func (pk *PrivateKey) parseRSAPrivateKey(data []byte) (err error) {
rsaPub := pk.PublicKey.PublicKey.(*rsa.PublicKey)
rsaPriv := new(rsa.PrivateKey)
rsaPriv.PublicKey = *rsaPub
buf := bytes.NewBuffer(data)
d, _, err := readMPI(buf)
if err != nil {
return
}
p, _, err := readMPI(buf)
if err != nil {
return
}
q, _, err := readMPI(buf)
if err != nil {
return
}
rsaPriv.D = new(big.Int).SetBytes(d)
rsaPriv.Primes = make([]*big.Int, 2)
rsaPriv.Primes[0] = new(big.Int).SetBytes(p)
rsaPriv.Primes[1] = new(big.Int).SetBytes(q)
if err := rsaPriv.Validate(); err != nil {
return err
}
rsaPriv.Precompute()
pk.PrivateKey = rsaPriv
pk.Encrypted = false
pk.encryptedData = nil
return nil
}
func NewRsaEncrypt(privateKeyInput io.Reader, keyBytes int, newHash func() hash.Hash) (*RsaEncrypt, error) {
data, err := ioutil.ReadAll(privateKeyInput)
if err != nil {
return nil, err
}
var block *pem.Block
if block, _ = pem.Decode(data); block == nil || block.Type != "RSA PRIVATE KEY" {
return nil, errors.New("wrong private key")
}
var privateKey *rsa.PrivateKey
if privateKey, err = x509.ParsePKCS1PrivateKey(block.Bytes); err != nil {
return nil, err
}
privateKey.Precompute()
if err = privateKey.Validate(); err != nil {
return nil, err
}
h := newHash()
r := &RsaEncrypt{
privateKey: privateKey,
keyBytes: keyBytes,
maxMsgBytes: keyBytes - (h.Size()*2 + 2),
newHash: newHash,
}
return r, nil
}
//Generate is use to create a pair of keys (Private and Public) you can specify if you want to save them in a file,
// the path is defined by PrivateKeyPath and PublicKeyPath global variable
func Generate(identifier string, save bool) (*rsa.PrivateKey, *rsa.PublicKey, error) {
var publickey *rsa.PublicKey
var privatekey *rsa.PrivateKey
privatekey, err := rsa.GenerateKey(rand.Reader, 1024)
if err != nil {
return nil, nil, err
}
privatekey.Precompute()
err = privatekey.Validate()
if err != nil {
return nil, nil, err
}
publickey = &privatekey.PublicKey
if save == true {
savePrivateKey(privatekey, PrivateKeyPath)
savePublicKey(publickey, identifier, PublicKeyPath)
}
return privatekey, publickey, nil
}
// NewKeyChain sets up a new keychain based on the RSA private key passed
// in. It ensures the returned keychain is valid.
func NewKeyChain(prv *rsa.PrivateKey) (kc *KeyChain, err error) {
if err = prv.Validate(); err != nil {
return
}
kc = new(KeyChain)
kc.Private = prv
kc.Public = make([]*PubKey, 0)
return
}
func GetKey() rsa.PrivateKey {
var placeholder []byte
var mykey MyKey
var key rsa.PrivateKey
stmt, err := db.Prepare("SELECT key FROM key")
if err != nil {
fmt.Println("While SELECTing", err)
}
err = stmt.Exec()
if err != nil {
fmt.Println("While running Exec()", err)
}
for {
if !stmt.Next() {
break
} else {
stmt.Scan(&placeholder)
//fmt.Println("Getting key:",string(placeholder))
err = json.Unmarshal(placeholder, &mykey)
if err != nil {
fmt.Println(err)
os.Exit(1)
}
d := big.NewInt(0)
p := big.NewInt(0)
q := big.NewInt(0)
n := big.NewInt(0)
d.SetString(mykey.D, 10)
p.SetString(mykey.P, 10)
q.SetString(mykey.Q, 10)
n.SetString(mykey.PublicKey.N, 10)
pubkey := rsa.PublicKey{N: n, E: mykey.PublicKey.E}
key = rsa.PrivateKey{D: d, P: p, Q: q, PublicKey: pubkey}
//fmt.Println("KEY:",key)
err = key.Validate()
if err != nil {
fmt.Println("key errors:", err)
} else {
//fmt.Println("key looks valid")
}
}
}
return key
}
// ParsePKCS1PrivateKey returns an RSA private key from its ASN.1 PKCS#1 DER encoded form.
func ParsePKCS1PrivateKey(der []byte) (*rsa.PrivateKey, error) {
var priv pkcs1PrivateKey
rest, err := asn1.Unmarshal(der, &priv)
if len(rest) > 0 {
return nil, asn1.SyntaxError{Msg: "trailing data"}
}
if err != nil {
return nil, err
}
if priv.Version > 1 {
return nil, errors.New("x509: unsupported private key version")
}
if priv.N.Sign() <= 0 || priv.D.Sign() <= 0 || priv.P.Sign() <= 0 || priv.Q.Sign() <= 0 {
return nil, errors.New("x509: private key contains zero or negative value")
}
key := new(rsa.PrivateKey)
key.PublicKey = rsa.PublicKey{
E: priv.E,
N: priv.N,
}
key.D = priv.D
key.Primes = make([]*big.Int, 2+len(priv.AdditionalPrimes))
key.Primes[0] = priv.P
key.Primes[1] = priv.Q
for i, a := range priv.AdditionalPrimes {
if a.Prime.Sign() <= 0 {
return nil, errors.New("x509: private key contains zero or negative prime")
}
key.Primes[i+2] = a.Prime
// We ignore the other two values because rsa will calculate
// them as needed.
}
err = key.Validate()
if err != nil {
return nil, err
}
key.Precompute()
return key, nil
}
// SplitPrivateKey takes an existing rsa.PrivateKey and splits it into two mrsa.PrivateKeys.
// The value of D for the first key is chosen uniformly, and the value for D of the second key
// is thus fixed.
func SplitPrivateKey(k *rsa.PrivateKey) (*PrivateKey, *PrivateKey, error) {
k1 := &PrivateKey{PublicKey: PublicKey(k.PublicKey)}
k2 := &PrivateKey{PublicKey: PublicKey(k.PublicKey)}
err := k.Validate()
if err != nil {
return nil, nil, err
}
k1.D, err = rand.Int(rand.Reader, k.D)
if err != nil {
return nil, nil, err
}
k2.D = new(big.Int).Sub(k.D, k1.D)
return k1, k2, nil
}
// GenerateKeys creates a public and private key for the current transfer
// returns both
func GenerateKeys() (*rsa.PublicKey, *rsa.PrivateKey) {
var publicKey *rsa.PublicKey
var privateKey *rsa.PrivateKey
var err error
// Generate Private Key
if privateKey, err = rsa.GenerateKey(rand.Reader, 1024); err != nil {
log.Fatal(err)
}
// Validate Private Key -- Sanity checks on the key
if err = privateKey.Validate(); err != nil {
log.Fatal(err)
}
// Precompute some calculations speeds up private key operations in the future
privateKey.Precompute()
//Public key address (of an RSA key)
publicKey = &privateKey.PublicKey
return publicKey, privateKey
}
func TestRsa() {
var private_key *rsa.PrivateKey
var public_key *rsa.PublicKey
var plain_text, encrypted, decrypted, label []byte
var err error
plain_text = []byte("Plain text message to be encrypted")
//Generate Private Key
if private_key, err = rsa.GenerateKey(rand.Reader, 1024); err != nil {
log.Fatal(err)
}
fmt.Println(private_key)
// Precompute some calculations -- Calculations that speed up private key operations in the future
private_key.Precompute()
//Validate Private Key -- Sanity checks on the key
if err = private_key.Validate(); err != nil {
log.Fatal(err)
}
//Public key address (of an RSA key)
public_key = &private_key.PublicKey
encrypted = Encrypt_oaep(public_key, plain_text, label)
decrypted = Decrypt_oaep(private_key, encrypted, label)
fmt.Printf("OAEP Encrypted [%s] to \n[%x]\n", string(plain_text), encrypted)
fmt.Printf("OAEP Decrypted [%x] to \n[%s]\n", encrypted, decrypted)
// To use existing private key (Skipping the GenerateKey, Precompute, Validation steps shown above)
// This reads pem file and retrieves the public, private key needed to encrypt data
//use_exsiting_keys()
}
BeforeEach(func() {
bits = 2048
privateKey, publicKey = GenerateKeys(bits)
})
Describe("GenerateKeys function", func() {
It("private key", func() {
var privKey *rsa.PrivateKey
block, _ = pem.Decode([]byte(privateKey))
privKey, err = x509.ParsePKCS1PrivateKey(block.Bytes)
Expect(err).To(BeNil())
err = privKey.Validate()
Expect(err).To(BeNil())
// public key
pub := privKey.PublicKey
pubDer, _ := x509.MarshalPKIXPublicKey(&pub)
pubBlk := pem.Block{
Type: "PUBLIC KEY",
Headers: nil,
Bytes: pubDer,
}
// Resultant public key in PEM format.
pubPem := string(pem.EncodeToMemory(&pubBlk))
Expect(pubPem).To(Equal(publicKey))
