Browse files

Some preliminary signing and encryption functions

  • Loading branch information...
1 parent 4bef451 commit c448ff1236adb854a42685e9d62cea13afa2cf54 @cdauth committed Oct 1, 2012
Showing with 178 additions and 5 deletions.
  1. +105 −0 algorithms.js
  2. +32 −0 encryption.js
  3. +2 −1 index.js
  4. +1 −3 packetContent.js
  5. +25 −1 signing.js
  6. +13 −0 utils.js
View
105 algorithms.js
@@ -0,0 +1,105 @@
+var crypto = require("crypto");
+var fs = require("fs");
+var packetContent = require("./packetContent");
+var packets = require("./packets");
+var utils = require("./utils");
+
+function _encodeMPIAsDER(mpi) { // See http://luca.ntop.org/Teaching/Appunti/asn1.html
+ var length = mpi.buffer.length;
+ var lengthBytes;
+ if(length < 128)
+ lengthBytes = 1;
+ else if(length < 256)
+ lengthBytes = 2;
+ else
+ lengthBytes = 3; // Maximum length 65535 bytes, that is by far enough for our purposes
+
+ var ret = new Buffer(mpi.buffer.length+lengthBytes+1);
+ ret.writeUInt8(2, 0);
+ if(length < 127)
+ ret.writeUInt8(length, 1);
+ else if(length < 256)
+ {
+ ret.writeUInt8(0x81, 1);
+ ret.writeUInt8(length, 2);
+ }
+ else
+ {
+ ret.writeUInt8(0x82, 1);
+ ret.writeUInt16BE(length, 2);
+ }
+
+ mpi.buffer.copy(ret, lengthBytes+1);
+
+ return ret;
+}
+
+function _encodeRSAKey(n, e) { // See ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-1/pkcs-1v2-1.pdf
+ var ret = "-----BEGIN RSA PUBLIC KEY-----\r\n";
+
+ var buffer = Buffer.concat([ _encodeMPIAsDER(n), _encodeMPIAsDER(e) ]);
+ for(var i=0; i<buffer.length; i+=48)
+ ret += buffer.slice(i, Math.min(i+48, buffer.length)).toString("base64")+"\r\n";
+
+ ret += "-----END RSA PUBLIC KEY-----\r\n";
+
+ return ret;
+}
+
+function _verifyRSASignature(n, e, data, signature) {
+ var verifier = crypto.createVerify("RSA-SHA1");
+ verifier.update(data);
+
+ return verifier.verify(_encodeRSAKey(n, e), signature);
+}
+
+var key = fs.readFileSync('/home/cdauth/gpg11/test');
+var keyInfo = null;
+var idInfo = null;
+var sigInfo = null;
+
+packets.splitPackets(key).forEachSeries(function(type, header, body, cb) {
+ if(keyInfo == null)
+ {
+ packetContent.getPublicKeyPacketInfo(body, function(err, info) {
+ keyInfo = info;
+ cb();
+ });
+ }
+ else if(idInfo == null)
+ {
+ packetContent.getIdentityPacketInfo(body, function(err, info) {
+ idInfo = info;
+ cb();
+ });
+ }
+ else
+ {
+ packetContent.getSignaturePacketInfo(body, function(err, info) {
+ sigInfo = info;
+ cb();
+ });
+ }
+}, function(err) {
+ var keyData = new Buffer(keyInfo.binary.length+3);
+ keyData.writeUInt8(0x99, 0);
+ keyData.writeUInt16BE(keyInfo.binary.length, 1);
+ keyInfo.binary.copy(keyData, 3);
+
+ var certData = new Buffer(idInfo.binary.length+5);
+ certData.writeUInt8(0xB4, 0);
+ certData.writeUInt32BE(idInfo.binary.length, 1);
+ idInfo.binary.copy(certData, 5);
+
+ var trailer = new Buffer(6);
+ trailer.writeUInt8(0x04, 0);
+ trailer.writeUInt8(0xff, 1);
+ trailer.writeUInt32BE(sigInfo.hashedPart.length, 2);
+
+ var data = Buffer.concat([ keyData, certData, sigInfo.hashedPart, trailer ]);
+ fs.writeFileSync("/home/cdauth/gpg11/signedData", data, "binary");
+ fs.writeFileSync("/home/cdauth/gpg11/rsaKey", _encodeRSAKey(keyInfo.keyParts.n, keyInfo.keyParts.e));
+ console.log(utils.hash(data, "sha1", "hex"));
+
+ console.log(_verifyRSASignature(keyInfo.keyParts.n, keyInfo.keyParts.e, data, sigInfo.signature));
+});
View
32 encryption.js
@@ -0,0 +1,32 @@
+var config = require("./config");
+var child_process = require("child_process");
+var packets = require("./packets")
+var utils = require("./utils");
+var fs = require("fs");
+var consts = require("./consts");
+var BufferedStream = require("./bufferedStream");
+
+function encryptData(data, keyring, toKeyId, callback) {
+ utils.getTempFilename(function(err, fname) {
+ if(err) { callback(err); return; }
+
+ fs.writeFile(fname, keyring, function(err) {
+ if(err)
+ return unlink(err);
+
+ var gpg = child_process.spawn(config.gpg, [ "--no-default-keyring", "--keyring", fname, "--output", "-", "--trust-model", "always", "--recipient", toKeyId, "--encrypt" ]);
+ gpg.stdin.end(data);
+ new BufferedStream(gpg.stdout).readUntilEnd(unlink);
+ });
+
+ function unlink() {
+ /*fs.unlink(fname, function(err) {
+ if(err)
+ console.log("Error removing temporary file "+fname+".", err);
+ });*/
+ callback.apply(null, arguments);
+ }
+ });
+}
+
+exports.encryptData = encryptData;
View
3 index.js
@@ -8,5 +8,6 @@ module.exports = {
consts : require("./consts"),
config : require("./config"),
Fifo : require("./fifo"),
- utils : require("./utils")
+ utils : require("./utils"),
+ encryption : require("./encryption")
};
View
4 packetContent.js
@@ -101,10 +101,8 @@ function getPublicKeyPacketInfo(body, callback)
}
if(ret.size < 1024)
- ret.sizeSecurity = consts.SECURITY.UNACCEPTABLE;
- else if(ret.size < 2048)
ret.sizeSecurity = consts.SECURITY.BAD;
- else if(ret.size < 3072)
+ else if(ret.size < 2048)
ret.sizeSecurity = consts.SECURITY.MEDIUM;
else
ret.sizeSecurity = consts.SECURITY.GOOD;
View
26 signing.js
@@ -68,7 +68,31 @@ function verifyAttributeSignature(keyBody, attributeBody, signature, issuerKeyBo
verifyXYSignature(callback, keyBody, signature, issuerKeyBody, attributeBody, consts.PKT.ATTRIBUTE);
}
+function detachedSignText(text, privateKey, callback) {
+ utils.getTempFilename(function(err, fname) {
+ if(err) { callback(err); return; }
+
+ fs.writeFile(fname, privateKey, function(err) {
+ if(err)
+ return unlink(err);
+
+ var gpg = child_process.spawn(config.gpg, [ "--no-default-keyring", "--digest-algo", "SHA512", "--secret-keyring", fname, "--output", "-", "--detach-sign" ]);
+ gpg.stdin.end(text, "utf8");
+ new BufferedStream(gpg.stdout).readUntilEnd(unlink);
+ });
+
+ function unlink() {
+ fs.unlink(fname, function(err) {
+ if(err)
+ console.log("Error removing temporary file "+fname+".", err);
+ });
+ callback.apply(null, arguments);
+ }
+ });
+}
+
exports.verifyKeySignature = verifyKeySignature;
exports.verifySubkeySignature = verifySubkeySignature;
exports.verifyIdentitySignature = verifyIdentitySignature;
-exports.verifyAttributeSignature = verifyAttributeSignature;
+exports.verifyAttributeSignature = verifyAttributeSignature;
+exports.detachedSignText = detachedSignText;
View
13 utils.js
@@ -1,6 +1,7 @@
var config = require("./config");
var fs = require("fs");
var crypto = require("crypto");
+var consts = require("./consts");
function getTempFilename(callback)
{
@@ -26,6 +27,18 @@ function getTempFilename(callback)
function hash(data, algo, toFormat)
{
+ if(typeof algo == 'number')
+ {
+ for(var i in consts.HASHALGO)
+ {
+ if(consts.HASHALGO[i] == algo)
+ {
+ algo = i;
+ return;
+ }
+ }
+ }
+
var ret = crypto.createHash(algo);
ret.update(data);
return ret.digest(toFormat);

0 comments on commit c448ff1

Please sign in to comment.