https://github.com/jpf/lokey

A tool that makes it easy to work with and convert between cryptographic key formats
https://github.com/jpf/lokey

jwk keybase openpgp pem pgp python ssh x509

Last synced: 7 months ago
JSON representation

A tool that makes it easy to work with and convert between cryptographic key formats

• Host: GitHub
• URL: https://github.com/jpf/lokey
• Owner: jpf
• License: gpl-3.0
• Created: 2017-02-28T06:19:03.000Z (over 8 years ago)
• Default Branch: master
• Last Pushed: 2022-05-30T07:53:08.000Z (over 3 years ago)
• Last Synced: 2025-03-08T19:39:35.904Z (7 months ago)
• Topics: jwk, keybase, openpgp, pem, pgp, python, ssh, x509
• Language: Python
• Homepage:
• Size: 150 KB
• Stars: 93
• Watchers: 7
• Forks: 15
• Open Issues: 5
• Metadata Files:
  • Readme: README.md
  • License: LICENSE.txt

Awesome Lists containing this project

README

          
# lokey

lokey is a tool that makes it easy to work with and convert between cryptographic key formats.

Named after the shape shifting and mischief-making Trickster from Norse mythology, this tool serves to test the bounds of possibilities and order.

## Installing lokey

The fastest way to get lokey is to use [pip](https://en.wikipedia.org/wiki/Pip_(package_manager)):

    $ pip install lokey

## Using lokey

lokey makes it easy to fetch cryptographic keys from public sources like [Keybase](https://keybase.io/) and [PGP keyservers](https://en.wikipedia.org/wiki/Key_server_%28cryptographic%29), for example:

Fetch my Keybase key using [my Twitter handle](https://twitter.com/jf):

    $ lokey fetch keybase twitter:jf

Search for PGP keys from journalists at the New York Times:

    $ lokey fetch pgp nytimes.com

You can see all of the fetching commands that lokey has by typing:

    $ lokey fetch

lokey is also a tool for converting between cryptographic key formats, for example:

Make it easier to grant your friends access to your SSH server:

    $ sudo adduser jf

    $ mkdir ~jf/.ssh

    $ lokey fetch keybase twitter:jf | lokey to ssh > ~jf/.ssh/authorized_keys

Send an S/MIME encrypted email to an administrator of a TLS secured webserver:

    $ echo "A ship journeys from the east, Muspell's people are coming" > message.txt

    $ lokey fetch tls example.com > example.com.pem

    $ openssl smime -encrypt -des3 -in message.txt example.com.pem > smime.p7m

One of the administrators of the TLS secured webserver could read the message using this command:

    openssl smime -decrypt -in smime.p7m -passin pass:[password for key] -inkey /path/to/webserver.key

lokey will also give you information about keys that you pipe into it:

    $ cat ~/.ssh/id_rsa.pub | lokey

## Inspiration

Many things inspired this project. 

The genesis of this project comes from the many conversations I had with my dad about his implementation of [OpenPGP in Common Lisp](https://github.com/pfranusic/BlackLight).

One of those conversations was when I first learned that all RSA keys derived from the numbers ("e", "n", "d").

My dad's paper "[Why RSA Works](https://github.com/pfranusic/why-RSA-works/blob/master/why-RSA-works.pdf)", gave me the grounding I needed to reason and understand RSA cryptography.

Other inspirations include [Zed Shaw's vulnarb.com](https://web.archive.org/web/20110828210530/http://vulnarb.com/) project, which was the first time I considered using TLS certificates for encrypting email.

[The Monkeysphere Project](http://web.monkeysphere.info/) which inspired me to think of using the PGP [web of trust](https://en.wikipedia.org/wiki/Web_of_trust) for something other than email.  

My work at Okta on [key pinning](https://github.com/okta/okta-openvpn/blob/a8868879cd74db1737a13fe34c68aa5ac20f5ebe/okta_openvpn.py#L66-L94) introduced me to Python's outstanding cryptographic library "[cryptography](https://cryptography.io/en/latest/)". 

And most recently, my work on [converting JWK formatted keys to PEM formatted keys](https://github.com/jpf/okta-jwks-to-pem) proved how useful a command line utility for key conversion could be.

## Learn more

    $ lokey --help

    $ lokey fetch

    $ lokey to

## What's missing

This release works, but only barely so. 

I'd like to know if other people find it useful and have ideas for

what they'd want to use this tool for.

That said, I already know of many things that will need to be fixed or corrected soon:

1.  I don't know if the keys generated by this tool will actually work in The Real World.

    

    PGP and X.509 certificates in particular have a lot of options, I haven't done any testing

    with software like Outlook, Mail.app, GPGTools (for Mac), iOS, etc.

    **Please let me know what needs to be fixed here!**

2.  I'd like lokey to be able to genereate X.509 keys that could be used for S/MIME and

    SSL "client authentication" (where a browser authenticates with a web server).

    

    I got a "proof of concept" working for this by turning lokey into a very simple "certificate authority", this didn't seem ideal though.

3.  I want to add support for all the various fingerprint formats in use.

4.  Passphrases for encrypted private keys shouldn't be passed via a command line argument.

    

    This could expose your passphrase!

5.  I need to release my tests for "Eris" the class I use to convert keys.

    

    Before I do this, I need to make sure all the private keys are just test keys.

6.  Documentation. This should be a literate document.

7.  The text output for keys to match what you get with a tool like `pgpdump` or `openssl x509 -text`

8.  Support the various key stores for Java, macOS, GPG, etc

9.  I want to support more key formats (Pu

    -   PuTTY

    -   SSH Certificates

    -   pkcs12?

    -   DKIM?

10. I have no idea how people use key bundles, or how lokey should support them

See also, `FIXME` notes in the source as well as my planned work in `README.org`