summaryrefslogtreecommitdiff
path: root/src/keytrans/pem2openpgp
blob: 38baa959d93f433c33b50e29676025792f0a94d3 (plain) 
    

  1. #!/usr/bin/perl -w -T
    2. 

  2. 

  3. # pem2openpgp: take a PEM-encoded RSA private-key on standard input, a
    4. 

  4. # User ID as the first argument, and generate an OpenPGP certificate
    5. 

  5. # from it.
    6. 

  6. 

  7. # Authors:
    8. 

  8. #  Jameson Rollins <jrollins@finestructure.net>
    9. 

  9. #  Daniel Kahn Gillmor <dkg@fifthhorseman.net>
    10. 

  10. 

  11. # Started on: 2009-01-07 02:01:19-0500
    12. 

  12. 

  13. # License: GPL v3 or later (we may need to adjust this given that this
    14. 

  14. # connects to OpenSSL via perl)
    15. 

  15. 

  16. use strict;
    17. 

  17. use warnings;
    18. 

  18. use Crypt::OpenSSL::RSA;
    19. 

  19. use Crypt::OpenSSL::Bignum;
    20. 

  20. use Digest::SHA1;
    21. 

  21. use MIME::Base64;
    22. 

  22. 

  23. 

  24. # make an old-style packet out of the given packet type and body.
    25. 

  25. # old-style  (see RFC 4880 section 4.2)
    26. 

  26. sub make_packet {
    27. 

  27.   my $type = shift;
    28. 

  28.   my $body = shift;
    29. 

  29. 

  30. # FIXME: yet another length():
    31. 

  31.   my $len = length($body);
    32. 

  32. 

  33.   my $lenbytes;
    34. 

  34.   my $lencode;
    35. 

  35. 

  36.   if ($len < 2**8) {
    37. 

  37.     $lenbytes = 0;
    38. 

  38.     $lencode = 'C';
    39. 

  39.   } elsif ($len < 2**16) {
    40. 

  40.     $lenbytes = 1;
    41. 

  41.     $lencode = 'n';
    42. 

  42.   } elsif ($len < 2**31) {
    43. 

  43.     ## not testing against full 32 bits because i don't want to deal
    44. 

  44.     ## with potential overflow.
    45. 

  45.     $lenbytes = 2;
    46. 

  46.     $lencode = 'N';
    47. 

  47.   } else {
    48. 

  48.     ## what the hell do we do here?
    49. 

  49.     $lenbytes = 3;
    50. 

  50.     $lencode = '';
    51. 

  51.   }
    52. 

  52. 

  53.   return pack('C'.$lencode, 0x80 + ($type * 4) + $lenbytes, $len).
    54. 

  54.     $body;
    55. 

  55. }
    56. 

  56. 

  57. 

  58. # takes a Crypt::OpenSSL::Bignum
    59. 

  59. sub mpi_pack {
    60. 

  60.   my $num = shift;
    61. 

  61. 

  62.   my $hex = $num->to_hex();
    63. 

  63. 

  64.   my $mpilen = length($hex)*4;
    65. 

  65. 

  66. # this is a kludgy way to get the number of bits in the first byte:
    67. 

  67.   my $bitsinfirstbyte = length(sprintf("%b", hex(substr $hex, 0, 2)));
    68. 

  68. 

  69.   $mpilen -= (8 - $bitsinfirstbyte);
    70. 

  70. 

  71.   return pack('n', $mpilen).$num->to_bin();
    72. 

  72. }
    73. 

  73. 

  74. 

  75. my $holdTerminator = $/;
    76. 

  76. undef $/;
    77. 

  77. my $buf = <STDIN>;
    78. 

  78. 

  79. 

  80. my $rsa = Crypt::OpenSSL::RSA->new_private_key($buf);
    81. 

  81. 

  82. $rsa->use_sha1_hash();
    83. 

  83. $rsa->use_no_padding();
    84. 

  84. 

  85. if (! $rsa->check_key()) {
    86. 

  86.   die "key does not check";
    87. 

  87. }
    88. 

  88. 

  89. my $uid = 'fake key (do not use) <test@example.org>';
    90. 

  90. 

  91. 

  92. 

  93. my $version = pack('C', 4);
    94. 

  94. # strong assertion of identity:
    95. 

  95. my $sigtype = pack('C', 0x13);
    96. 

  96. # RSA
    97. 

  97. my $pubkey_algo = pack('C', 1);
    98. 

  98. # SHA1
    99. 

  99. my $hash_algo = pack('C', 2);
    100. 

  100. 

  101. 

  102. 

  103. my $timestamp = 1231003584;
    104. 

  104. 

  105. my $creation_time_packet = pack('CCN', 5, 2, $timestamp);
    106. 

  106. 

  107. 

  108. # usage: signing and certification:
    109. 

  109. my $flags = 0x03;
    110. 

  110. my $usage_packet = pack('CCC', 2, 27, $flags);
    111. 

  111. 

  112. 

  113. # expire in 2 days:
    114. 

  114. my $expires_in = 86400*2;
    115. 

  115. my $expiration_packet = pack('CCN', 5, 9, $expires_in);
    116. 

  116. 

  117. 

  118. # prefer AES-256, AES-192, AES-128, CAST5, 3DES:
    119. 

  119. my $pref_sym_algos = pack('CCCCCCC', 6, 11, 9, 8, 7, 3, 2);
    120. 

  120. 

  121. # prefer SHA-1, SHA-256, RIPE-MD/160
    122. 

  122. my $pref_hash_algos = pack('CCCCC', 4, 21, 2, 8, 3);
    123. 

  123. 

  124. # prefer ZLIB, BZip2, ZIP
    125. 

  125. my $pref_zip_algos = pack('CCCCC', 4, 22, 2, 3, 1);
    126. 

  126. 

  127. # we support the MDC feature:
    128. 

  128. my $features = pack('CCC', 2, 30, 1);
    129. 

  129. 

  130. # keyserver preference: only owner modify (???):
    131. 

  131. my $keyserver_pref = pack('CCC', 2, 23, 0x80);
    132. 

  132. 

  133. my $subpackets_to_be_hashed = 
    134. 

  134.   $creation_time_packet.
    135. 

  135.   $usage_packet.
    136. 

  136.   $expiration_packet.
    137. 

  137.   $pref_sym_algos.
    138. 

  138.   $pref_hash_algos.
    139. 

  139.   $pref_zip_algos.
    140. 

  140.   $features.
    141. 

  141.   $keyserver_pref;
    142. 

  142. 

  143. #FIXME: what's the right way to get length()?
    144. 

  144. my $subpacket_octets = pack('n', length($subpackets_to_be_hashed));
    145. 

  145. 

  146. my $sig_data_to_be_hashed =
    147. 

  147.   $version.
    148. 

  148.   $sigtype.
    149. 

  149.   $pubkey_algo.
    150. 

  150.   $hash_algo.
    151. 

  151.   $subpacket_octets.
    152. 

  152.   $subpackets_to_be_hashed;
    153. 

  153. 

  154. 

  155. my ($n, $e, $d, $p, $q) = $rsa->get_key_parameters();
    156. 

  156. 

  157. 

  158. my $pubkey =
    159. 

  159.   pack('CN', 4, $timestamp).
    160. 

  160.   $pubkey_algo.
    161. 

  161.   mpi_pack($n).
    162. 

  162.   mpi_pack($e);
    163. 

  163. 

  164. #open(KEYFILE, "</home/wt215/gpg-test/key-data");
    165. 

  165. my $key_data = make_packet(6, $pubkey);
    166. 

  166. 

  167. # FIXME: $keyid should be generated from the public key instead of
    168. 

  168. # hardcoded:
    169. 

  169. my $keyid = '5616d7cb02e69446';
    170. 

  170. 

  171. # the v4 signature trailer is:
    172. 

  172. 

  173. # version number, literal 0xff, and then a 4-byte count of the
    174. 

  174. # signature data itself.
    175. 

  175. my $trailer = pack('CCN', 4, 0xff, length($sig_data_to_be_hashed));
    176. 

  176. 

  177. # FIXME: length() is probably not right here either in the event that
    178. 

  178. # the uid uses unicode.
    179. 

  179. my $uid_data =
    180. 

  180.   pack('CN', 0xb4, length($uid)).
    181. 

  181.   $uid;
    182. 

  182. 

  183. my $datatosign =
    184. 

  184.   $key_data.
    185. 

  185.   $uid_data.
    186. 

  186.   $sig_data_to_be_hashed.
    187. 

  187.   $trailer;
    188. 

  188. 

  189. my $data_hash = Digest::SHA1::sha1_hex($datatosign);
    190. 

  190. 

  191. 

  192. my $issuer_packet = pack('CCH16', 9, 16, $keyid);
    193. 

  193. 

  194. my $sig = Crypt::OpenSSL::Bignum->new_from_bin($rsa->sign($datatosign));
    195. 

  195. 

  196. my $sig_body =
    197. 

  197.   $sig_data_to_be_hashed.
    198. 

  198. # FIXME: another dubious length() call.
    199. 

  199.   pack('n', length($issuer_packet)).
    200. 

  200.   $issuer_packet.
    201. 

  201.   pack('n', hex(substr($data_hash, 0, 4))).
    202. 

  202.   mpi_pack($sig);
    203. 

  203. 

  204. print make_packet(6, $pubkey);
    205. 

  205. print make_packet(13, $uid);
    206. 

  206. print make_packet(2, $sig_body);
    207. 

  207. 

  208. $/ = $holdTerminator;
    209.
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-02 13:28:24 +0000