117 lines
4.1 KiB
PHP
117 lines
4.1 KiB
PHP
<?php
|
|
|
|
use phpseclib3\Crypt\RSA;
|
|
use phpseclib3\Crypt\RSA\Formats\Keys\PKCS1;
|
|
|
|
@include_once dirname(__FILE__).'/../vendor/autoload.php';
|
|
require_once dirname(__FILE__).'/../lib/openpgp.php';
|
|
require_once dirname(__FILE__).'/../lib/openpgp_crypt_rsa.php';
|
|
|
|
// Key length: 512, 1024, 2048, 3072, 4096
|
|
$key_length = 512;
|
|
|
|
// Generate a master signing key
|
|
$privateKey = RSA::createKey(512);
|
|
$privateKeyComponents = PKCS1::load($privateKey->toString('PKCS1'));
|
|
|
|
$nkey = new OpenPGP_SecretKeyPacket(array(
|
|
'n' => $privateKeyComponents["modulus"]->toBytes(),
|
|
'e' => $privateKeyComponents["publicExponent"]->toBytes(),
|
|
'd' => $privateKeyComponents["privateExponent"]->toBytes(),
|
|
'p' => $privateKeyComponents["primes"][1]->toBytes(),
|
|
'q' => $privateKeyComponents["primes"][2]->toBytes(),
|
|
'u' => $privateKeyComponents["coefficients"][2]->toBytes()
|
|
));
|
|
|
|
// Start assembling packets for our eventual OpenPGP_Message
|
|
$packets = array($nkey);
|
|
|
|
$wkey = new OpenPGP_Crypt_RSA($nkey);
|
|
$fingerprint = $wkey->key()->fingerprint;
|
|
$key = $wkey->private_key();
|
|
$key = $key->withHash('sha256');
|
|
$keyid = substr($fingerprint, -16);
|
|
|
|
// Add multiple UID packets and signatures
|
|
|
|
$uids = array(
|
|
new OpenPGP_UserIDPacket('Support', '', 'support@example.com'),
|
|
new OpenPGP_UserIDPacket('Security', '', 'security@example.com'),
|
|
);
|
|
|
|
foreach($uids as $uid) {
|
|
// Append the UID packet
|
|
$packets[] = $uid;
|
|
|
|
$sig = new OpenPGP_SignaturePacket(new OpenPGP_Message(array($nkey, $uid)), 'RSA', 'SHA256');
|
|
$sig->signature_type = 0x13;
|
|
$sig->hashed_subpackets[] = new OpenPGP_SignaturePacket_KeyFlagsPacket(array(0x01 | 0x02)); // Certify + sign bits
|
|
$sig->hashed_subpackets[] = new OpenPGP_SignaturePacket_IssuerPacket($keyid);
|
|
$m = $wkey->sign_key_userid(array($nkey, $uid, $sig));
|
|
|
|
// Append the UID signature from the master key
|
|
$packets[] = $m->packets[2];
|
|
}
|
|
|
|
// Generate an encryption subkey
|
|
|
|
$rsa_subkey = RSA::createKey(512);
|
|
$privateKeyComponents = PKCS1::load($rsa_subkey->toString('PKCS1'));
|
|
|
|
$subkey = new OpenPGP_SecretKeyPacket(array(
|
|
'n' => $privateKeyComponents["modulus"]->toBytes(),
|
|
'e' => $privateKeyComponents["publicExponent"]->toBytes(),
|
|
'd' => $privateKeyComponents["privateExponent"]->toBytes(),
|
|
'p' => $privateKeyComponents["primes"][2]->toBytes(),
|
|
'q' => $privateKeyComponents["primes"][1]->toBytes(),
|
|
'u' => $privateKeyComponents["coefficients"][2]->toBytes()
|
|
));
|
|
|
|
// Append the encryption subkey
|
|
$packets[] = $subkey;
|
|
|
|
$sub_wkey = new OpenPGP_Crypt_RSA($subkey);
|
|
|
|
/*
|
|
* Sign the encryption subkey with the master key
|
|
*
|
|
* OpenPGP_SignaturePacket assumes any message starting with an
|
|
* OpenPGP_PublicKeyPacket is followed by a OpenPGP_UserIDPacket. We need
|
|
* to pass `null` in the constructor and generate the `->data` ourselves.
|
|
*/
|
|
$sub_sig = new OpenPGP_SignaturePacket(null, 'RSA', 'SHA256');
|
|
$sub_sig->signature_type = 0x18;
|
|
$sub_sig->hashed_subpackets[] = new OpenPGP_SignaturePacket_SignatureCreationTimePacket(time());
|
|
$sub_sig->hashed_subpackets[] = new OpenPGP_SignaturePacket_KeyFlagsPacket(array(0x0C)); // Encrypt bits
|
|
$sub_sig->hashed_subpackets[] = new OpenPGP_SignaturePacket_IssuerPacket($keyid);
|
|
$sub_sig->data = implode('', $nkey->fingerprint_material()) . implode('', $subkey->fingerprint_material());
|
|
$sub_sig->sign_data(array('RSA' => array('SHA256' => function($data) use($key) {return array($key->sign($data));})));
|
|
|
|
// Append the subkey signature
|
|
$packets[] = $sub_sig;
|
|
|
|
// Build the OpenPGP_Message for the secret key from our packets
|
|
$m = new OpenPGP_Message($packets);
|
|
|
|
// Serialize the private key
|
|
print $m->to_bytes();
|
|
|
|
// Clone a public key message from the secret key
|
|
$pubm = clone($m);
|
|
|
|
// Convert the private key packets to public so we only export public data
|
|
// (n+e in RSA)
|
|
foreach($pubm as $idx => $p) {
|
|
if($p instanceof OpenPGP_SecretSubkeyPacket) {
|
|
$pubm[$idx] = new OpenPGP_PublicSubkeyPacket($p);
|
|
} else if($p instanceof OpenPGP_SecretKeyPacket) {
|
|
$pubm[$idx] = new OpenPGP_PublicKeyPacket($p);
|
|
}
|
|
}
|
|
|
|
// Serialize the public key
|
|
$public_bytes = $pubm->to_bytes();
|
|
|
|
// Note: If using PHP 7.4 CLI, disable deprecated warnings:
|
|
// php -d error_reporting="E_ALL & ~E_DEPRECATED" examples/keygenSubkeys.php > mykey.gpg
|