package agessh import ( "crypto/ed25519" "crypto/sha512" "fmt" "reflect" "strings" "github.com/Mic92/sops-nix/pkgs/bech32" "golang.org/x/crypto/curve25519" "golang.org/x/crypto/ssh" ) func ed25519PrivateKeyToCurve25519(pk ed25519.PrivateKey) ([]byte, error) { h := sha512.New() _, err := h.Write(pk.Seed()) if err != nil { return []byte{}, err } out := h.Sum(nil) return out[:curve25519.ScalarSize], nil } func SSHPrivateKeyToBech32(sshPrivateKey []byte) (string, error) { privateKey, err := ssh.ParseRawPrivateKey(sshPrivateKey) if err != nil { return "", err } ed25519Key, ok := privateKey.(*ed25519.PrivateKey) if !ok { return "", fmt.Errorf("Only ED25519 keys are supported, got: %s", reflect.TypeOf(privateKey)) } bytes, err := ed25519PrivateKeyToCurve25519(*ed25519Key) if err != nil { return "", err } s, err := bech32.Encode("AGE-SECRET-KEY-", bytes) if err != nil { return "", err } return strings.ToUpper(s), nil }