From 321e26fae746e661d713cedfb6642609e680cafe Mon Sep 17 00:00:00 2001 From: fuero Date: Mon, 5 Jun 2017 23:28:13 +0200 Subject: Saving private keys (#61) * enables saving private keys * renames public_file_prefix to key_file_prefix and updates its docs to better reflect the changes --- vendor/github.com/mikesmitty/edkey/LICENSE | 21 +++++++ vendor/github.com/mikesmitty/edkey/README.md | 32 ++++++++++ vendor/github.com/mikesmitty/edkey/edkey.go | 88 ++++++++++++++++++++++++++++ vendor/vendor.json | 6 ++ 4 files changed, 147 insertions(+) create mode 100644 vendor/github.com/mikesmitty/edkey/LICENSE create mode 100644 vendor/github.com/mikesmitty/edkey/README.md create mode 100644 vendor/github.com/mikesmitty/edkey/edkey.go (limited to 'vendor') diff --git a/vendor/github.com/mikesmitty/edkey/LICENSE b/vendor/github.com/mikesmitty/edkey/LICENSE new file mode 100644 index 0000000..79169f1 --- /dev/null +++ b/vendor/github.com/mikesmitty/edkey/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2017 Michael Smith + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/vendor/github.com/mikesmitty/edkey/README.md b/vendor/github.com/mikesmitty/edkey/README.md new file mode 100644 index 0000000..a1690ae --- /dev/null +++ b/vendor/github.com/mikesmitty/edkey/README.md @@ -0,0 +1,32 @@ +# edkey +edkey allows you to marshal/write ED25519 private keys in the OpenSSH private key format + +## Example +```go +package main + +import ( + "crypto/rand" + "encoding/pem" + "io/ioutil" + "github.com/mikesmitty/edkey" + "golang.org/x/crypto/ed25519" + "golang.org/x/crypto/ssh" +) + +func main() { + // Generate a new private/public keypair for OpenSSH + pubKey, privKey, _ := ed25519.GenerateKey(rand.Reader) + publicKey, _ := ssh.NewPublicKey(pubKey) + + pemKey := &pem.Block{ + Type: "OPENSSH PRIVATE KEY", + Bytes: edkey.MarshalED25519PrivateKey(privKey), + } + privateKey := pem.EncodeToMemory(pemKey) + authorizedKey := ssh.MarshalAuthorizedKey(publicKey) + + _ = ioutil.WriteFile("id_ed25519", privateKey, 0600) + _ = ioutil.WriteFile("id_ed25519.pub", authorizedKey, 0644) +} +``` diff --git a/vendor/github.com/mikesmitty/edkey/edkey.go b/vendor/github.com/mikesmitty/edkey/edkey.go new file mode 100644 index 0000000..99aca55 --- /dev/null +++ b/vendor/github.com/mikesmitty/edkey/edkey.go @@ -0,0 +1,88 @@ +package edkey + +import ( + "math/rand" + + "golang.org/x/crypto/ed25519" + "golang.org/x/crypto/ssh" +) + +/* Writes ed25519 private keys into the new OpenSSH private key format. +I have no idea why this isn't implemented anywhere yet, you can do seemingly +everything except write it to disk in the OpenSSH private key format. */ +func MarshalED25519PrivateKey(key ed25519.PrivateKey) []byte { + // Add our key header (followed by a null byte) + magic := append([]byte("openssh-key-v1"), 0) + + var w struct { + CipherName string + KdfName string + KdfOpts string + NumKeys uint32 + PubKey []byte + PrivKeyBlock []byte + } + + // Fill out the private key fields + pk1 := struct { + Check1 uint32 + Check2 uint32 + Keytype string + Pub []byte + Priv []byte + Comment string + Pad []byte `ssh:"rest"` + }{} + + // Set our check ints + ci := rand.Uint32() + pk1.Check1 = ci + pk1.Check2 = ci + + // Set our key type + pk1.Keytype = ssh.KeyAlgoED25519 + + // Add the pubkey to the optionally-encrypted block + pk, ok := key.Public().(ed25519.PublicKey) + if !ok { + //fmt.Fprintln(os.Stderr, "ed25519.PublicKey type assertion failed on an ed25519 public key. This should never ever happen.") + return nil + } + pubKey := []byte(pk) + pk1.Pub = pubKey + + // Add our private key + pk1.Priv = []byte(key) + + // Might be useful to put something in here at some point + pk1.Comment = "" + + // Add some padding to match the encryption block size within PrivKeyBlock (without Pad field) + // 8 doesn't match the documentation, but that's what ssh-keygen uses for unencrypted keys. *shrug* + bs := 8 + blockLen := len(ssh.Marshal(pk1)) + padLen := (bs - (blockLen % bs)) % bs + pk1.Pad = make([]byte, padLen) + + // Padding is a sequence of bytes like: 1, 2, 3... + for i := 0; i < padLen; i++ { + pk1.Pad[i] = byte(i + 1) + } + + // Generate the pubkey prefix "\0\0\0\nssh-ed25519\0\0\0 " + prefix := []byte{0x0, 0x0, 0x0, 0x0b} + prefix = append(prefix, []byte(ssh.KeyAlgoED25519)...) + prefix = append(prefix, []byte{0x0, 0x0, 0x0, 0x20}...) + + // Only going to support unencrypted keys for now + w.CipherName = "none" + w.KdfName = "none" + w.KdfOpts = "" + w.NumKeys = 1 + w.PubKey = append(prefix, pubKey...) + w.PrivKeyBlock = ssh.Marshal(pk1) + + magic = append(magic, ssh.Marshal(w)...) + + return magic +} diff --git a/vendor/vendor.json b/vendor/vendor.json index 63bdaaf..25b227e 100644 --- a/vendor/vendor.json +++ b/vendor/vendor.json @@ -452,6 +452,12 @@ "revision": "c12348ce28de40eed0136aa2b644d0ee0650e56c", "revisionTime": "2016-04-24T11:30:07Z" }, + { + "checksumSHA1": "lafP5ecnlvfzv3oYf63Ibhcl8As=", + "path": "github.com/mikesmitty/edkey", + "revision": "3356ea4e686a1d47ae5d2d4c3cbc1832ce2df626", + "revisionTime": "2017-02-22T07:25:05Z" + }, { "checksumSHA1": "V/quM7+em2ByJbWBLOsEwnY3j/Q=", "path": "github.com/mitchellh/go-homedir", -- cgit v1.2.3