mirror of
https://github.com/Mic92/sops-nix.git
synced 2025-03-18 06:28:16 +00:00
46 lines
968 B
Go
46 lines
968 B
Go
|
package agessh
|
||
|
|
||
|
import (
|
||
|
"crypto/ed25519"
|
||
|
"crypto/sha512"
|
||
|
"fmt"
|
||
|
"reflect"
|
||
|
"strings"
|
||
|
|
||
|
"github.com/Mic92/sops-nix/pkgs/bech32"
|
||
|
"golang.org/x/crypto/curve25519"
|
||
|
"golang.org/x/crypto/ssh"
|
||
|
)
|
||
|
|
||
|
func ed25519PrivateKeyToCurve25519(pk ed25519.PrivateKey) ([]byte, error) {
|
||
|
h := sha512.New()
|
||
|
_, err := h.Write(pk.Seed())
|
||
|
if err != nil {
|
||
|
return []byte{}, err
|
||
|
}
|
||
|
out := h.Sum(nil)
|
||
|
return out[:curve25519.ScalarSize], nil
|
||
|
}
|
||
|
|
||
|
func SSHPrivateKeyToBech32(sshPrivateKey []byte) (string, error) {
|
||
|
privateKey, err := ssh.ParseRawPrivateKey(sshPrivateKey)
|
||
|
if err != nil {
|
||
|
return "", err
|
||
|
}
|
||
|
|
||
|
ed25519Key, ok := privateKey.(*ed25519.PrivateKey)
|
||
|
if !ok {
|
||
|
return "", fmt.Errorf("Only ED25519 keys are supported, got: %s", reflect.TypeOf(privateKey))
|
||
|
}
|
||
|
bytes, err := ed25519PrivateKeyToCurve25519(*ed25519Key)
|
||
|
if err != nil {
|
||
|
return "", err
|
||
|
}
|
||
|
|
||
|
s, err := bech32.Encode("AGE-SECRET-KEY-", bytes)
|
||
|
if err != nil {
|
||
|
return "", err
|
||
|
}
|
||
|
return strings.ToUpper(s), nil
|
||
|
}
|