RSA key-generation using openssl (yay… =w=')

This commit is contained in:
Jaidyn Ann 2023-09-14 22:34:15 -05:00
parent 504e155f5d
commit bad902ac50

View File

@ -212,15 +212,33 @@ or “/bear/apple/” or “/bear/”, but not “/bear” (not a directory)."
;; So at the moment, keys are generated into PEM files by the openssl binary on ;; So at the moment, keys are generated into PEM files by the openssl binary on
;; the hosts system; and the output of the openssl command is used to parse into ;; the hosts system; and the output of the openssl command is used to parse into
;; Ironclad keys. ;; Ironclad keys.
;; In the future, Ill stop that. But at the moment,I want to focus on other core ;; Yes, I know, this is absolutely horrific. Actually disgusting.
;; parts of ActivityPub; Ive tired of messing with ASN1 & co. ;; But at the moment,I want to focus on other core parts of ActivityPub; Ive
;; tired of messing with ASN1 & co. Thats for another day! ^^
(defun openssl-shell-generate-key-pair ()
"Generate a 2048-bit RSA key-pair in PEM-format using ones `openssl` binary.
It returns two values: The private key, then the public key."
(let* ((private-pem-key (inferior-shell:run/s "openssl genrsa 2048"))
(public-pem-key
(inferior-shell:run/s
`(inferior-shell:pipe (echo ,private-pem-key)
(openssl rsa -outform PEM -pubout)))))
(values private-pem-key
public-pem-key)))
(defun parse-openssl-output (lines &optional (results '()))
(defun openssl-shell-destructure-private-key (pem-string &optional results)
"When passed the output of the shell command `openssl rsa -text -noout`, will "When passed the output of the shell command `openssl rsa -text -noout`, will
parse the output into a plist containing relavent numbers: parse the output into a plist containing relavent numbers:
:n (modulus), :e (public exponent), :d (private exponent), :p (1st prime), :n (modulus), :e (public exponent), :d (private exponent), :p (1st prime),
:q (2nd prime), :e1 (1st exponent), :e2 (2nd exponent), and :c (coefficient)." :q (2nd prime), :e1 (1st exponent), :e2 (2nd exponent), and :c (coefficient)."
(let ((line (str:trim (car lines)))) (let* ((lines (if (stringp pem-string)
(inferior-shell:run/lines
`(inferior-shell:pipe
(echo ,pem-string)
(openssl rsa -text -noout)))
pem-string))
(line (str:trim (car lines))))
(cond (cond
((not lines) ((not lines)
(mapcar (mapcar
@ -230,23 +248,31 @@ parse the output into a plist containing relavent numbers:
result-item)) result-item))
results)) results))
((str:starts-with-p "Private" line) ((str:starts-with-p "Private" line)
(parse-openssl-output (cdr lines) results)) (openssl-shell-destructure-private-key
(cdr lines) results))
((str:starts-with-p "modulus:" line) ((str:starts-with-p "modulus:" line)
(parse-openssl-output (cdr lines) (nconc results '(:n)))) (openssl-shell-destructure-private-key
(cdr lines) (nconc results '(:n))))
((str:starts-with-p "prime1" line) ((str:starts-with-p "prime1" line)
(parse-openssl-output (cdr lines) (nconc results '(:p)))) (openssl-shell-destructure-private-key
(cdr lines) (nconc results '(:p))))
((str:starts-with-p "prime2" line) ((str:starts-with-p "prime2" line)
(parse-openssl-output (cdr lines) (nconc results '(:q)))) (openssl-shell-destructure-private-key
(cdr lines) (nconc results '(:q))))
((str:starts-with-p "exponent1" line) ((str:starts-with-p "exponent1" line)
(parse-openssl-output (cdr lines) (nconc results '(:e1)))) (openssl-shell-destructure-private-key
(cdr lines) (nconc results '(:e1))))
((str:starts-with-p "exponent2" line) ((str:starts-with-p "exponent2" line)
(parse-openssl-output (cdr lines) (nconc results '(:e2)))) (openssl-shell-destructure-private-key
(cdr lines) (nconc results '(:e2))))
((str:starts-with-p "coefficient" line) ((str:starts-with-p "coefficient" line)
(parse-openssl-output (cdr lines) (nconc results '(:c)))) (openssl-shell-destructure-private-key
(cdr lines) (nconc results '(:c))))
((str:starts-with-p "privateExponent" line) ((str:starts-with-p "privateExponent" line)
(parse-openssl-output (cdr lines) (nconc results '(:d)))) (openssl-shell-destructure-private-key
(cdr lines) (nconc results '(:d))))
((str:starts-with-p "publicExponent" line) ((str:starts-with-p "publicExponent" line)
(parse-openssl-output (openssl-shell-destructure-private-key
(cdr lines) (cdr lines)
(nconc (nconc
results results
@ -263,21 +289,20 @@ parse the output into a plist containing relavent numbers:
(total-string (if (stringp last-element) (total-string (if (stringp last-element)
(str:concat last-element line) (str:concat last-element line)
line))) line)))
(parse-openssl-output (cdr lines) (openssl-shell-destructure-private-key
(if (stringp last-element) (cdr lines)
(nconc (reverse (cdr (reverse results))) (if (stringp last-element)
(list total-string)) (nconc (reverse (cdr (reverse results)))
(nconc results (list total-string))
(list total-string))))))))) (nconc results
(list total-string)))))))))
(defun openssl-shell-pem-keypair (pem-file) (defun openssl-shell-import-key-pair (private-pem-string)
"Given a private RSA PEM file, this will parse it into two returned values: "Given the string value of a private RSA PEM file, this will parse it into two
An Ironclad private key, and an Ironclad public key." returned values: An Ironclad private key, and an Ironclad public key."
(let ((key-values (let ((key-values
(parse-openssl-output (openssl-shell-destructure-private-key private-pem-string)))
(inferior-shell:run/lines
(str:concat "openssl rsa -text -noout -in " pem-file)))))
(values (ironclad:make-private-key (values (ironclad:make-private-key
:rsa :rsa
:n (getf key-values :n) :n (getf key-values :n)
@ -286,6 +311,6 @@ An Ironclad private key, and an Ironclad public key."
:p (getf key-values :p) :p (getf key-values :p)
:q (getf key-values :q)) :q (getf key-values :q))
(ironclad:make-public-key (ironclad:make-public-key
:rsa :rsa
:n (getf key-values :n) :n (getf key-values :n)
:e (getf key-values :e))))) :e (getf key-values :e)))))