Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Support GPG and SSH keys #55

Closed
lukpueh opened this issue Sep 11, 2017 · 2 comments · Fixed by #174
Closed

Support GPG and SSH keys #55

lukpueh opened this issue Sep 11, 2017 · 2 comments · Fixed by #174

Comments

@lukpueh
Copy link
Member

lukpueh commented Sep 11, 2017

securesystemslib provides an API to import and export public and private keys in PEM (RSA, ECDSA, also cf. #54) or in a proprietary format (Ed25519).

It would be convenient to extend the API so that users can load, e.g. their existing GPG or SSH keys. Note that securesystemslib does not necessarily have to provide an API to generate those keys. As @aaaaalbert has mentioned, user might even prefer to use their own well-known toolchain.
This was referenced Sep 12, 2017
Open
Open
@lukpueh
Copy link
Member Author

lukpueh commented Sep 18, 2017
edited
Loading

Re SSH:
Our main (#56) crypto backend pyca-cryptography supports loading public rsa and ecdsa ssh keys (ed25519 is not supported), so it should be easy to add wrappers to securesystemslib.
As for private keys, we are already able to handle private rsa and ecdsa ssh keys stored in PEM format. For some reason ed25519 does not seem to work:

>>> securesystemslib.interface.import_ed25519_privatekey_from_file(".ssh/id_ed25519")

Traceback (most recent call last):
  File "<input>", line 1, in <module>
    k = intf.import_ed25519_privatekey_from_file(".ssh/id_ed25519")
  File "/Users/lukp/code/securesystemslib/securesystemslib/interface.py", line 549, in import_ed25519_privatekey_from_file
    key_object = securesystemslib.keys.decrypt_key(encrypted_key.decode('utf-8'), password)
  File "/Users/lukp/code/securesystemslib/securesystemslib/keys.py", line 1689, in decrypt_key
    securesystemslib.pyca_crypto_keys.decrypt_key(encrypted_key, passphrase)
  File "/Users/lukp/code/securesystemslib/securesystemslib/pyca_crypto_keys.py", line 843, in decrypt_key
    json_data = _decrypt(encrypted_key, password)
  File "/Users/lukp/code/securesystemslib/securesystemslib/pyca_crypto_keys.py", line 986, in _decrypt
    raise securesystemslib.exceptions.CryptoError('Invalid encrypted file.')
CryptoError: Invalid encrypted file.

Update:
ssh-keygen's man page state's Ed25519 keys always use the new [OpenSSH rather than the PEM] private key format.

@lukpueh
Copy link
Member Author

lukpueh commented Mar 7, 2018
edited
Loading

Re GPG:

We have implemented GPG support in in-toto.gpg. We should consider moving the implementation to securesystemslib at some point.

@danixeee danixeee mentioned this issue Mar 5, 2019
Closed
3 tasks
@lukpueh lukpueh mentioned this issue Aug 13, 2019
Merged
3 tasks
@lukpueh lukpueh mentioned this issue Jun 26, 2020
Merged
2 tasks
@lukpueh lukpueh mentioned this issue Jul 6, 2020
Closed
3 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add gpg support and custom (sub)process module lukpueh/securesystemslib
1 participant
@lukpueh