Fix key generation

Generated keys can now be imported into gpg.
2024-08-04 18:27:29 -04:00 · 2024-08-04 18:27:29 -04:00 · af49f90d0a
parent 4c2df57ff8
commit af49f90d0a
6 changed files with 55 additions and 70 deletions
--- a/keys/customer-pub.gpg
+++ b/keys/customer-pub.gpg
--- a/keys/generate-keys.go
+++ b/keys/generate-keys.go
@ -1,16 +1,19 @@
 package main

 import (
-	"crypto/rand"
-	"crypto/rsa"
-	"crypto/x509"
-	"encoding/pem"
+	//"crypto/rand"
+	//"crypto/rsa"
+	//"crypto/x509"
+	//"encoding/pem"
 	"fmt"
 	"os"
 	"path/filepath"
+	//"bytes"
 	//"io"

-	//"github.com/ProtonMail/go-crypto/openpgp/armor"
+	"github.com/ProtonMail/go-crypto/openpgp"
+	"github.com/ProtonMail/go-crypto/openpgp/packet"
+	"github.com/ProtonMail/go-crypto/openpgp/armor"
 )

 func main() {
@ -21,19 +24,19 @@ func main() {
 	}
 }

-func run() error {
-	names := []string{
-		"internal-A",
-		"internal-B",
+type Ident struct {
+	Name, Comment, Email string
+}

-		"customer-A",
-		"customer-B",
-		"customer-C",
+func run() error {
+	idents := []Ident{
+		{"Company", "", "main@company.com"},
+		{"Customer", "", "customer@example.com"},
 	}

-	for _, name := range names {
-		fmt.Println("Generating keypair for", name)
-		err := keypair(name)
+	for _, ident := range idents {
+		fmt.Println("Generating keypair for", ident.Name)
+		err := keypair(ident)
 		if err != nil {
 			return err
 		}
@ -46,78 +49,50 @@ const (
 	keyDir string = "./"
 )

-func keypair(name string) error {
-	const bitSize int = 4096
-
-	key, err := rsa.GenerateKey(rand.Reader, bitSize)
+func keypair(ident Ident) error {
+	ent, err := openpgp.NewEntity(ident.Name, ident.Comment, ident.Email, &packet.Config{
+		RSABits: 4096,
+		Algorithm: packet.PubKeyAlgoRSA,
+	})
 	if err != nil {
 		return err
 	}

-	pub := key.Public()
+	// Public
+	pubOut, err := os.Create(filepath.Join(keyDir, "public", ident.Name+".asc"))
+	if err != nil {
+		return err
+	}
+	defer pubOut.Close()

-	keyPem := pem.EncodeToMemory(
-		&pem.Block{
-			Type: "RSA PRIVATE KEY",
-			Bytes: x509.MarshalPKCS1PrivateKey(key),
-		},
-	)
+	pubWriter, err := armor.Encode(pubOut, "PGP PUBLIC KEY BLOCK", nil)
+	if err != nil {
+		return err
+	}
+	defer pubWriter.Close()

-	pubPem := pem.EncodeToMemory(
-		&pem.Block{
-			Type: "RSA PUBLIC KEY",
-			Bytes: x509.MarshalPKCS1PublicKey(pub.(*rsa.PublicKey)),
-		},
-	)
-
-	err = os.WriteFile(filepath.Join(keyDir, "public", name+".pem"), pubPem, 0644)
+	err = ent.Serialize(pubWriter)
 	if err != nil {
 		return err
 	}

-	err = os.WriteFile(filepath.Join(keyDir, "private", name+".pem"), keyPem, 0644)
+	// Private
+	privOut, err := os.Create(filepath.Join(keyDir, "private", ident.Name+".asc"))
 	if err != nil {
 		return err
 	}
+	defer privOut.Close()

-	pubDerRaw, err := x509.MarshalPKIXPublicKey(pub.(*rsa.PublicKey))
+	privWriter, err := armor.Encode(privOut, "PGP PRIVATE KEY BLOCK", nil)
 	if err != nil {
 		return err
 	}
+	defer privWriter.Close()

-	pubDer := pem.EncodeToMemory(
-		&pem.Block{
-			Type: "RSA PUBLIC KEY",
-			Bytes: pubDerRaw,
-		},
-	)
-
-	err = os.WriteFile(filepath.Join(keyDir, "public", name+".asc"), pubDer, 0644)
+	err = ent.SerializePrivate(privWriter, nil)
 	if err != nil {
 		return err
 	}

-	//err = encodeToArmor(filepath.Join(keyDir, "public", name+".asc"), pub.(*rsa.PublicKey))
-	//if err != nil {
-	//	return err
-	//}
-
 	return nil
 }
-
-//func encodeToArmor(filename string, key *rsa.PublicKey) error {
-//	outfile, err := os.Create(filename)
-//	if err != nil {
-//		return err
-//	}
-//	defer outfile.Close()
-//
-//	writer, err := armor.Encode(outfile, "PGP PUBLIC KEY", nil)
-//	if err != nil {
-//		return err
-//	}
-//	defer writer.Close()
-//
-//	_, err = writer.Write(key.)
-//	return err
-//}
--- a/keys/internal.gpg
+++ b/keys/internal.gpg
--- a/keys/private/.gitignore
+++ b/keys/private/.gitignore
@ -0,0 +1 @@
+*.asc
--- a/keys/public/.gitignore
+++ b/keys/public/.gitignore
@ -0,0 +1 @@
+*.asc
--- a/server.go
+++ b/server.go
@ -122,6 +122,7 @@ func (s *Server) handler_privatekey(w http.ResponseWriter, r *http.Request) {

 func (s *Server) findPrivKey(search string) *openpgp.Entity {
 	for _, k := range s.PrivateKeys {
+		fmt.Printf("%X\n", k.PrimaryKey.KeyId)
 		for _, id := range k.Identities {
 			if strings.ToLower(id.UserId.Name) == search {
 				return k
@ -133,6 +134,10 @@ func (s *Server) findPrivKey(search string) *openpgp.Entity {
 		}

 		for _, sub := range k.Subkeys {
+			fmt.Printf("%#v\n", sub)
+			if sub.PrivateKey == nil {
+				continue
+			}
 			if fmt.Sprintf("%x", sub.PrivateKey.KeyId) == search {
 				return k
 			}
@ -186,12 +191,15 @@ func handler_default(w http.ResponseWriter, r *http.Request) {
 func run() error {
 	sv, err := NewServer(
 		[]string{
-			"keys/gpg-generated/cust-a.pub",
-			"keys/gpg-generated/cust-b.pub",
-			"keys/gpg-generated/internal-public.asc",
+			//"keys/gpg-generated/cust-a.pub",
+			//"keys/gpg-generated/cust-b.pub",
+			//"keys/gpg-generated/internal-public.asc",
+			"keys/public/Customer.asc",
+			"keys/public/Company.asc",
 		},
 		[]string{
-			"keys/gpg-generated/internal-private.asc",
+			//"keys/gpg-generated/internal-private.asc",
+			"keys/private/Company.asc",
 		},
 	)
 	if err != nil {