From: W. Trevor King Date: Mon, 30 May 2011 15:34:24 +0000 (-0400) Subject: Add openpgpg2pem. X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=HEAD;p=monkeysphere.git Add openpgpg2pem. With the previous setup, it was difficult for me to check https keys when signing them. Now I can easily extract public key information for validating keys with $ gpg --export 'https://www.physics.drexel.edu' \ | openpgp2pem | openssl rsa -in /dev/stdin -pubin -text And compare the modulus and exponent with those given for the server's key $ openssl rsa -in private.pem -pubout -text `openpgp2pem` is also useful when confirming a server's public key through your browser's key acceptance window (without msva), as the modulus and exponent are readily available. --- diff --git a/src/openpgp2pem b/src/openpgp2pem new file mode 120000 index 0000000..edcb6a3 --- /dev/null +++ b/src/openpgp2pem @@ -0,0 +1 @@ +share/keytrans \ No newline at end of file diff --git a/src/share/keytrans b/src/share/keytrans index 60eab55..f482abc 100755 --- a/src/share/keytrans +++ b/src/share/keytrans @@ -6,7 +6,8 @@ # PKCS#1 DER, and OpenSSH-style public key lines. # How it behaves depends on the name under which it is invoked. The -# two implementations currently are: pem2openpgp and openpgp2ssh. +# implementations currently are: pem2openpgp openpgpg2pem, and +# openpgp2ssh. @@ -25,6 +26,30 @@ +# openpgp2pem: take a stream of OpenPGP packets containing public or +# secret key material on standard input, and a Key ID (or fingerprint) +# as the first argument. Find the matching key in the input stream, +# and emit it on stdout in OpenSSL-PEM format. + +# Example usage: + +# gpg --export-secret-keys --export-options export-reset-subkey-passwd $KEYID | \ +# openpgp2pem $KEYID + +#For private keys, this will produce the same PKCS#1 RSAPrivateKey +#(PEM header: BEGIN RSA PRIVATE KEY) results as: + +#openssl rsa -in private.pem + +#For public keys, this will produce the same X.509 +#SubjectPublicKeyInfo (PEM header: BEGIN PUBLIC KEY) results as: + +#openssl rsa -in private.pem -pubout + + + + + # openpgp2ssh: take a stream of OpenPGP packets containing public or # secret key material on standard input, and a Key ID (or fingerprint) # as the first argument. Find the matching key in the input stream, @@ -1103,6 +1128,22 @@ for (basename($0)) { } ); } + elsif (/^openpgp2pem$/) { + my $fpr = shift; + my $instream; + open($instream,'-'); + binmode($instream, ":bytes"); + my $key = openpgp2rsa($instream, $fpr); + if (defined($key)) { + if ($key->is_private()) { + print $key->get_private_key_string(); + } else { + print $key->get_public_key_x509_string(); + } + } else { + die "No matching key found.\n"; + } + } elsif (/^openpgp2ssh$/) { my $fpr = shift; my $instream;