Fix key generation
Generated keys can now be imported into gpg.
This commit is contained in:
parent
4c2df57ff8
commit
af49f90d0a
Binary file not shown.
|
@ -1,16 +1,19 @@
|
|||
package main
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"crypto/rsa"
|
||||
"crypto/x509"
|
||||
"encoding/pem"
|
||||
//"crypto/rand"
|
||||
//"crypto/rsa"
|
||||
//"crypto/x509"
|
||||
//"encoding/pem"
|
||||
"fmt"
|
||||
"os"
|
||||
"path/filepath"
|
||||
//"bytes"
|
||||
//"io"
|
||||
|
||||
//"github.com/ProtonMail/go-crypto/openpgp/armor"
|
||||
"github.com/ProtonMail/go-crypto/openpgp"
|
||||
"github.com/ProtonMail/go-crypto/openpgp/packet"
|
||||
"github.com/ProtonMail/go-crypto/openpgp/armor"
|
||||
)
|
||||
|
||||
func main() {
|
||||
|
@ -21,19 +24,19 @@ func main() {
|
|||
}
|
||||
}
|
||||
|
||||
func run() error {
|
||||
names := []string{
|
||||
"internal-A",
|
||||
"internal-B",
|
||||
type Ident struct {
|
||||
Name, Comment, Email string
|
||||
}
|
||||
|
||||
"customer-A",
|
||||
"customer-B",
|
||||
"customer-C",
|
||||
func run() error {
|
||||
idents := []Ident{
|
||||
{"Company", "", "main@company.com"},
|
||||
{"Customer", "", "customer@example.com"},
|
||||
}
|
||||
|
||||
for _, name := range names {
|
||||
fmt.Println("Generating keypair for", name)
|
||||
err := keypair(name)
|
||||
for _, ident := range idents {
|
||||
fmt.Println("Generating keypair for", ident.Name)
|
||||
err := keypair(ident)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
@ -46,78 +49,50 @@ const (
|
|||
keyDir string = "./"
|
||||
)
|
||||
|
||||
func keypair(name string) error {
|
||||
const bitSize int = 4096
|
||||
|
||||
key, err := rsa.GenerateKey(rand.Reader, bitSize)
|
||||
func keypair(ident Ident) error {
|
||||
ent, err := openpgp.NewEntity(ident.Name, ident.Comment, ident.Email, &packet.Config{
|
||||
RSABits: 4096,
|
||||
Algorithm: packet.PubKeyAlgoRSA,
|
||||
})
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
pub := key.Public()
|
||||
// Public
|
||||
pubOut, err := os.Create(filepath.Join(keyDir, "public", ident.Name+".asc"))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer pubOut.Close()
|
||||
|
||||
keyPem := pem.EncodeToMemory(
|
||||
&pem.Block{
|
||||
Type: "RSA PRIVATE KEY",
|
||||
Bytes: x509.MarshalPKCS1PrivateKey(key),
|
||||
},
|
||||
)
|
||||
pubWriter, err := armor.Encode(pubOut, "PGP PUBLIC KEY BLOCK", nil)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer pubWriter.Close()
|
||||
|
||||
pubPem := pem.EncodeToMemory(
|
||||
&pem.Block{
|
||||
Type: "RSA PUBLIC KEY",
|
||||
Bytes: x509.MarshalPKCS1PublicKey(pub.(*rsa.PublicKey)),
|
||||
},
|
||||
)
|
||||
|
||||
err = os.WriteFile(filepath.Join(keyDir, "public", name+".pem"), pubPem, 0644)
|
||||
err = ent.Serialize(pubWriter)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
err = os.WriteFile(filepath.Join(keyDir, "private", name+".pem"), keyPem, 0644)
|
||||
// Private
|
||||
privOut, err := os.Create(filepath.Join(keyDir, "private", ident.Name+".asc"))
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer privOut.Close()
|
||||
|
||||
pubDerRaw, err := x509.MarshalPKIXPublicKey(pub.(*rsa.PublicKey))
|
||||
privWriter, err := armor.Encode(privOut, "PGP PRIVATE KEY BLOCK", nil)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
defer privWriter.Close()
|
||||
|
||||
pubDer := pem.EncodeToMemory(
|
||||
&pem.Block{
|
||||
Type: "RSA PUBLIC KEY",
|
||||
Bytes: pubDerRaw,
|
||||
},
|
||||
)
|
||||
|
||||
err = os.WriteFile(filepath.Join(keyDir, "public", name+".asc"), pubDer, 0644)
|
||||
err = ent.SerializePrivate(privWriter, nil)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
//err = encodeToArmor(filepath.Join(keyDir, "public", name+".asc"), pub.(*rsa.PublicKey))
|
||||
//if err != nil {
|
||||
// return err
|
||||
//}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
//func encodeToArmor(filename string, key *rsa.PublicKey) error {
|
||||
// outfile, err := os.Create(filename)
|
||||
// if err != nil {
|
||||
// return err
|
||||
// }
|
||||
// defer outfile.Close()
|
||||
//
|
||||
// writer, err := armor.Encode(outfile, "PGP PUBLIC KEY", nil)
|
||||
// if err != nil {
|
||||
// return err
|
||||
// }
|
||||
// defer writer.Close()
|
||||
//
|
||||
// _, err = writer.Write(key.)
|
||||
// return err
|
||||
//}
|
||||
|
|
Binary file not shown.
|
@ -0,0 +1 @@
|
|||
*.asc
|
|
@ -0,0 +1 @@
|
|||
*.asc
|
16
server.go
16
server.go
|
@ -122,6 +122,7 @@ func (s *Server) handler_privatekey(w http.ResponseWriter, r *http.Request) {
|
|||
|
||||
func (s *Server) findPrivKey(search string) *openpgp.Entity {
|
||||
for _, k := range s.PrivateKeys {
|
||||
fmt.Printf("%X\n", k.PrimaryKey.KeyId)
|
||||
for _, id := range k.Identities {
|
||||
if strings.ToLower(id.UserId.Name) == search {
|
||||
return k
|
||||
|
@ -133,6 +134,10 @@ func (s *Server) findPrivKey(search string) *openpgp.Entity {
|
|||
}
|
||||
|
||||
for _, sub := range k.Subkeys {
|
||||
fmt.Printf("%#v\n", sub)
|
||||
if sub.PrivateKey == nil {
|
||||
continue
|
||||
}
|
||||
if fmt.Sprintf("%x", sub.PrivateKey.KeyId) == search {
|
||||
return k
|
||||
}
|
||||
|
@ -186,12 +191,15 @@ func handler_default(w http.ResponseWriter, r *http.Request) {
|
|||
func run() error {
|
||||
sv, err := NewServer(
|
||||
[]string{
|
||||
"keys/gpg-generated/cust-a.pub",
|
||||
"keys/gpg-generated/cust-b.pub",
|
||||
"keys/gpg-generated/internal-public.asc",
|
||||
//"keys/gpg-generated/cust-a.pub",
|
||||
//"keys/gpg-generated/cust-b.pub",
|
||||
//"keys/gpg-generated/internal-public.asc",
|
||||
"keys/public/Customer.asc",
|
||||
"keys/public/Company.asc",
|
||||
},
|
||||
[]string{
|
||||
"keys/gpg-generated/internal-private.asc",
|
||||
//"keys/gpg-generated/internal-private.asc",
|
||||
"keys/private/Company.asc",
|
||||
},
|
||||
)
|
||||
if err != nil {
|
||||
|
|
Loading…
Reference in New Issue