-
Notifications
You must be signed in to change notification settings - Fork 0
/
pgpreader.kt
149 lines (137 loc) · 4.8 KB
/
pgpreader.kt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
package bast1aan.pgpreader
import org.bouncycastle.openpgp.PGPUtil
import org.bouncycastle.openpgp.PGPPrivateKey
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection
import org.bouncycastle.openpgp.operator.jcajce.JcaKeyFingerprintCalculator
import org.bouncycastle.openpgp.operator.jcajce.JcePBESecretKeyDecryptorBuilder
import org.bouncycastle.openpgp.PGPSecretKey
import org.bouncycastle.bcpg.ECSecretBCPGKey
import org.bouncycastle.bcpg.ECPublicBCPGKey
import org.bouncycastle.asn1.x9.ECNamedCurveTable
import org.bouncycastle.asn1.ASN1ObjectIdentifier
import org.bouncycastle.crypto.ec.CustomNamedCurves
import org.bouncycastle.jcajce.util.DefaultJcaJceHelper
import org.bouncycastle.jcajce.util.JcaJceHelper
import org.bouncycastle.math.ec.ECCurve
import org.bouncycastle.util.BigIntegers
import org.bouncycastle.util.encoders.Hex
import java.security.spec.ECPoint as JavaECPoint
import java.security.spec.ECPublicKeySpec as JavaECPublicKeySpec
import java.security.spec.ECPrivateKeySpec as JavaECPrivateKeySpec
import java.security.spec.ECGenParameterSpec as JavaECGenParameterSpec
import java.security.spec.ECParameterSpec as JavaECParameterSpec
import java.io.BufferedInputStream
import java.io.FileInputStream
import java.io.File
import java.io.FileOutputStream
import java.math.BigInteger
import java.util.HexFormat
private val helper: JcaJceHelper by lazy { DefaultJcaJceHelper() }
internal fun openPrivateKeyFile(fileName: String, keyId: ByteArray? = null, pass: String? = null): PGPPrivateKey? {
val fp = FileInputStream(fileName)
val keyIn = BufferedInputStream(fp)
val rings = PGPSecretKeyRingCollection(
PGPUtil.getDecoderStream(keyIn),
JcaKeyFingerprintCalculator()
)
var secKey: PGPSecretKey? = null
for (ring in rings.keyRings) {
for (key in ring.secretKeys) {
if (keyId != null && keyId contentEquals key.fingerprint ||
keyId == null && key.isSigningKey()
) {
secKey = key
break
}
}
if (secKey != null) {
break
}
}
fp.close()
if (secKey == null) {
return null
}
var passChar = CharArray(0)
if (pass != null) {
passChar = pass.toCharArray()
}
return secKey.extractPrivateKey(
JcePBESecretKeyDecryptorBuilder()
.setProvider("BC")
.build(passChar)
)
}
internal fun getX9Parameters(oid: ASN1ObjectIdentifier) = CustomNamedCurves.getByOID(oid) ?: ECNamedCurveTable.getByOID(oid)
internal fun decodePoint(xyEncoded: BigInteger, ecCurve: ECCurve) = ecCurve.decodePoint(BigIntegers.asUnsignedByteArray(xyEncoded))
internal fun usage() {
println("Usage: pgpreader <file.pgp> [, key_fingerprint ]")
}
internal fun getECParameterSpec(curveOID: ASN1ObjectIdentifier): JavaECParameterSpec {
val params = helper.createAlgorithmParameters("EC")
params.init(JavaECGenParameterSpec(ECNamedCurveTable.getName(curveOID)))
return params.getParameterSpec(JavaECParameterSpec::class.java)
}
public fun main(args: Array<String>) {
if (args.size < 1) return usage()
val file = args[0]
if (!File(file).exists()) {
println("${file} does not exist")
return usage()
}
var keyId: ByteArray? = null
if (args.size >= 2) {
try {
keyId = HexFormat.of().parseHex(args[1])
} catch (e: IllegalArgumentException) {
println("Warning: ${args[1]} is not a valid key fingerprint, ignored.")
}
}
// TODO implement password, from stdin would be nice
val key = openPrivateKeyFile(file, keyId)
if (key != null) {
val packet = key.privateKeyDataPacket
val publicKey = key.publicKeyPacket.key
print("Algorithm: ")
println(key.publicKeyPacket.algorithm)
if (packet is ECSecretBCPGKey && publicKey is ECPublicBCPGKey) {
val d = packet.x
print("D: ")
println(d)
val curveOID = publicKey.curveOID
val x9Params = getX9Parameters(curveOID)
val ecPubPoint = decodePoint(publicKey.encodedPoint, x9Params.curve)
print("X: ")
println(ecPubPoint.affineXCoord.toBigInteger())
print("Y: ")
println(ecPubPoint.affineYCoord.toBigInteger())
val ecParameterSpec = getECParameterSpec(curveOID)
val ecPubSpec = JavaECPublicKeySpec(
JavaECPoint(
ecPubPoint.affineXCoord.toBigInteger(),
ecPubPoint.affineYCoord.toBigInteger()
),
ecParameterSpec,
)
val keyFactory = helper.createKeyFactory("EC")
val pubKey = keyFactory.generatePublic(ecPubSpec)
val ecPrivSpec = JavaECPrivateKeySpec(d, ecParameterSpec)
val privateKey = keyFactory.generatePrivate(ecPrivSpec)
print("Pubkey: ")
println(Hex.toHexString(pubKey.encoded))
var outfile = FileOutputStream("pubkey.der")
outfile.write(pubKey.encoded)
outfile.close()
print("Private key: ")
println(Hex.toHexString(privateKey.encoded))
outfile = FileOutputStream("privkey.der")
outfile.write(privateKey.encoded)
outfile.close()
} else {
println("Only EC private keys are supported as of now.")
}
println(key.keyID)
} else {
println("Invalid PGP file, or not a secret key")
}
}