GithubHelp home page GithubHelp logo

jpf / lokey Goto Github PK

View Code? Open in Web Editor NEW
93.0 8.0 15.0 154 KB

A tool that makes it easy to work with and convert between cryptographic key formats

License: GNU General Public License v3.0

Python 99.48% Dockerfile 0.52%
python pem x509 jwk ssh pgp openpgp keybase

lokey's Introduction

lokey

lokey is a tool that makes it easy to work with and convert between cryptographic key formats.

Named after the shape shifting and mischief-making Trickster from Norse mythology, this tool serves to test the bounds of possibilities and order.

Installing lokey

The fastest way to get lokey is to use pip:

$ pip install lokey

Using lokey

lokey makes it easy to fetch cryptographic keys from public sources like Keybase and PGP keyservers, for example:

Fetch my Keybase key using my Twitter handle:

$ lokey fetch keybase twitter:jf

Search for PGP keys from journalists at the New York Times:

$ lokey fetch pgp nytimes.com

You can see all of the fetching commands that lokey has by typing:

$ lokey fetch

lokey is also a tool for converting between cryptographic key formats, for example:

Make it easier to grant your friends access to your SSH server:

$ sudo adduser jf
$ mkdir ~jf/.ssh
$ lokey fetch keybase twitter:jf | lokey to ssh > ~jf/.ssh/authorized_keys

Send an S/MIME encrypted email to an administrator of a TLS secured webserver:

$ echo "A ship journeys from the east, Muspell's people are coming" > message.txt
$ lokey fetch tls example.com > example.com.pem
$ openssl smime -encrypt -des3 -in message.txt example.com.pem > smime.p7m

One of the administrators of the TLS secured webserver could read the message using this command:

openssl smime -decrypt -in smime.p7m -passin pass:[password for key] -inkey /path/to/webserver.key

lokey will also give you information about keys that you pipe into it:

$ cat ~/.ssh/id_rsa.pub | lokey

Inspiration

Many things inspired this project. The genesis of this project comes from the many conversations I had with my dad about his implementation of OpenPGP in Common Lisp. One of those conversations was when I first learned that all RSA keys derived from the numbers ("e", "n", "d"). My dad's paper "Why RSA Works", gave me the grounding I needed to reason and understand RSA cryptography.

Other inspirations include Zed Shaw's vulnarb.com project, which was the first time I considered using TLS certificates for encrypting email. The Monkeysphere Project which inspired me to think of using the PGP web of trust for something other than email.

My work at Okta on key pinning introduced me to Python's outstanding cryptographic library "cryptography". And most recently, my work on converting JWK formatted keys to PEM formatted keys proved how useful a command line utility for key conversion could be.

Learn more

$ lokey --help
$ lokey fetch
$ lokey to

What's missing

This release works, but only barely so. I'd like to know if other people find it useful and have ideas for what they'd want to use this tool for.

That said, I already know of many things that will need to be fixed or corrected soon:

  1. I don't know if the keys generated by this tool will actually work in The Real World.

    PGP and X.509 certificates in particular have a lot of options, I haven't done any testing with software like Outlook, Mail.app, GPGTools (for Mac), iOS, etc. Please let me know what needs to be fixed here!

  2. I'd like lokey to be able to genereate X.509 keys that could be used for S/MIME and SSL "client authentication" (where a browser authenticates with a web server).

    I got a "proof of concept" working for this by turning lokey into a very simple "certificate authority", this didn't seem ideal though.

  3. I want to add support for all the various fingerprint formats in use.

  4. Passphrases for encrypted private keys shouldn't be passed via a command line argument.

    This could expose your passphrase!

  5. I need to release my tests for "Eris" the class I use to convert keys.

    Before I do this, I need to make sure all the private keys are just test keys.

  6. Documentation. This should be a literate document.

  7. The text output for keys to match what you get with a tool like pgpdump or openssl x509 -text

  8. Support the various key stores for Java, macOS, GPG, etc

  9. I want to support more key formats (Pu

    • PuTTY
    • SSH Certificates
    • pkcs12?
    • DKIM?

  10. I have no idea how people use key bundles, or how lokey should support them

See also, FIXME notes in the source as well as my planned work in README.org

lokey's People

Contributors

jpf avatar lalyos avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar avatar avatar

Forkers

genecyber lalyos lgq2015 lgq20151 mdmollaidentiy4d sprout42 horacioleon freshvolk dvanderstoken dmaroulidis andrea-mariadb arazmj bellyfat the-periodic-table-of-elements ronjathend

lokey's Issues

Using in practice

I've installed this via pip and attempted your example, however:

lokey fetch keybase twitter:jf | lokey to ssh

Yields the following:

Traceback (most recent call last):
  File "/usr/local/bin/lokey", line 11, in <module>
    load_entry_point('lokey==0.5.0', 'console_scripts', 'lokey')()
  File "/usr/local/lib/python2.7/dist-packages/click/core.py", line 722, in __call__
    return self.main(*args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/click/core.py", line 697, in main
    rv = self.invoke(ctx)
  File "/usr/local/lib/python2.7/dist-packages/click/core.py", line 1066, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python2.7/dist-packages/click/core.py", line 1066, in invoke
    return _process_result(sub_ctx.command.invoke(sub_ctx))
  File "/usr/local/lib/python2.7/dist-packages/click/core.py", line 895, in invoke
    return ctx.invoke(self.callback, **ctx.params)
  File "/usr/local/lib/python2.7/dist-packages/click/core.py", line 535, in invoke
    return callback(*args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/click/decorators.py", line 17, in new_func
    return f(get_current_context(), *args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/lokey/__init__.py", line 119, in ssh
    print(ctx.obj.key.to('ssh', comment=comment))
  File "/usr/local/lib/python2.7/dist-packages/eris/__init__.py", line 44, in to
    return transmuter.serialize(*args, **kwargs)
  File "/usr/local/lib/python2.7/dist-packages/eris/__init__.py", line 159, in serialize
    encoding=serialization.Encoding.OpenSSH,
  File "/usr/local/lib/python2.7/dist-packages/enum/__init__.py", line 390, in __getattr__
    raise AttributeError(name)
AttributeError: OpenSSH

My second concern is attempting to use ssh once the user has had their key authorised. What mechanism is used to convert the keybase public key, or their gpg key in general, to a private ssh key? What is the pipeline from keybase to ssh?

Use in real world

when I did

$ lokey fetch jwk login.yahoo.com
Multiple keys found:

  • 3466d51f7dd0c780565688c183921816c45889ad
  • 6ff94cdad11e7c3ac08dc9ec3c44844b87e364f7
    Printing the first key ('3466d51f7dd0c780565688c183921816c45889ad')
    {"use": "sig", "crv": "P-256", "kty": "EC", "alg": "ES256", "y": "AK8V_Tgg_ayGoXiseiwLOClkekc9fi49aYUQpnY1Ay_y", "x": "cWZxqH95zGdr8P4XvPd_jgoP5XROlipzYxfC_vWC61I", "kid": "3466d51f7dd0c780565688c183921816c45889ad"}

What I would like to have is some way to get the PEM files for the two keys.

I know about the lokey to pem. But I am struggling with the correct inputs from what I can retrieve from yahoo.

Metaclasses conflict

I'm consistently getting a TypeError exception:

Traceback (most recent call last):
File "/usr/local/bin/lokey", line 6, in <module>
from lokey import cli
File "/usr/local/lib/python2.7/site-packages/lokey/__init__.py", line 9, in <module>
import eris
File "/usr/local/lib/python2.7/site-packages/eris/__init__.py", line 14, in <module>
from pgpy.constants import (
File "/usr/local/lib/python2.7/site-packages/pgpy/__init__.py", line 5, in <module>
from .pgp import PGPKey
File "/usr/local/lib/python2.7/site-packages/pgpy/pgp.py", line 24, in <module>
from .constants import CompressionAlgorithm
File "/usr/local/lib/python2.7/site-packages/pgpy/constants.py", line 22, in <module>
from .types import FlagEnum
File "/usr/local/lib/python2.7/site-packages/pgpy/types.py", line 260, in <module>
class PGPObject(six.with_metaclass(abc.ABCMeta, object)):
File "/usr/local/lib/python2.7/abc.py", line 87, in __new__
cls = super(ABCMeta, mcls).__new__(mcls, name, bases, namespace)
TypeError: Error when calling the metaclass bases
metaclass conflict: the metaclass of a derived class must be a (non-strict) subclass of the metaclasses of all its bases

It happens both in my machine and with your docker image that I had to modify to install make so pip could build deps:

RUN apk add --no-cache \
gcc \
musl-dev \
libffi-dev \
openssl-dev \
make

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.