{"id":16901996,"url":"https://github.com/jpf/lokey","last_synced_at":"2025-03-17T06:32:04.741Z","repository":{"id":54884424,"uuid":"83397077","full_name":"jpf/lokey","owner":"jpf","description":"A tool that makes it easy to work with and convert between cryptographic key formats","archived":false,"fork":false,"pushed_at":"2022-05-30T07:53:08.000Z","size":154,"stargazers_count":93,"open_issues_count":5,"forks_count":15,"subscribers_count":7,"default_branch":"master","last_synced_at":"2025-03-08T19:39:35.904Z","etag":null,"topics":["jwk","keybase","openpgp","pem","pgp","python","ssh","x509"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"gpl-3.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jpf.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE.txt","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2017-02-28T06:19:03.000Z","updated_at":"2024-01-19T10:24:28.000Z","dependencies_parsed_at":"2022-08-14T05:40:44.042Z","dependency_job_id":null,"html_url":"https://github.com/jpf/lokey","commit_stats":null,"previous_names":[],"tags_count":4,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpf%2Flokey","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpf%2Flokey/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpf%2Flokey/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpf%2Flokey/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jpf","download_url":"https://codeload.github.com/jpf/lokey/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":243847061,"owners_count":20357317,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["jwk","keybase","openpgp","pem","pgp","python","ssh","x509"],"created_at":"2024-10-13T18:03:19.817Z","updated_at":"2025-03-17T06:32:04.034Z","avatar_url":"https://github.com/jpf.png","language":"Python","funding_links":[],"categories":[],"sub_categories":[],"readme":"# lokey\n\nlokey is a tool that makes it easy to work with and convert between cryptographic key formats.\n\nNamed after the shape shifting and mischief-making Trickster from Norse mythology, this tool serves to test the bounds of possibilities and order.\n\n## Installing lokey\n\nThe fastest way to get lokey is to use [pip](https://en.wikipedia.org/wiki/Pip_(package_manager)):\n\n    $ pip install lokey\n\n## Using lokey\n\nlokey makes it easy to fetch cryptographic keys from public sources like [Keybase](https://keybase.io/) and [PGP keyservers](https://en.wikipedia.org/wiki/Key_server_%28cryptographic%29), for example:\n\nFetch my Keybase key using [my Twitter handle](https://twitter.com/jf):\n\n    $ lokey fetch keybase twitter:jf\n\nSearch for PGP keys from journalists at the New York Times:\n\n    $ lokey fetch pgp nytimes.com\n\nYou can see all of the fetching commands that lokey has by typing:\n\n    $ lokey fetch\n\nlokey is also a tool for converting between cryptographic key formats, for example:\n\nMake it easier to grant your friends access to your SSH server:\n\n    $ sudo adduser jf\n    $ mkdir ~jf/.ssh\n    $ lokey fetch keybase twitter:jf | lokey to ssh \u003e ~jf/.ssh/authorized_keys\n\nSend an S/MIME encrypted email to an administrator of a TLS secured webserver:\n\n    $ echo \"A ship journeys from the east, Muspell's people are coming\" \u003e message.txt\n    $ lokey fetch tls example.com \u003e example.com.pem\n    $ openssl smime -encrypt -des3 -in message.txt example.com.pem \u003e smime.p7m\n\nOne of the administrators of the TLS secured webserver could read the message using this command:\n\n    openssl smime -decrypt -in smime.p7m -passin pass:[password for key] -inkey /path/to/webserver.key\n\nlokey will also give you information about keys that you pipe into it:\n\n    $ cat ~/.ssh/id_rsa.pub | lokey\n\n## Inspiration\n\nMany things inspired this project. \nThe genesis of this project comes from the many conversations I had with my dad about his implementation of [OpenPGP in Common Lisp](https://github.com/pfranusic/BlackLight).\nOne of those conversations was when I first learned that all RSA keys derived from the numbers (\"e\", \"n\", \"d\").\nMy dad's paper \"[Why RSA Works](https://github.com/pfranusic/why-RSA-works/blob/master/why-RSA-works.pdf)\", gave me the grounding I needed to reason and understand RSA cryptography.\n\nOther inspirations include [Zed Shaw's vulnarb.com](https://web.archive.org/web/20110828210530/http://vulnarb.com/) project, which was the first time I considered using TLS certificates for encrypting email.\n[The Monkeysphere Project](http://web.monkeysphere.info/) which inspired me to think of using the PGP [web of trust](https://en.wikipedia.org/wiki/Web_of_trust) for something other than email.  \n\nMy work at Okta on [key pinning](https://github.com/okta/okta-openvpn/blob/a8868879cd74db1737a13fe34c68aa5ac20f5ebe/okta_openvpn.py#L66-L94) introduced me to Python's outstanding cryptographic library \"[cryptography](https://cryptography.io/en/latest/)\". \nAnd most recently, my work on [converting JWK formatted keys to PEM formatted keys](https://github.com/jpf/okta-jwks-to-pem) proved how useful a command line utility for key conversion could be.\n\n## Learn more\n\n    $ lokey --help\n    $ lokey fetch\n    $ lokey to\n\n## What's missing\n\nThis release works, but only barely so. \nI'd like to know if other people find it useful and have ideas for\nwhat they'd want to use this tool for.\n\nThat said, I already know of many things that will need to be fixed or corrected soon:\n\n1.  I don't know if the keys generated by this tool will actually work in The Real World.\n    \n    PGP and X.509 certificates in particular have a lot of options, I haven't done any testing\n    with software like Outlook, Mail.app, GPGTools (for Mac), iOS, etc.\n    **Please let me know what needs to be fixed here!**\n2.  I'd like lokey to be able to genereate X.509 keys that could be used for S/MIME and\n    SSL \"client authentication\" (where a browser authenticates with a web server).\n    \n    I got a \"proof of concept\" working for this by turning lokey into a very simple \"certificate authority\", this didn't seem ideal though.\n3.  I want to add support for all the various fingerprint formats in use.\n4.  Passphrases for encrypted private keys shouldn't be passed via a command line argument.\n    \n    This could expose your passphrase!\n5.  I need to release my tests for \"Eris\" the class I use to convert keys.\n    \n    Before I do this, I need to make sure all the private keys are just test keys.\n6.  Documentation. This should be a literate document.\n7.  The text output for keys to match what you get with a tool like `pgpdump` or `openssl x509 -text`\n8.  Support the various key stores for Java, macOS, GPG, etc\n9.  I want to support more key formats (Pu\n    -   PuTTY\n    -   SSH Certificates\n    -   pkcs12?\n    -   DKIM?\n10. I have no idea how people use key bundles, or how lokey should support them\n\nSee also, `FIXME` notes in the source as well as my planned work in `README.org`\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjpf%2Flokey","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjpf%2Flokey","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjpf%2Flokey/lists"}