Allow dumping ids from public keys

js/sign/README.md

@@ -104,13 +104,15 @@ This package also includes 2 CLI tools
 There are the following command-line flags available:
 
 - (required) `--private-key <filePath>` (`-k <filePath>`)  
-  which takes the path to ed25519 private key. If chosen format is `v2`, this can be specified multiple times.
+  which takes the path to ed25519 private key. If chosen format is `v2`, this
+  can be specified multiple times.
 - (required) `--input <filePath>` (`-i <filePath>`)  
   which takes the path to the web bundle to be signed.
 - (optional) `--output <filePath>` (`-o <filePath>`)  
   which takes the path to the wanted signed web bundle output. Default:
   `signed.swbn`.
-- (required if more than one key is provided) `--web-bundle-id <web-bundle-id>`  
+- (required if more than one key is provided)
+  `--web-bundle-id <web-bundle-id>`  
   which takes the `web-bundle-id` to be associated with the web bundle.
 
 Example commands:
@@ -136,11 +138,13 @@ wbn-sign \
 
 There are the following command-line flags available:
 
-- (required) `--private-key <filePath>` (`-k <filePath>`)  
-  which takes the path to ed25519 private key.
-- (optional) `--with-iwa-scheme <boolean>` (`-s`)  
-  which dumps the Web Bundle ID with isolated-app:// scheme. By default it only
-  dumps the ID. Default: `false`.
+- (required) `--key <filePath>` which takes the path to ed25519/ecdsaP256 public
+  or private key.
+- (optional) `--with-iwa-scheme <boolean>` (`-s`) which dumps the Web Bundle ID
+  with isolated-app:// scheme. By default it only dumps the ID. Default:
+  `false`.
+- (optional) `--with-key-type <boolean>` (`-t`) which also outputs the type of
+  the key used (ecdsa/ed25519). Default: `false`.
 
 Example command:
 
@@ -191,10 +195,17 @@ environment variable named `WEB_BUNDLE_SIGNING_PASSPHRASE`.
 
 ## Release Notes
 
+### v0.2.5
+
+- Add support for dumping bundle IDs from public keys (used to be private-only).
+  Note that --private-key is hence renamed to --key.
+
 ### v0.2.3
+
 - Add support for obtaining bundleID from a .swbn file.
 
 ### v0.2.2
+
 - BREAKING CHANGE: Removed support for v1 integrity block format.
 
 ### v0.2.1

js/sign/package.json

@@ -1,6 +1,6 @@
 {
   "name": "wbn-sign",
-  "version": "0.2.4",
+  "version": "0.2.5",
   "description": "Signing tool to sign a web bundle with integrity block",
   "homepage": "https://github.com/WICG/webpackage/tree/main/js/sign",
   "main": "./lib/wbn-sign.cjs",

js/sign/src/cli-dump-id.ts

@@ -5,38 +5,59 @@ import {
   greenConsoleLog,
   parseMaybeEncryptedKeyFromFile,
 } from './utils/cli-utils.js';
-import { KeyObject } from 'crypto';
+import { KeyObject, createPublicKey } from 'crypto';
 
 const program = new Command()
   .name('wbn-dump-id')
   .description(
-    'A simple CLI tool to dump the Web Bundle ID matching to the given private key.'
+    'A simple CLI tool to dump the Web Bundle ID corresponding to the given key.'
   );
 
+function parsePublicKey(filePath: string): KeyObject {
+  return createPublicKey(fs.readFileSync(filePath));
+}
+
+async function parseKey(filePath: string): Promise<KeyObject> {
+  try {
+    return parsePublicKey(filePath);
+  } catch (err) {
+    // Suppress this error.
+  }
+
+  return await parseMaybeEncryptedKeyFromFile(filePath);
+}
+
 function readOptions() {
   return program
     .requiredOption(
-      '-k, --private-key <file>',
-      'Reads an Ed25519 / ECDSA P-256 private key from the given path. (required)'
+      '-k, --key <file>',
+      'Reads an Ed25519 / ECDSA P-256 private / public key from the given path.'
     )
     .option(
       '-s, --with-iwa-scheme',
       'Dumps the Web Bundle ID with isolated-app:// scheme. By default it only dumps the ID. (optional)',
       /*defaultValue=*/ false
     )
+    .option(
+      '-t, --with-key-type',
+      'Dumps the key type (optional)',
+      /*defaultValue=*/ false
+    )
     .parse(process.argv)
     .opts();
 }
 
 export async function main() {
   const options = readOptions();
-  const parsedPrivateKey: KeyObject = await parseMaybeEncryptedKeyFromFile(
-    options.privateKey
-  );
 
-  const webBundleId: string = options.withIwaScheme
-    ? new WebBundleId(parsedPrivateKey).serializeWithIsolatedWebAppOrigin()
-    : new WebBundleId(parsedPrivateKey).serialize();
-
-  greenConsoleLog(webBundleId);
+  const parsedKey: KeyObject = await parseKey(options.key);
+  const webBundleId: WebBundleId = new WebBundleId(parsedKey);
+  if (options.withKeyType) {
+    greenConsoleLog(webBundleId.getKeyTypeName());
+  }
+  greenConsoleLog(
+    options.withIwaScheme
+      ? webBundleId.serializeWithIsolatedWebAppOrigin()
+      : webBundleId.serialize()
+  );
 }

js/sign/src/web-bundle-id.ts

@@ -17,6 +17,10 @@ export class WebBundleId {
     [SignatureType.Ed25519, [0x00, 0x01, 0x02]],
     [SignatureType.EcdsaP256SHA256, [0x00, 0x02, 0x02]],
   ]);
+  private readonly TYPE_NAME_MAPPING = new Map<SignatureType, string>([
+    [SignatureType.Ed25519, 'Ed25519'],
+    [SignatureType.EcdsaP256SHA256, 'EcdsaP256'],
+  ]);
   private readonly scheme = 'isolated-app://';
   private readonly key: KeyObject;
   private readonly typeSuffix: number[];
@@ -37,6 +41,10 @@ export class WebBundleId {
     this.typeSuffix = this.TYPE_SUFFIX_MAPPING.get(getSignatureType(this.key))!;
   }
 
+  getKeyTypeName(): string {
+    return this.TYPE_NAME_MAPPING.get(getSignatureType(this.key)) as string;
+  }
+
   serialize() {
     return base32Encode(
       new Uint8Array([...getRawPublicKey(this.key), ...this.typeSuffix]),