From 68f357e14f4c8e829b1c85e1fa832ea2e15e1542 Mon Sep 17 00:00:00 2001 From: Robert Sesek Date: Sat, 8 Aug 2020 18:10:55 -0400 Subject: [PATCH] Add a tool to wrap a raw ED25519 key in PKCS8. This will let the key be used by OpenSSL. --- dev/.gitignore | 1 + dev/asn1-wrap-ed25519.go | 70 ++++++++++++++++++++++++++++++++++++++++ 2 files changed, 71 insertions(+) create mode 100644 dev/asn1-wrap-ed25519.go diff --git a/dev/.gitignore b/dev/.gitignore index a3d806c..8760178 100644 --- a/dev/.gitignore +++ b/dev/.gitignore @@ -1,3 +1,4 @@ +asn1-wrap-ed25519 openssl-sign-ed25519 private/ signer-ed25519 diff --git a/dev/asn1-wrap-ed25519.go b/dev/asn1-wrap-ed25519.go new file mode 100644 index 0000000..7fa103b --- /dev/null +++ b/dev/asn1-wrap-ed25519.go @@ -0,0 +1,70 @@ +/* + * MacGDBp + * Copyright (c) 2020, Blue Static + * + * This program is free software; you can redistribute it and/or modify it under the terms of the GNU + * General Public License as published by the Free Software Foundation; either version 2 of the + * License, or (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without + * even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + * General Public License for more details. + * + * You should have received a copy of the GNU General Public License along with this program; if not, + * write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA + */ + + +/* +asn1-wrap-ed25519 takes a raw private key from signer-ed25519 and reencodes it as PEM PKCS8 (ASN.1). + +The raw keys generated by signer-ed25519 are not compatible with the OpenSSL +command. By storing it in PKCS8, the keys can be used with openssl commands. + +Usage: + + ./signer-ed25519 -new-key > out.key + ./asn1-wrap-ed25519 out.key > out-wrapped.key +*/ +package main + +import ( + "crypto/ed25519" + "crypto/x509" + "encoding/pem" + "fmt" + "io/ioutil" + "os" +) + +func main() { + keyfile := os.Args[1] + + keyPemData, err := ioutil.ReadFile(keyfile) + if err != nil { + fmt.Fprintf(os.Stderr, "Failed to read key: %v\n", err) + os.Exit(1) + } + + keyPem, _ := pem.Decode(keyPemData) + if keyPem == nil { + fmt.Fprintf(os.Stderr, "Failed to decode PEM: %v\n", err) + os.Exit(1) + } + + key := ed25519.PrivateKey(keyPem.Bytes) + + asn1Bytes, err := x509.MarshalPKCS8PrivateKey(key) + if err != nil { + fmt.Fprintf(os.Stderr, "Failed to ASN.1 encode key: %v\n", err) + os.Exit(1) + } + + asn1Pem := &pem.Block{Type: "PRIVATE KEY", Bytes: asn1Bytes} + + err = pem.Encode(os.Stdout, asn1Pem) + if err != nil { + fmt.Println("Failed to PEM-encode ASN.1 key: %v\n", err) + os.Exit(1) + } +} -- 2.22.5