1 unstable release
0.1.0 | Apr 4, 2021 |
---|
#26 in #generate-keys
18KB
317 lines
cfs_openpgp
Mostly, this crate is just an excuse to familiarize myself with Rust.
Imagine you have a secure, real-world source of entropy that you use as a root key (for instance, https://dicekeys.com/). You may reasonably wish to use the same root (combined with a salt) to generate reproducible cryptographic secret keys. This way, if your cryptographic secrets are ever compromised, you can use the secure physical key with a new salt to generate new ones. If your secrets are lost, however, you can just rebuild them using your physical key and the previous salt.
This application is a very thin wrapper around sequoia_openpgp
that takes an input passphrase and generates a valid pgp
certificate with a primary EdDSA Edwards-curve Digital Signature Algorithm key and 4 subordinate keys:
- authentication (EdDSA Edwards-curve Digital Signature Algorithm)
- encryption (ECDH public key algorithm)
- encryption (RSA 4096)
- signing (EdDSA Edwards-curve Digital Signature Algorithm)
usage
Clone the codebase locally and run like so:
cargo run -- --username "Alice" --email "alice@example.com" --key-sig-time 0 --weeks-subkeys-exp-in 52 --secret "a super-secure secret phrase that's been generated from real entropy"
This will output your ASCII-armored PGP certificate, a revocation signature, and the IDs and ASCII-armored representations of each key.
NOTE: BE SURE TO USE THE EXACT SAME VERSION OF THIS LIBRARY (AND THUS THE SAME NETTLE AND SEQUOIA-OPENPGP LIBRARIES) OR YOU MAY NOT GENERATE THE SAME KEY.
acknowledgements
Many thanks to Neal Walfield of the sequoia_openpgp project for all the help on freenode #sequoia.
Dependencies
~15–26MB
~318K SLoC