#!/usr/bin/perl -w -T # pem2openpgp: take a PEM-encoded RSA private-key on standard input, a # User ID as the first argument, and generate an OpenPGP certificate # from it. # Usage: # pem2openpgp 'ssh://'$(hostname -f) < /etc/ssh/ssh_host_rsa_key | gpg --import # Authors: # Jameson Rollins # Daniel Kahn Gillmor # Started on: 2009-01-07 02:01:19-0500 # License: GPL v3 or later (we may need to adjust this given that this # connects to OpenSSL via perl) use strict; use warnings; use Crypt::OpenSSL::RSA; use Crypt::OpenSSL::Bignum; use Digest::SHA1; use MIME::Base64; ## make sure all length() and substr() calls use bytes only: use bytes; my $uid = shift; # FIXME: fail if there is no given user ID; or should we default to # hostname_long() from Sys::Hostname::Long ? # make an old-style packet out of the given packet type and body. # old-style (see RFC 4880 section 4.2) sub make_packet { my $type = shift; my $body = shift; my $len = length($body); my $lenbytes; my $lencode; if ($len < 2**8) { $lenbytes = 0; $lencode = 'C'; } elsif ($len < 2**16) { $lenbytes = 1; $lencode = 'n'; } elsif ($len < 2**31) { ## not testing against full 32 bits because i don't want to deal ## with potential overflow. $lenbytes = 2; $lencode = 'N'; } else { ## what the hell do we do here? $lenbytes = 3; $lencode = ''; } return pack('C'.$lencode, 0x80 + ($type * 4) + $lenbytes, $len). $body; } # takes a Crypt::OpenSSL::Bignum, returns it formatted as OpenPGP MPI # (RFC 4880 section 3.2) sub mpi_pack { my $num = shift; my $val = $num->to_bin(); my $mpilen = length($val)*8; # this is a kludgy way to get the number of significant bits in the # first byte: my $bitsinfirstbyte = length(sprintf("%b", ord($val))); $mpilen -= (8 - $bitsinfirstbyte); return pack('n', $mpilen).$val; } # FIXME: genericize this to accept either RSA or DSA keys: sub make_rsa_pub_key_body { my $key = shift; my $timestamp = shift; my ($n, $e) = $key->get_key_parameters(); return pack('CN', 4, $timestamp). pack('C', 1). # RSA mpi_pack($n). mpi_pack($e); } # expects an RSA key (public or private) and a timestamp sub fingerprint { my $key = shift; my $timestamp = shift; my $rsabody = make_rsa_pub_key_body($key, $timestamp); return Digest::SHA1::sha1(pack('Cn', 0x99, length($rsabody)).$rsabody); } # FIXME: replace the opaque numbers below with # semantically-meaningful references based on these tables. # see RFC 4880 section 9.1 (ignoring deprecated algorithms for now) my $asym_algos = { rsa => 1, elgamal => 16, dsa => 17, } # see RFC 4880 section 9.2 my $ciphers = { plaintext => 0, idea => 1, 3des => 2, cast5 => 3, blowfish => 4, aes128 => 7, aes192 => 8, aes256 => 9 twofish => 10, }; # see RFC 4880 section 9.3 my $zips = { uncompressed => 0, zip => 1, zlib => 2, bzip2 => 3, }; # see RFC 4880 section 9.4 my $digests = { md5 => 1, sha1 => 2, ripemd160 => 3, sha256 => 8, sha384 => 9, sha512 => 10, sha224 => 11, }; # see RFC 4880 section 5.2.3.21 my $usage_flags = { certify => 0x01, sign => 0x02, encrypt_comms => 0x04, encrypt_storage => 0x08, encrypt => 0x0c, ## both comms and storage split => 0x10, # the private key is split via secret sharing authenticate => 0x20, shared => 0x80, # more than one person holds the entire private key }; # see RFC 4880 section 4.3 my $packet_types = { pubkey_enc_session => 1, sig => 2, symkey_enc_session => 3, onepass_sig => 4, seckey => 5, pubkey => 6, sec_subkey => 7, compressed_data => 8, symenc_data => 9, marker => 10, literal => 11, trust => 12, uid => 13, pub_subkey => 14, uat => 17, symenc_w_integrity => 18, mdc => 19, }; # see RFC 4880 section 5.2.1 my $sig_types = { binary_doc => 0x00, text_doc => 0x01, standalone => 0x02, generic_certification => 0x10, persona_certification => 0x11, casual_certification => 0x12, positive_certification => 0x13, subkey_binding => 0x18, primary_key_binding => 0x19, key_signature => 0x1f, key_revocation => 0x20, subkey_revocation => 0x28, certification_revocation => 0x30, timestamp => 0x40, thirdparty => 0x50, }; # see RFC 4880 section 5.2.3.1 my $subpacket_types => { sig_creation_time => 2, sig_expiration_time => 3, exportable => 4, trust_sig => 5, regex => 6, revocable => 7, key_expiration_time => 9, preferred_cipher => 11, revocation_key => 12, issuer => 16, notation => 20, preferred_digest => 21, keyserver_prefs => 23, preferred_keyserver => 24, primary_uid => 25, policy_uri => 26, usage_flags => 27, signers_uid => 28, revocation_reason => 29, features => 30, signature_target => 31, embedded_signature = 32, }; # we're just not dealing with newline business right now. slurp in # the whole file. undef $/; my $buf = ; my $rsa = Crypt::OpenSSL::RSA->new_private_key($buf); $rsa->use_sha1_hash(); $rsa->use_no_padding(); if (! $rsa->check_key()) { die "key does not check"; } my $version = pack('C', 4); # strong assertion of identity: my $sigtype = pack('C', 0x13); # RSA my $pubkey_algo = pack('C', 1); # SHA1 my $hash_algo = pack('C', 2); # FIXME: i'm worried about generating a bazillion new OpenPGP # certificates from the same key, which could easily happen if you run # this script more than once against the same key. How can we prevent # this? # could an environment variable (if set) override the current time? my $timestamp = time(); my $creation_time_packet = pack('CCN', 5, 2, $timestamp); # FIXME: HARDCODED: what if someone wants to select a different set of # usage flags? For now, we do only authentication. my $flags = $usage_flags->{authenticate}; my $usage_packet = pack('CCC', 2, 27, $flags); # FIXME: HARDCODED: how should we determine how far off to set the # expiration date? default is to expire in 2 days, which is insanely # short (but good for testing). my $expires_in = 86400*2; my $expiration_packet = pack('CCN', 5, 9, $expires_in); # prefer AES-256, AES-192, AES-128, CAST5, 3DES: my $pref_sym_algos = pack('CCCCCCC', 6, 11, 9, 8, 7, 3, 2); # prefer SHA-1, SHA-256, RIPE-MD/160 my $pref_hash_algos = pack('CCCCC', 4, 21, 2, 8, 3); # prefer ZLIB, BZip2, ZIP my $pref_zip_algos = pack('CCCCC', 4, 22, 2, 3, 1); # we support the MDC feature: my $features = pack('CCC', 2, 30, 1); # keyserver preference: only owner modify (???): my $keyserver_pref = pack('CCC', 2, 23, 0x80); my $subpackets_to_be_hashed = $creation_time_packet. $usage_packet. $expiration_packet. $pref_sym_algos. $pref_hash_algos. $pref_zip_algos. $features. $keyserver_pref; my $subpacket_octets = pack('n', length($subpackets_to_be_hashed)); my $sig_data_to_be_hashed = $version. $sigtype. $pubkey_algo. $hash_algo. $subpacket_octets. $subpackets_to_be_hashed; my $pubkey = make_rsa_pub_key_body($rsa, $timestamp); #open(KEYFILE, "new_from_bin($rsa->sign($datatosign)); my $sig_body = $sig_data_to_be_hashed. pack('n', length($issuer_packet)). $issuer_packet. pack('n', hex(substr($data_hash, 0, 4))). mpi_pack($sig); print make_packet(6, $pubkey). make_packet(13, $uid). make_packet(2, $sig_body);