GitPlanet

Cheap and reliable Node.js hosting starts at $3/month, and $1/month static HTML hosting

Created with love in Canada, visit hostnodejs.com today

Feel like to post an Ad? Learn Details
All Projects → jpf → lokey

jpf / lokey

Licence: GPL-3.0 license
A tool that makes it easy to work with and convert between cryptographic key formats

Programming Languages

python
139335 projects - #7 most used programming language
Dockerfile
14818 projects

Labels

sshkeybasepgpx509jwkpemopenpgp

Projects that are alternatives of or similar to lokey

Gpgsync
🔒 GPG Sync is designed to let users always have up-to-date public keys for other members of their organization
Stars: ✭ 301 (+245.98%)
Mutual labels:  pgp, openpgp
Bouncy Gpg
Make using Bouncy Castle with OpenPGP fun again!
Stars: ✭ 164 (+88.51%)
Mutual labels:  pgp, openpgp
Objectivepgp
OpenPGP library for iOS and macOS
Stars: ✭ 557 (+540.23%)
Mutual labels:  pgp, openpgp
openpgp-php
OpenPGP.php is a pure-PHP implementation of the OpenPGP Message Format (RFC 4880).
Stars: ✭ 161 (+85.06%)
Mutual labels:  pgp, openpgp
wp-pgp-encrypted-emails
🔐 📧 Encrypts WordPress emails using OpenPGP or S/MIME with a familiar API.
Stars: ✭ 35 (-59.77%)
Mutual labels:  pgp, openpgp
OpenPGP
A C++ Implementation of RFC 4880
Stars: ✭ 87 (+0%)
Mutual labels:  pgp, openpgp
Rnp
RNP: high performance C++ OpenPGP library, fully compliant to RFC 4880
Stars: ✭ 122 (+40.23%)
Mutual labels:  pgp, openpgp
flutter-openpgp
OpenPGP for flutter made with golang for fast performance with support for android, ios, macos, linux, windows, web and hover
Stars: ✭ 35 (-59.77%)
Mutual labels:  pgp, openpgp
openpgpkey-control
OpenPGP keys published on your website (WKD)
Stars: ✭ 36 (-58.62%)
Mutual labels:  pgp, openpgp
win-ca
Get Windows System Root certificates
Stars: ✭ 78 (-10.34%)
Mutual labels:  x509, pem
Encrypt.to
Send encrypted PGP messages with one click
Stars: ✭ 116 (+33.33%)
Mutual labels:  pgp, openpgp
confidante
Usable encrypted email
Stars: ✭ 12 (-86.21%)
Mutual labels:  keybase, pgp
Client
Keybase Go Library, Client, Service, OS X, iOS, Android, Electron
Stars: ✭ 7,848 (+8920.69%)
Mutual labels:  keybase, pgp
react-native-fast-openpgp
OpenPGP for react native made with golang for fast performance
Stars: ✭ 29 (-66.67%)
Mutual labels:  pgp, openpgp
pgpainless
Simple to use OpenPGP API based on Bouncy Castle
Stars: ✭ 73 (-16.09%)
Mutual labels:  pgp, openpgp
jwtauthroles
Made to use JWTs from an external identity provider in Laravel. Tested with Fusionauth, but should be quite general purpose.
Stars: ✭ 14 (-83.91%)
Mutual labels:  jwk
pkcs11-tools
A set of tools to manage objects on PKCS#11 crypotographic tokens. Compatible with any PKCS#11 library, including NSS.
Stars: ✭ 70 (-19.54%)
Mutual labels:  x509
TestAuthority
Simple certificate authority for development written in C#. Allows issue of SSL certificates, including wildcard certificates
Stars: ✭ 32 (-63.22%)
Mutual labels:  pem
plugins
Officially supported Psi plugins
Stars: ✭ 52 (-40.23%)
Mutual labels:  openpgp
FiddlerCert
A Fiddler extension for examining certificates.
Stars: ✭ 54 (-37.93%)
Mutual labels:  x509
View All Similar Projects ➔

lokey

lokey is a tool that makes it easy to work with and convert between cryptographic key formats.

Named after the shape shifting and mischief-making Trickster from Norse mythology, this tool serves to test the bounds of possibilities and order.

Installing lokey

The fastest way to get lokey is to use pip:

$ pip install lokey

Using lokey

lokey makes it easy to fetch cryptographic keys from public sources like Keybase and PGP keyservers, for example:

Fetch my Keybase key using my Twitter handle:

$ lokey fetch keybase twitter:jf

Search for PGP keys from journalists at the New York Times:

$ lokey fetch pgp nytimes.com

You can see all of the fetching commands that lokey has by typing:

$ lokey fetch

lokey is also a tool for converting between cryptographic key formats, for example:

Make it easier to grant your friends access to your SSH server:

$ sudo adduser jf
$ mkdir ~jf/.ssh
$ lokey fetch keybase twitter:jf | lokey to ssh > ~jf/.ssh/authorized_keys

Send an S/MIME encrypted email to an administrator of a TLS secured webserver:

$ echo "A ship journeys from the east, Muspell's people are coming" > message.txt
$ lokey fetch tls example.com > example.com.pem
$ openssl smime -encrypt -des3 -in message.txt example.com.pem > smime.p7m

One of the administrators of the TLS secured webserver could read the message using this command:

openssl smime -decrypt -in smime.p7m -passin pass:[password for key] -inkey /path/to/webserver.key

lokey will also give you information about keys that you pipe into it:

$ cat ~/.ssh/id_rsa.pub | lokey

Inspiration

Many things inspired this project. The genesis of this project comes from the many conversations I had with my dad about his implementation of OpenPGP in Common Lisp. One of those conversations was when I first learned that all RSA keys derived from the numbers ("e", "n", "d"). My dad's paper "Why RSA Works", gave me the grounding I needed to reason and understand RSA cryptography.

Other inspirations include Zed Shaw's vulnarb.com project, which was the first time I considered using TLS certificates for encrypting email. The Monkeysphere Project which inspired me to think of using the PGP web of trust for something other than email.

My work at Okta on key pinning introduced me to Python's outstanding cryptographic library "cryptography". And most recently, my work on converting JWK formatted keys to PEM formatted keys proved how useful a command line utility for key conversion could be.

Learn more

$ lokey --help
$ lokey fetch
$ lokey to

What's missing

This release works, but only barely so. I'd like to know if other people find it useful and have ideas for what they'd want to use this tool for.

That said, I already know of many things that will need to be fixed or corrected soon:

  1. I don't know if the keys generated by this tool will actually work in The Real World.

    PGP and X.509 certificates in particular have a lot of options, I haven't done any testing with software like Outlook, Mail.app, GPGTools (for Mac), iOS, etc. Please let me know what needs to be fixed here!

  2. I'd like lokey to be able to genereate X.509 keys that could be used for S/MIME and SSL "client authentication" (where a browser authenticates with a web server).

    I got a "proof of concept" working for this by turning lokey into a very simple "certificate authority", this didn't seem ideal though.

  3. I want to add support for all the various fingerprint formats in use.

  4. Passphrases for encrypted private keys shouldn't be passed via a command line argument.

    This could expose your passphrase!

  5. I need to release my tests for "Eris" the class I use to convert keys.

    Before I do this, I need to make sure all the private keys are just test keys.

  6. Documentation. This should be a literate document.

  7. The text output for keys to match what you get with a tool like pgpdump or openssl x509 -text

  8. Support the various key stores for Java, macOS, GPG, etc

  9. I want to support more key formats (Pu

    • PuTTY
    • SSH Certificates
    • pkcs12?
    • DKIM?

  10. I have no idea how people use key bundles, or how lokey should support them

See also, FIXME notes in the source as well as my planned work in README.org

Note that the project description data, including the texts, logos, images, and/or trademarks, for each open source project belongs to its rightful owner. If you wish to add or remove any projects, please contact us at [email protected].