Zorchenhimer
/
pgp-key-management
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix key generation 

Generated keys can now be imported into gpg.
This commit is contained in:
Zorchenhimer 2024-08-04 18:27:29 -04:00
parent 4c2df57ff8
commit af49f90d0a
Signed by: Zorchenhimer
GPG Key ID: 70A1AB767AAB9C20
6 changed files with 55 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
keys/customer-pub.gpg
View File

Binary file not shown.

109
keys/generate-keys.go
View File

@ -1,16 +1,19 @@
package main package main
import ( import (
"crypto/rand" //"crypto/rand"
"crypto/rsa" //"crypto/rsa"
"crypto/x509" //"crypto/x509"
"encoding/pem" //"encoding/pem"
"fmt" "fmt"
"os" "os"
"path/filepath" "path/filepath"
//"bytes"
//"io" //"io"
//"github.com/ProtonMail/go-crypto/openpgp/armor" "github.com/ProtonMail/go-crypto/openpgp"
"github.com/ProtonMail/go-crypto/openpgp/packet"
"github.com/ProtonMail/go-crypto/openpgp/armor"
) )
func main() { func main() {
@ -21,19 +24,19 @@ func main() {
} }
} }
func run() error { type Ident struct {
names := []string{ Name, Comment, Email string
"internal-A",
"internal-B",
"customer-A",
"customer-B",
"customer-C",
} }
for _, name := range names { func run() error {
fmt.Println("Generating keypair for", name) idents := []Ident{
err := keypair(name) {"Company", "", "main@company.com"},
{"Customer", "", "customer@example.com"},
}
for _, ident := range idents {
fmt.Println("Generating keypair for", ident.Name)
err := keypair(ident)
if err != nil { if err != nil {
return err return err
} }
@ -46,78 +49,50 @@ const (
keyDir string = "./" keyDir string = "./"
) )
func keypair(name string) error { func keypair(ident Ident) error {
const bitSize int = 4096 ent, err := openpgp.NewEntity(ident.Name, ident.Comment, ident.Email, &packet.Config{
RSABits: 4096,
key, err := rsa.GenerateKey(rand.Reader, bitSize) Algorithm: packet.PubKeyAlgoRSA,
})
if err != nil { if err != nil {
return err return err
} }
pub := key.Public() // Public
pubOut, err := os.Create(filepath.Join(keyDir, "public", ident.Name+".asc"))
if err != nil {
return err
}
defer pubOut.Close()
keyPem := pem.EncodeToMemory( pubWriter, err := armor.Encode(pubOut, "PGP PUBLIC KEY BLOCK", nil)
&pem.Block{ if err != nil {
Type: "RSA PRIVATE KEY", return err
Bytes: x509.MarshalPKCS1PrivateKey(key), }
}, defer pubWriter.Close()
)
pubPem := pem.EncodeToMemory( err = ent.Serialize(pubWriter)
&pem.Block{
Type: "RSA PUBLIC KEY",
Bytes: x509.MarshalPKCS1PublicKey(pub.(*rsa.PublicKey)),
},
)
err = os.WriteFile(filepath.Join(keyDir, "public", name+".pem"), pubPem, 0644)
if err != nil { if err != nil {
return err return err
} }
err = os.WriteFile(filepath.Join(keyDir, "private", name+".pem"), keyPem, 0644) // Private
privOut, err := os.Create(filepath.Join(keyDir, "private", ident.Name+".asc"))
if err != nil { if err != nil {
return err return err
} }
defer privOut.Close()
pubDerRaw, err := x509.MarshalPKIXPublicKey(pub.(*rsa.PublicKey)) privWriter, err := armor.Encode(privOut, "PGP PRIVATE KEY BLOCK", nil)
if err != nil { if err != nil {
return err return err
} }
defer privWriter.Close()
pubDer := pem.EncodeToMemory( err = ent.SerializePrivate(privWriter, nil)
&pem.Block{
Type: "RSA PUBLIC KEY",
Bytes: pubDerRaw,
},
)
err = os.WriteFile(filepath.Join(keyDir, "public", name+".asc"), pubDer, 0644)
if err != nil { if err != nil {
return err return err
} }
//err = encodeToArmor(filepath.Join(keyDir, "public", name+".asc"), pub.(*rsa.PublicKey))
//if err != nil {
// return err
//}
return nil return nil
} }
//func encodeToArmor(filename string, key *rsa.PublicKey) error {
// outfile, err := os.Create(filename)
// if err != nil {
// return err
// }
// defer outfile.Close()
//
// writer, err := armor.Encode(outfile, "PGP PUBLIC KEY", nil)
// if err != nil {
// return err
// }
// defer writer.Close()
//
// _, err = writer.Write(key.)
// return err
//}

BIN
keys/internal.gpg
View File

Binary file not shown.

1
keys/private/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
*.asc

1
keys/public/.gitignore vendored Normal file
View File

@ -0,0 +1 @@
*.asc

16
server.go
View File

@ -122,6 +122,7 @@ func (s *Server) handler_privatekey(w http.ResponseWriter, r *http.Request) {
func (s *Server) findPrivKey(search string) *openpgp.Entity { func (s *Server) findPrivKey(search string) *openpgp.Entity {
for _, k := range s.PrivateKeys { for _, k := range s.PrivateKeys {
fmt.Printf("%X\n", k.PrimaryKey.KeyId)
for _, id := range k.Identities { for _, id := range k.Identities {
if strings.ToLower(id.UserId.Name) == search { if strings.ToLower(id.UserId.Name) == search {
return k return k
@ -133,6 +134,10 @@ func (s *Server) findPrivKey(search string) *openpgp.Entity {
} }
for _, sub := range k.Subkeys { for _, sub := range k.Subkeys {
fmt.Printf("%#v\n", sub)
if sub.PrivateKey == nil {
continue
}
if fmt.Sprintf("%x", sub.PrivateKey.KeyId) == search { if fmt.Sprintf("%x", sub.PrivateKey.KeyId) == search {
return k return k
} }
@ -186,12 +191,15 @@ func handler_default(w http.ResponseWriter, r *http.Request) {
func run() error { func run() error {
sv, err := NewServer( sv, err := NewServer(
[]string{ []string{
"keys/gpg-generated/cust-a.pub", //"keys/gpg-generated/cust-a.pub",
"keys/gpg-generated/cust-b.pub", //"keys/gpg-generated/cust-b.pub",
"keys/gpg-generated/internal-public.asc", //"keys/gpg-generated/internal-public.asc",
"keys/public/Customer.asc",
"keys/public/Company.asc",
}, },
[]string{ []string{
"keys/gpg-generated/internal-private.asc", //"keys/gpg-generated/internal-private.asc",
"keys/private/Company.asc",
}, },
) )
if err != nil { if err != nil {