search

SecurityInnovation / PGPy

Pretty Good Privacy for Python
BSD 3-Clause "New" or "Revised" License
318 stars 98 forks source link

Generating a key pair from some pre-defined data #220

Open GildedHonour opened 7 years ago

GildedHonour commented 7 years ago

How can I genereate a key pair given pre-defined a) user id/email, b) passphrase and c) some pregenerated private key/seed/material/whatever you call it?

That is, these 3 should be feeded to PGPy as arguments.

Commod0re commented 7 years ago

There is currently no provided convenient way to complete a key you only have some of the information for (see #146) Depending on what key material you have, it might be possible to build a working key, it's just not necessarily straightforward. I'll put together an example.

anarcat commented 7 years ago

i would also need this in my use case (constructing an OpenPGP key from a SSH keypair).

anarcat commented 7 years ago

and actually, @Commod0re did you end up writing up that example? It would be quite useful for me - and I could send a PR to document how to do this in the docs, once we clarify this.

Otherwise I can dig around, but I'm not so familiar with the code...

Commod0re commented 7 years ago

Bear in mind this will have some actual API in 0.5.0 so it can be done more conveniently, but here's a gist that demonstrates how to do it with an RSA public key in 0.4.x. Feel free to hit me up in IRC if you run into trouble with this.

I'll try to remember to update that gist with the API way once it becomes available.

anarcat commented 7 years ago

so while i'm running around like a little kid at christmas asking for unicorns (and getting them) I'll push my luck here. :p i'm looking at implementing keyserver operation, and one of the things i need to do (I think) is to parse such output from search queries:

info:1:1
pub:8DC901CE64146C048AD50FBB792152527B75921E:1:4096:1243621534:1524162229:
uid:Antoine Beaupr%C3%A9 <anarcat@anarc.at>:1492626398::
uid:Antoine Beaupr%C3%A9 <anarcat@debian.org>:1492626232::
uid:Antoine Beaupr%C3%A9 <anarcat@koumbit.org>:1492626232::
uid:Antoine Beaupr%C3%A9 <anarcat@orangeseeds.org>:1492626229::
uid:Antoine Beaupr%C3%A9 (work) <anarcat@koumbit.org>:1370140989::
uid:Antoine Beaupr%C3%A9 (Debian) <anarcat@debian.org>:1370140988::
uid:Antoine Beaupr%C3%A9 (home address) <anarcat@anarcat.ath.cx>:1370140988::

now i can probably parse that myself find - although i wonder if there is already code in PGPy to parse colon-separated GPG stuff - but i wonder what i should return. a single fingerprint seems too limited. a tuple, too complicated. so maybe a (fingerprint, [PGPUID, ..]) tuple? what about just creating an actual public key here? is that even logical?

anarcat commented 7 years ago

see #229 for a further discussion on keyserver implementation.