feat(crypto): support SSH key

v0.15.0

Author: dbohdan

README.md

@@ -14,13 +14,21 @@ It provides the following in a single binary:
 
 pago encrypts passwords with one or more public keys using [age](https://github.com/FiloSottile/age) (pronounced with a hard "g").
 The public keys are called "recipients".
+Recipients can be:
+- age recipients
+- SSH public keys
+
 A private key matching one of the recipient public keys can decrypt the password.
 The private keys are called "identities".
+Identities can be:
+- age identities
+- SSH private keys
+
 The file with the identities is encrypted with a password, also using age.
 
 pago implements an agent like [ssh-agent](https://en.wikipedia.org/wiki/Ssh-agent) or [gpg-agent](https://www.gnupg.org/documentation/manuals/gnupg/Invoking-GPG_002dAGENT.html).
 The agent caches the identities.
-This mean you don't have to enter the master password again during a session.
+This means you don't have to enter the master password again during a session.
 pago starts the agent the first time you enter the master password.
 You can also start and stop the agent manually.
 
@@ -78,7 +86,7 @@ You may need to allow pago-agent to [**lock enough memory**](#memory-locking).
 
 ## Supported platforms
 
-- pago is used by the developer on Linux, NetBSD, and rarely) OpenBSD.
+- pago is used by the developer on Linux, NetBSD, and (rarely) OpenBSD.
 - pago is automatically tested on FreeBSD and macOS.
 - pago does not build on Windows.
 
@@ -96,6 +104,45 @@ pago init
 
 This will create a new password store, prompt you for a master password, and commit the recipients file to Git.
 
+### Using SSH keys
+
+To use pago with an SSH key as an identity, follow these steps.
+Back up your `identities` file and install age for the command line before proceeding.
+
+Note that the SSH key must not be encrypted, i.e., must not have a password.
+If necessary, remove the password with `ssh-keygen`.
+pago encrypts `identities` with a password using age encryption.
+
+You may wish to work with secrets in memory or on an encrypted disk.
+On Linux with glibc, you normally have `/dev/shm/` available as temporary in-memory storage.
+
+1. Add your SSH _public_ key to `.age-recipients`.
+You can have multiple recipients.
+
+```shell
+# Repeat for every SSH key.
+cat ~/.ssh/id_ed25519.pub >> ~/.local/share/pago/store/.age-recipients
+
+pago rekey
+```
+
+2. Add the corresponding SSH _private_ key to the encrypted identities file.
+This is not automated and requires decrypting the file manually using the `age` command.
+We are going to use a directory in `/dev/shm/` in this example.
+
+```shell
+# Edit the identities file.
+mkdir -p "/dev/shm/pago-$USER-temp/"
+age -d -o "/dev/shm/pago-$USER-temp/identities" ~/.local/share/pago/identities
+# Ensure a line break.
+echo >> "/dev/shm/pago-$USER-temp/identities"
+cat ~/.ssh/id_ed25519 >> "/dev/shm/pago-$USER-temp/identities"
+age -a -e -p -o ~/.local/share/pago/identities "/dev/shm/pago-$USER-temp/identities"
+
+# Restart the agent to load the new identities.
+pago agent restart
+```
+
 ### Add passwords
 
 ```shell

agent/agent.go

@@ -113,7 +113,7 @@ func Run(socket string) error {
 
 				identitiesText := string(cmd.Args[1])
 
-				newIdentities, err := age.ParseIdentities(strings.NewReader(identitiesText))
+				newIdentities, err := crypto.ParseIdentities(identitiesText)
 				if err != nil {
 					conn.WriteError(`ERR failed to parse identities`)
 					return

cmd/pago/main.go

@@ -704,7 +704,7 @@ func (cmd *RekeyCmd) Run(config *Config) error {
 		return err
 	}
 
-	ids, err := age.ParseIdentities(strings.NewReader(identitiesText))
+	ids, err := crypto.ParseIdentities(identitiesText)
 	if err != nil {
 		return fmt.Errorf("failed to parse identities: %v", err)
 	}

config.go

@@ -22,12 +22,12 @@ const (
 	ExitMemlockError = 3
 	FilePerms        = 0o600
 	NameInvalidChars = `[\n]`
-	Version          = "0.14.0"
+	Version          = "0.15.0"
 	WaitForSocket    = 3 * time.Second
 
 	DefaultAgent           = "pago-agent"
-	DefaultGitEmail        = "pago password manager"
-	DefaultGitName         = "pago@localhost"
+	DefaultGitEmail        = "pago@localhost"
+	DefaultGitName         = "pago password manager"
 	DefaultPasswordLength  = "20"
 	DefaultPasswordPattern = "[A-Za-z0-9]"
 

crypto/crypto.go

@@ -19,6 +19,7 @@ import (
 	"dbohdan.com/pago/input"
 
 	"filippo.io/age"
+	"filippo.io/age/agessh"
 	"filippo.io/age/armor"
 )
 
@@ -32,9 +33,17 @@ func ParseRecipients(contents string) ([]age.Recipient, error) {
 			continue
 		}
 
-		recipient, err := age.ParseX25519Recipient(line)
+		var recipient age.Recipient
+		var err error
+
+		// First, try to parse as an X25519 recipient.
+		recipient, err = age.ParseX25519Recipient(line)
 		if err != nil {
-			return nil, fmt.Errorf("invalid recipient: %v", err)
+			// Then try parsing as an SSH public key.
+			recipient, err = agessh.ParseRecipient(line)
+			if err != nil {
+				return nil, fmt.Errorf("invalid recipient: %v", err)
+			}
 		}
 
 		recips = append(recips, recipient)
@@ -112,6 +121,64 @@ func WrapDecrypt(r io.Reader, identities ...age.Identity) (io.Reader, error) {
 	return age.Decrypt(r, identities...)
 }
 
+func ParseIdentities(identityData string) ([]age.Identity, error) {
+	var allIdentities []age.Identity
+	var pemBlock []string
+	inPEMBlock := false
+
+	lines := strings.Split(identityData, "\n")
+
+	for _, line := range lines {
+		trimmedLine := strings.TrimSpace(line)
+
+		if strings.HasPrefix(trimmedLine, "-----BEGIN") {
+			if inPEMBlock {
+				return nil, errors.New("invalid PEM block: nested BEGIN")
+			}
+
+			inPEMBlock = true
+			pemBlock = []string{line}
+			continue
+		}
+
+		if inPEMBlock {
+			pemBlock = append(pemBlock, line)
+			if strings.HasPrefix(trimmedLine, "-----END") {
+				inPEMBlock = false
+				pemBytes := []byte(strings.Join(pemBlock, "\n"))
+
+				id, err := agessh.ParseIdentity(pemBytes)
+				if err != nil {
+					return nil, fmt.Errorf("invalid SSH identity in PEM block: %v", err)
+				}
+				allIdentities = append(allIdentities, id)
+				pemBlock = nil
+			}
+
+			continue
+		}
+
+		if trimmedLine == "" || strings.HasPrefix(trimmedLine, "#") {
+			continue
+		}
+
+		// If it's not a PEM block, it must be a native age identity.
+		id, err := age.ParseX25519Identity(trimmedLine)
+		if err != nil {
+			return nil, fmt.Errorf("invalid identity: %v", err)
+		}
+
+		allIdentities = append(allIdentities, id)
+		fmt.Fprintf(os.Stderr, "allIdentities: %q\n", allIdentities)
+	}
+
+	if inPEMBlock {
+		return nil, errors.New("invalid PEM block: missing END")
+	}
+
+	return allIdentities, nil
+}
+
 func DecryptIdentities(identitiesPath string) (string, error) {
 	encryptedData, err := os.ReadFile(identitiesPath)
 	if err != nil {
@@ -158,7 +225,7 @@ func DecryptEntry(identities, passwordStore, name string) (string, error) {
 		return "", err
 	}
 
-	ids, err := age.ParseIdentities(strings.NewReader(identitiesText))
+	ids, err := ParseIdentities(identitiesText)
 	if err != nil {
 		return "", fmt.Errorf("failed to parse identities: %v", err)
 	}

go.mod

@@ -23,6 +23,7 @@ require (
 
 require (
 	dario.cat/mergo v1.0.2 // indirect
+	filippo.io/edwards25519 v1.1.0 // indirect
 	github.com/Microsoft/go-winio v0.6.2 // indirect
 	github.com/ProtonMail/go-crypto v1.3.0 // indirect
 	github.com/atotto/clipboard v0.1.4 // indirect

go.sum

@@ -4,6 +4,8 @@ dario.cat/mergo v1.0.2 h1:85+piFYR1tMbRrLcDwR18y4UKJ3aH1Tbzi24VRW1TK8=
 dario.cat/mergo v1.0.2/go.mod h1:E/hbnu0NxMFBjpMIE34DRGLWqDy0g5FuKDhCb31ngxA=
 filippo.io/age v1.2.1 h1:X0TZjehAZylOIj4DubWYU1vWQxv9bJpo+Uu2/LGhi1o=
 filippo.io/age v1.2.1/go.mod h1:JL9ew2lTN+Pyft4RiNGguFfOpewKwSHm5ayKD/A4004=
+filippo.io/edwards25519 v1.1.0 h1:FNf4tywRC1HmFuKW5xopWpigGjJKiJSV0Cqo0cJWDaA=
+filippo.io/edwards25519 v1.1.0/go.mod h1:BxyFTGdWcka3PhytdK4V28tE5sGfRvvvRV7EaN4VDT4=
 github.com/MakeNowJust/heredoc v1.0.0 h1:cXCdzVdstXyiTqTvfqk9SDHpKNjxuom+DOlyEeQ4pzQ=
 github.com/MakeNowJust/heredoc v1.0.0/go.mod h1:mG5amYoWBHf8vpLOuehzbGGw0EHxpZZ6lCpQ4fNJ8LE=
 github.com/Microsoft/go-winio v0.5.2/go.mod h1:WpS1mjBmmwHBEWmogvA2mj8546UReBk4v8QkMxJ6pZY=

test/e2e_test.go

@@ -16,6 +16,8 @@ import (
 	"strings"
 	"testing"
 
+	"dbohdan.com/pago"
+	"dbohdan.com/pago/crypto"
 	"dbohdan.com/pago/tree"
 
 	"filippo.io/age"
@@ -88,7 +90,7 @@ func withPagoDir(test func(dataDir string) (string, error)) (string, error) {
 }
 
 func createFakeEntry(dataDir, name string) error {
-	file, err := os.OpenFile(filepath.Join(dataDir, "store", name+".age"), os.O_CREATE|os.O_RDONLY, 0600)
+	file, err := os.OpenFile(filepath.Join(dataDir, "store", name+".age"), os.O_CREATE|os.O_RDONLY, pago.FilePerms)
 	if err != nil {
 		return err
 	}
@@ -320,6 +322,106 @@ func TestGenerate(t *testing.T) {
 	}
 }
 
+func getSSHIdentity(t *testing.T) age.Identity {
+	t.Helper()
+
+	privateKey, err := os.ReadFile("id_ed25519")
+	if err != nil {
+		t.Fatalf("Failed to read SSH private key: %v", err)
+	}
+
+	ids, err := crypto.ParseIdentities(string(privateKey))
+	if err != nil {
+		t.Fatalf("Failed to parse SSH identity: %v", err)
+	}
+
+	return ids[0]
+}
+
+func TestRekeyWithSSH(t *testing.T) {
+	_, err := withPagoDir(func(dataDir string) (string, error) {
+		for _, name := range []string{"foo", "bar", "baz/qux"} {
+			stdout, stderr, err := runCommandEnv(
+				[]string{"PAGO_DIR=" + dataDir},
+				"add", name, "--length", "32", "--pattern", "[a]", "--random",
+			)
+			if err != nil {
+				return stdout + "\n" + stderr, err
+			}
+		}
+
+		// Write the SSH public key to .age-recipients.
+		publicKey, err := os.ReadFile("id_ed25519.pub")
+		if err != nil {
+			return "", fmt.Errorf("failed to read test SSH public key: %w", err)
+		}
+
+		recipientsPath := filepath.Join(dataDir, "store/.age-recipients")
+		err = os.WriteFile(recipientsPath, publicKey, pago.FilePerms)
+		if err != nil {
+			return "", fmt.Errorf("failed to write recipients file: %w", err)
+		}
+
+		c, err := expect.NewConsole()
+		if err != nil {
+			return "", fmt.Errorf("failed to create console: %w", err)
+		}
+		defer c.Close()
+
+		cmd := exec.Command(commandPago, "--dir", dataDir, "--socket", "", "rekey")
+		cmd.Stdin = c.Tty()
+		cmd.Stdout = c.Tty()
+		cmd.Stderr = c.Tty()
+
+		err = cmd.Start()
+		if err != nil {
+			return "", fmt.Errorf("failed to start rekey command: %w", err)
+		}
+
+		_, err = c.ExpectString("Enter password")
+		if err != nil {
+			return "", fmt.Errorf("failed to get password prompt: %w", err)
+		}
+		_, _ = c.SendLine(password)
+
+		err = cmd.Wait()
+		if err != nil {
+			return "", fmt.Errorf("rekey failed: %w", err)
+		}
+
+		// Verify we can decrypt the entries using the SSH key.
+		sshIdentity := getSSHIdentity(t)
+
+		for _, name := range []string{"foo", "bar", "baz/qux"} {
+			encryptedPath := filepath.Join(dataDir, "store", name+".age")
+			encryptedBytes, err := os.ReadFile(encryptedPath)
+			if err != nil {
+				return "", fmt.Errorf("failed to read encrypted file %q: %w", name, err)
+			}
+
+			r, err := age.Decrypt(armor.NewReader(bytes.NewReader(encryptedBytes)), sshIdentity)
+			if err != nil {
+				return "", fmt.Errorf("failed to decrypt %q: %w", name, err)
+			}
+
+			decrypted, err := io.ReadAll(r)
+			if err != nil {
+				return "", fmt.Errorf("failed to read decrypted content of %q: %w", name, err)
+			}
+
+			if !regexp.MustCompile(`^a{32}$`).Match(decrypted) {
+				return "", fmt.Errorf("unexpected decrypted content for %q: %q", name, decrypted)
+			}
+		}
+
+		return "", nil
+	})
+
+	if err != nil {
+		t.Errorf("SSH rekey test failed: %v", err)
+	}
+}
+
 func TestRekey(t *testing.T) {
 	_, err := withPagoDir(func(dataDir string) (string, error) {
 		for _, name := range []string{"foo", "bar", "baz/qux"} {
@@ -339,7 +441,7 @@ func TestRekey(t *testing.T) {
 
 		// Write the public key to .age-recipients.
 		recipientsPath := filepath.Join(dataDir, "store/.age-recipients")
-		err = os.WriteFile(recipientsPath, []byte(identity.Recipient().String()+"\n"), 0600)
+		err = os.WriteFile(recipientsPath, []byte(identity.Recipient().String()+"\n"), pago.FilePerms)
 		if err != nil {
 			return "", fmt.Errorf("failed to write recipients file: %w", err)
 		}

test/id_ed25519

@@ -0,0 +1,7 @@
+-----BEGIN OPENSSH PRIVATE KEY-----
+b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAAAMwAAAAtzc2gtZW
+QyNTUxOQAAACBhHkkIBCd9h1kr/T2Mp9mKyHCwUIF65owOYs2PtuOeNwAAAJhKwahRSsGo
+UQAAAAtzc2gtZWQyNTUxOQAAACBhHkkIBCd9h1kr/T2Mp9mKyHCwUIF65owOYs2PtuOeNw
+AAAED+uxPS3oSzjdeiXiwuJvg6XcSwW9p0qILdiIcBcmAUS2EeSQgEJ32HWSv9PYyn2YrI
+cLBQgXrmjA5izY+24543AAAAD2Rib2hkYW5AaG91ZGluaQECAwQFBg==
+-----END OPENSSH PRIVATE KEY-----

test/id_ed25519.pub

@@ -0,0 +1 @@
+ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGEeSQgEJ32HWSv9PYyn2YrIcLBQgXrmjA5izY+24543 user@localhost