switched key generation from secret key to pkc (sealed box)

2025-12-06 07:33:55 +01:00 · 2021-08-07 12:55:40 +02:00
parent e97e2c2934
commit eee4c38a5b
2 changed files with 44 additions and 27 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1,4 +1,4 @@
-src/secretkey.h
-src/secretkey.bin
 src/genkey
 src/libexim-kitencrypt-dlfunc.so
+src/recipient_sk.raw
+src/recipient_sk.h
--- a/src/genkey.c
+++ b/src/genkey.c
@ -3,12 +3,48 @@
 void dumpkey(FILE* f, unsigned char * name, unsigned char * key, unsigned int keylen) {
 	fprintf(f, "const unsigned char %s[] = { ", name);
 	for(int i=0; i < keylen; i++) {
-		fprintf(f, "0x%02X", key[i]);
+		fprintf(f, "0x%02x", key[i]);
 		if (i < keylen-1) {
 			fprintf(f, ", ");
 		}
 	}
 	fprintf(f, " };\n");
+	fprintf(f, "const unsigned int %s_length = %d;\n", name, keylen);
+}
+
+void write_key_files(unsigned char * filebase, unsigned char * varname, unsigned char * key, unsigned int keylen) {
+	unsigned char header_filename[4096];
+	unsigned char raw_filename[4096];
+
+       	sprintf(header_filename, "%s.h", filebase);
+       	sprintf(raw_filename, "%s.raw", filebase);
+
+	// open header file
+	FILE *hfile = fopen(header_filename, "w+");
+	if (hfile == NULL) {
+		fprintf(stderr, "Unable to open %s for writing", header_filename);
+		exit(129);
+	}
+
+	// write key as C code
+	dumpkey(hfile, varname, key, keylen);
+
+	// close header file
+	fclose(hfile);
+
+	// open raw file
+	FILE *rfile = fopen(raw_filename, "w+");
+	if (rfile == NULL) {
+		fprintf(stderr, "Unable to open %s for writing", raw_filename);
+		exit(129);
+	}
+
+	// write key
+	fwrite(key, sizeof(key[0]), keylen, rfile);
+
+	// close raw file
+	fclose(rfile);
+
 }

 int main(void)
@ -18,31 +54,12 @@ int main(void)
 		exit(128);
 	}

-	unsigned char key[crypto_secretbox_KEYBYTES];
-	crypto_secretbox_keygen(key);
+	unsigned char recipient_pk[crypto_box_PUBLICKEYBYTES];
+	unsigned char recipient_sk[crypto_box_SECRETKEYBYTES];
+	crypto_box_keypair(recipient_pk, recipient_sk);

-	FILE *keyfile = fopen("secretkey.h", "w+");
-	if (keyfile == NULL) {
-		fputs("Unable to open secretkey.h", stderr);
-		exit(129);
-	}
-
-	fputs("#ifndef EXIM4ENCRYPTSECRETKEY_H\n#define EXIM4ENCRYPTSECRETKEY_H\n\n", keyfile);
-	dumpkey(keyfile, "key", key, crypto_secretbox_KEYBYTES);
-	fprintf(keyfile, "unsigned int keylen = %u;\n", crypto_secretbox_KEYBYTES);
-	fputs("#endif // EXIM4ENCRYPTSECRETKEY_H\n", keyfile);
-
-	fclose(keyfile);
-
-	FILE *keyfilebin = fopen("secretkey.bin", "w+");
-	if (keyfilebin == NULL) {
-		fputs("Unable to open secretkey.bin", stderr);
-		exit(129);
-	}
-
-	fwrite(key, sizeof(key[0]), crypto_secretbox_KEYBYTES, keyfilebin);
-
-	fclose(keyfilebin);
+	write_key_files("recipient_pk", "recipient_pk", recipient_pk, crypto_box_PUBLICKEYBYTES);
+	write_key_files("recipient_sk", "recipient_sk", recipient_sk, crypto_box_SECRETKEYBYTES);

 	exit(EXIT_SUCCESS);
 }