customer.asc", + "keys/public/Company.asc", }, []string{ - "keys/gpg-generated/internal-private.asc", + //"keys/gpg-generated/internal-private.asc", + "keys/private/Company.asc", }, ) if err != nil {