| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566 |
- #!/usr/bin/env python3
- import cryptography.hazmat.backends
- import cryptography.hazmat.primitives.serialization
- import cryptography.x509
- import math
- DEFAULT_SMARTCARD_APP_ID_HEX = 'D2760001240102010001234567890000'
- def convert_to_sexp(data):
- if isinstance(data, int):
- return convert_to_sexp(data.to_bytes(
- math.ceil(data.bit_length() / 8),
- 'big',
- ))
- elif isinstance(data, str):
- return convert_to_sexp(data.encode())
- elif isinstance(data, bytes):
- return str(len(data)).encode() + b':' + data
- else:
- return b'(' + b''.join(convert_to_sexp(i) for i in data) + b')'
- def create_gpg_key(smartcard_app_id_hex):
- backend = cryptography.hazmat.backends.default_backend()
- with open('cert-request.pem', 'rb') as f:
- req = cryptography.x509.load_pem_x509_csr(f.read(), backend)
- assert req.is_signature_valid
- pubnums = req.public_key().public_numbers()
- key_data = ['shadowed-private-key', [
- 'rsa',
- ['n', pubnums.n],
- ['e', pubnums.e],
- ['shadowed', 't1-v1', [int(smartcard_app_id_hex, 16), 'OPENPGP.1']],
- ]]
- key = convert_to_sexp(key_data)
- with open('gpg-key.sexp', 'wb') as f:
- f.write(key)
- def _init_argparser():
- import argparse
- argparser = argparse.ArgumentParser(
- description='create a shadowed-private-key in sexp format for gnupg\'s private-keys-v1.d folder'
- + ' containing the public key of a PEM-encoded X.509 certificate signing request (CSR)',
- )
- argparser.add_argument(
- '--smartcard-app-id',
- dest='smartcard_app_id_hex',
- metavar='hex-string',
- default=DEFAULT_SMARTCARD_APP_ID_HEX,
- help='default: %(default)s',
- )
- return argparser
- def main(argv):
- argparser = _init_argparser()
- args = argparser.parse_args(argv[1:])
- create_gpg_key(**vars(args))
- return 0
- if __name__ == '__main__':
- import sys
- sys.exit(main(sys.argv))
|
