Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add --keygen-json #460

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -130,6 +130,14 @@ $ chisel server --help
If users depend on your --key fingerprint, you may also include your --key to
output your existing key. Use - (dash) to output the generated key to stdout.

--keygen-json, Outputs key information in json format.
This option will output a key and associated fingerprint in json format
and quit. You can use the fingerprint in the client via --fingerprint.
You can store the key in a file and use it via "server --keyfile filename",
or you can use the b64key value directly, e.g. "server --keyfile Y2stTU..."
The json output looks like this:
{"key": "ck-.....", "fingerprint": "SGVsbG...=", "b64key": "Y2stTU..."}

--keyfile, An optional path to a PEM-encoded SSH private key. When
this flag is set, the --key option is ignored, and the provided private key
is used to secure all communications. (defaults to the CHISEL_KEY_FILE
Expand Down
15 changes: 15 additions & 0 deletions main.go
Original file line number Diff line number Diff line change
Expand Up @@ -115,6 +115,14 @@ var serverHelp = `
If users depend on your --key fingerprint, you may also include your --key to
output your existing key. Use - (dash) to output the generated key to stdout.

--keygen-json, Outputs key information in json format.
This option will output a key and associated fingerprint in json format
and quit. You can use the fingerprint in the client via --fingerprint.
You can store the key in a file and use it via "server --keyfile filename",
or you can use the b64key value directly, e.g. "server --keyfile Y2stTU..."
The json output looks like this:
{"key": "ck-.....", "fingerprint": "SGVsbG...=", "b64key": "Y2stTU..."}

--keyfile, An optional path to a PEM-encoded SSH private key. When
this flag is set, the --key option is ignored, and the provided private key
is used to secure all communications. (defaults to the CHISEL_KEY_FILE
Expand Down Expand Up @@ -201,6 +209,7 @@ func server(args []string) {
pid := flags.Bool("pid", false, "")
verbose := flags.Bool("v", false, "")
keyGen := flags.String("keygen", "", "")
keyGenJson := flags.Bool("keygen-json", false, "")

flags.Usage = func() {
fmt.Print(serverHelp)
Expand All @@ -214,6 +223,12 @@ func server(args []string) {
}
return
}
if *keyGenJson {
if err := ccrypto.GenerateKeyJson(config.KeySeed); err != nil {
log.Fatal(err)
}
return
}

if config.KeySeed != "" {
log.Print("Option `--key` is deprecated and will be removed in a future version of chisel.")
Expand Down
24 changes: 24 additions & 0 deletions share/ccrypto/keys.go
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,30 @@ func GenerateKeyFile(keyFilePath, seed string) error {
return os.WriteFile(keyFilePath, chiselKey, 0600)
}

func GenerateKeyJson(seed string) error {
privateKey, err := seed2PrivateKey(seed)
if err != nil {
return err
}
chiselKey, err := privateKey2ChiselKey(privateKey)
if err != nil {
return err
}
pemBytes, err := ChiselKey2PEM(chiselKey)
if err != nil {
return err
}
private, err := ssh.ParsePrivateKey(pemBytes)
if err != nil {
return err
}
fingerprint := FingerprintKey(private.PublicKey())

fmt.Printf("{\"key\": \"%s\", \"fingerprint\": \"%s\"}",
chiselKey, fingerprint)
return nil
}

// FingerprintKey calculates the SHA256 hash of an SSH public key
func FingerprintKey(k ssh.PublicKey) string {
bytes := sha256.Sum256(k.Marshal())
Expand Down