fix public gpg key import

pkgs/ssh-to-pgp/main.go

@@ -14,28 +14,19 @@ import (
 )
 
 type options struct {
-	publicKey, privateKey, format, out string
+	format, out, in string
+	privateKey      bool
 }
 
 func parseFlags(args []string) options {
 	var opts options
 	f := flag.NewFlagSet(args[0], flag.ExitOnError)
-	f.StringVar(&opts.publicKey, "pubkey", "", "Path to public key. Reads from standard input if equal to '-'")
-	f.StringVar(&opts.privateKey, "privkey", "", "Path to private key. Reads from standard input if equal to '-'")
+	f.BoolVar(&opts.privateKey, "private-key", false, "Export private key instead of public key")
 	f.StringVar(&opts.format, "format", "armor", "GPG format encoding (binary|armor)")
+	f.StringVar(&opts.in, "i", "-", "Input path. Reads by default from standard output")
 	f.StringVar(&opts.out, "o", "-", "Output path. Prints by default to standard output")
 	f.Parse(args[1:])
 
-	if opts.publicKey != "" && opts.privateKey != "" {
-		fmt.Fprintln(os.Stderr, "-pubkey and -privkey are mutual exclusive")
-		os.Exit(1)
-	}
-
-	if opts.publicKey == "" && opts.privateKey == "" {
-		fmt.Fprintln(os.Stderr, "Either -pubkey and -privkey must be specified")
-		os.Exit(1)
-	}
-
 	return opts
 }
 
@@ -43,19 +34,15 @@ func convertKeys(args []string) error {
 	opts := parseFlags(args)
 	var err error
 	var sshKey []byte
-	keyPath := opts.privateKey
-	if opts.publicKey != "" {
-		keyPath = opts.publicKey
-	}
-	if keyPath == "-" {
+	if opts.in == "-" {
 		sshKey, _ = ioutil.ReadAll(os.Stdin)
 		if err != nil {
 			return fmt.Errorf("error reading stdin: %s", err)
 		}
 	} else {
-		sshKey, err = ioutil.ReadFile(keyPath)
+		sshKey, err = ioutil.ReadFile(opts.in)
 		if err != nil {
-			return fmt.Errorf("error reading %s: %s", opts.privateKey, err)
+			return fmt.Errorf("error reading %s: %s", opts.in, err)
 		}
 	}
 
@@ -69,9 +56,9 @@ func convertKeys(args []string) error {
 	}
 
 	if opts.format == "armor" {
-		keyType := openpgp.PrivateKeyType
-		if opts.publicKey != "" {
-			keyType = openpgp.PublicKeyType
+		keyType := openpgp.PublicKeyType
+		if opts.privateKey {
+			keyType = openpgp.PrivateKeyType
 		}
 		writer, err = armor.Encode(writer, keyType, make(map[string]string))
 		if err != nil {
@@ -79,28 +66,21 @@ func convertKeys(args []string) error {
 		}
 	}
 
-	var fingerprint [20]byte
+	gpgKey, err := sshkeys.SSHPrivateKeyToPGP(sshKey)
+	if err != nil {
+		return err
+	}
 
-	if opts.publicKey != "" {
-		gpgKey, err := sshkeys.SSHPublicKeyToPGP(sshKey)
-		if err != nil {
-			return err
-		}
-		err = gpgKey.Serialize(writer)
-		fingerprint = gpgKey.Fingerprint
-	} else {
-		gpgKey, err := sshkeys.SSHPrivateKeyToPGP(sshKey)
-		if err != nil {
-			return err
-		}
+	if opts.privateKey {
 		err = gpgKey.SerializePrivate(writer, nil)
-		fingerprint = gpgKey.PrimaryKey.Fingerprint
+	} else {
+		err = gpgKey.Serialize(writer)
 	}
 	if err == nil {
 		if opts.format == "armor" {
 			writer.Close()
 		}
-		fmt.Fprintf(os.Stderr, "%s\n", hex.EncodeToString(fingerprint[:]))
+		fmt.Fprintf(os.Stderr, "%s\n", hex.EncodeToString(gpgKey.PrimaryKey.Fingerprint[:]))
 	}
 	return err
 }

pkgs/ssh-to-pgp/main_test.go

@@ -28,13 +28,12 @@ func TestCli(t *testing.T) {
 	defer os.RemoveAll(tempdir)
 
 	out := path.Join(tempdir, "out")
-	pubKey := path.Join(assets, "id_rsa.pub")
 	privKey := path.Join(assets, "id_rsa")
 	cmds := [][]string{
-		{"ssh-to-pgp", "-pubkey", pubKey, "-o", out},
-		{"ssh-to-pgp", "-format=armor", "-pubkey", pubKey, "-o", out},
-		{"ssh-to-pgp", "-privkey", privKey, "-o", out},
-		{"ssh-to-pgp", "-format=armor", "-privkey", privKey, "-o", out},
+		{"ssh-to-pgp", "-i", privKey, "-o", out},
+		{"ssh-to-pgp", "-format=binary", "-i", privKey, "-o", out},
+		{"ssh-to-pgp", "-private-key", "-i", privKey, "-o", out},
+		{"ssh-to-pgp", "-format=binary", "-private-key", "-i", privKey, "-o", out},
 	}
 	for _, cmd := range cmds {
 		err = convertKeys(cmd)

pkgs/ssh-to-pgp/test-assets/id_rsa.pub

@@ -1 +0,0 @@
-ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDSeS6SEputIOi2mQhLeIEJnMAink+KcUv38HnaLak3nnLmUsYJnXYB5KZGxaxVtIjr59J8TndmwniZ+wc0rql6Dkif9CsTXgAjxrPiknZNQ7JQbgWUr0pk4jx/K3zLD6i/XAS8QWySNJmY5aJWySbF/K687kUMJ5ql0BX4Tt0RiWL4pIwzZZlLzH4rRySy4z1kbiuOZf8htVRtlGoDGqGViJRpuybSKrmXbevRI7aWjiml2BVTMktPekAPx+MA3t/8EM/uJxtWp7g3BsneHQdKIjR0WEKAITTmuDLEEtIXXEUbgBW0WjbD62nRft/A6/iyWykPJmkLA4WnSLS03caeUxCKoEthZ1xfBPCRNw7xbysQF8CHJz8cAMjZGgBGlOin8EKDhmlma6FZ94cAB5Tr4G3R0h4ky77bPk2/6vvZtyU/AFnDP2HfGaRCDNF+Q7+fR9YmKwcW/vCa2ItIEXgMmBjS+yl0p+4fVaY6Q7bCTbrd6znb6gTGo7nD9Kj/CGU= joerg@turingmachine

pkgs/sshkeys/convert.go

@@ -33,14 +33,6 @@ func parsePublicKey(publicKey []byte) (*rsa.PublicKey, error) {
 	return rsaKey, nil
 }
 
-func SSHPublicKeyToPGP(sshPublicKey []byte) (*packet.PublicKey, error) {
-	rsaKey, err := parsePublicKey(sshPublicKey)
-	if err != nil {
-		return nil, err
-	}
-	return packet.NewRSAPublicKey(time.Unix(0, 0), rsaKey), nil
-}
-
 func parsePrivateKey(sshPrivateKey []byte) (*rsa.PrivateKey, error) {
 	privateKey, err := ssh.ParseRawPrivateKey(sshPrivateKey)
 	if err != nil {
@@ -70,7 +62,7 @@ func SSHPrivateKeyToPGP(sshPrivateKey []byte) (*openpgp.Entity, error) {
 		PrivateKey: packet.NewRSAPrivateKey(timeNull, key),
 		Identities: make(map[string]*openpgp.Identity),
 	}
-	uid := packet.NewUserId("root", "", "root@localhost")
+	uid := packet.NewUserId("root", "Imported from SSH", "root@localhost")
 	isPrimaryID := true
 	gpgKey.Identities[uid.Id] = &openpgp.Identity{
 		Name:   uid.Id,
@@ -89,6 +81,10 @@ func SSHPrivateKeyToPGP(sshPrivateKey []byte) (*openpgp.Entity, error) {
 			IssuerKeyId:               &gpgKey.PrimaryKey.KeyId,
 		},
 	}
+	err = gpgKey.Identities[uid.Id].SelfSignature.SignUserId(uid.Id, gpgKey.PrimaryKey, gpgKey.PrivateKey, nil)
+	if err != nil {
+		return nil, err
+	}
 
 	return gpgKey, nil
 }