Пример #1
0
//EncryptRSA encrypt given data with RSA algorithm
func EncryptRSA(data []byte) []byte {
	if data == nil {
		return nil
	}
	publicKey := []byte(PublicKey)
	if !ginutil.IsProduction() {
		publicKey = []byte(TestPublicKey)
	}
	block, _ := pem.Decode(publicKey)
	if block == nil {
		return nil
	}
	pubInterface, err := x509.ParsePKIXPublicKey(block.Bytes)
	if err != nil {
		return nil
	}
	pub := pubInterface.(*rsa.PublicKey)
	encrypted := make([]byte, 0, len(data))
	for i := 0; i < len(data); i += 117 {
		if i+117 < len(data) {
			partial, err1 := rsa.EncryptPKCS1v15(rand.Reader, pub, data[i:i+117])
			if err1 != nil {
				return nil
			}
			encrypted = append(encrypted, partial...)
		} else {
			partial, err1 := rsa.EncryptPKCS1v15(rand.Reader, pub, data[i:])
			if err1 != nil {
				return nil
			}
			encrypted = append(encrypted, partial...)
		}
	}
	return encrypted
}
Пример #2
0
// Generates a symmetric key and encrypts the verification token
func (client *Client) genKey() (err error) {
	if client.DebugWriter != nil {
		fmt.Fprintf(client.DebugWriter, "Decoding public key\n")
	}

	var pki publicKeyInfo
	_, err = asn1.Unmarshal(client.serverKeyMessage, &pki)
	if err != nil {
		return err
	}

	client.serverKey = new(rsa.PublicKey)
	_, err = asn1.Unmarshal(pki.SubjectPublicKey.Bytes, client.serverKey)
	if err != nil {
		return err
	}

	if client.DebugWriter != nil {
		fmt.Fprintf(client.DebugWriter, "Generating encryption key\n")
	}

	/*
		client.sharedSecret = make([]byte, 16)

		_, err = rand.Reader.Read(client.sharedSecret)
		if err != nil {
			return err
		}
	*/

	client.sharedSecret = []byte("1234567812345678")

	if client.DebugWriter != nil {
		fmt.Fprintf(client.DebugWriter, "Encrypting verification token\n")
	}

	client.encryptedVerifyToken, err = rsa.EncryptPKCS1v15(rand.Reader, client.serverKey, client.serverVerifyToken)
	if err != nil {
		return err
	}

	if client.DebugWriter != nil {
		fmt.Fprintf(client.DebugWriter, "Encrypting shared secret\n")
	}

	client.encryptedSharedSecret, err = rsa.EncryptPKCS1v15(rand.Reader, client.serverKey, client.sharedSecret)
	if err != nil {
		return err
	}

	return nil
}
Пример #3
0
func GenerateCredentials(username, password, rawPem []byte) (cred string, err error) {
	ms := time.Now().UnixNano() / 1e6
	unixStr := strconv.FormatInt(ms, 10)

	userBase64 := base64.StdEncoding.EncodeToString(username)
	passBase64 := base64.StdEncoding.EncodeToString(password)
	timeBase64 := base64.StdEncoding.EncodeToString([]byte(unixStr))

	formated := fmt.Sprintf("%s:%s:%s", userBase64, passBase64, timeBase64)

	block, _ := pem.Decode(rawPem)
	if block == nil {
		err = errors.New("Could not Decode PEM")
		return
	}

	pubKeyVal, err := x509.ParsePKIXPublicKey(block.Bytes)
	if err != nil {
		return
	}

	rsaPubKey, ok := pubKeyVal.(*rsa.PublicKey)
	if !ok {
		err = errors.New("Could not make DER to an RSA PublicKey")
		return
	}

	encr, err := rsa.EncryptPKCS1v15(rand.Reader, rsaPubKey, []byte(formated))
	if err != nil {
		return
	}

	cred = base64.StdEncoding.EncodeToString(encr)
	return
}
Пример #4
0
func HybridEncrypt(publicKeyFile []byte, plaintextBytes []byte) (string, error) {
	secretKey := GenerateSecretKey()
	encryptedString, err := AesEncrypt(secretKey, plaintextBytes)
	if err != nil {
		log.Fatal("failed to GcmEncrypt: " + err.Error())
	}

	publicKeyUntyped, err := x509.ParsePKIXPublicKey(publicKeyFile)
	if err != nil {
		log.Fatal("failed to parse certificate: " + err.Error())
	}
	publicKey := publicKeyUntyped.(*rsa.PublicKey)

	encryptedPublicKeyBytes, err := rsa.EncryptPKCS1v15(rand.Reader, publicKey, secretKey)
	if err != nil {
		log.Fatal("failed to wrap" + err.Error())
	}

	var buffer bytes.Buffer
	buffer.WriteString(base64.StdEncoding.EncodeToString(encryptedPublicKeyBytes))
	buffer.WriteString(hybridDelimiter)
	buffer.WriteString(encryptedString)

	return buffer.String(), nil
}
Пример #5
0
// NewDecryptTest generates an RSA decryption test.
func NewDecryptTest(decrypter crypto.Decrypter) testapi.TestFunc {
	ptxt := []byte("Test Plaintext")
	r := rand.Reader

	return func() (err error) {
		var c, m []byte
		if c, err = rsa.EncryptPKCS1v15(r, decrypter.Public().(*rsa.PublicKey), ptxt); err != nil {
			return
		}

		if m, err = decrypter.Decrypt(r, c, &rsa.PKCS1v15DecryptOptions{}); err != nil {
			return
		}
		if bytes.Compare(ptxt, m) != 0 {
			return errors.New("rsa decrypt failed")
		}

		if m, err = decrypter.Decrypt(r, c, &rsa.PKCS1v15DecryptOptions{SessionKeyLen: len(ptxt)}); err != nil {
			return
		}
		if bytes.Compare(ptxt, m) != 0 {
			return errors.New("rsa decrypt failed")
		}

		if m, err = decrypter.Decrypt(r, c, &rsa.PKCS1v15DecryptOptions{SessionKeyLen: len(ptxt) + 1}); err != nil {
			return
		}
		if bytes.Compare(ptxt, m) == 0 {
			return errors.New("rsa decrypt suceeded despite incorrect SessionKeyLen")
		}
		return nil
	}
}
Пример #6
0
//********公钥加密 注意:os.Open 相对路径会报错,且这一块应打包在客户端
func RsaEncrypt(origData []byte, publicKey []byte) ([]byte, error) {
	/*file1, err := os.Open("D:/myproject/src/beeim/cfg/public.pem")
	if err != nil {
		panic(err)
	}
	defer file1.Close()
	publicKey, err := io util.ReadAll(file1)
	if err != nil {
		panic(err)
	}*/
	/*publicKey := []byte(`-----BEGIN PUBLIC KEY-----
	MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCbmNv4mBsuPb4xzuUwT2TxEbjG
	va76zLrF//NRiUKV/T8mKtfv/R+Q+7FGwYkZbDNl5bO0UF0MR69u8ZE1cBAzn74z
	JGqQVs9QrRgp3VTYM/9s8nOvogcz6+l1amEY+djV3iztHOxyptl1Eq8d3r82kcwf
	ybxRlNMfwNhT7VpvqQIDAQAB
	-----END PUBLIC KEY-----`)*/

	block, _ := pem.Decode(publicKey)
	if block == nil {
		return nil, errors.New("public key error")
	}
	pubInterface, err := x509.ParsePKIXPublicKey(block.Bytes)
	if err != nil {
		return nil, err
	}
	pub := pubInterface.(*rsa.PublicKey)
	return rsa.EncryptPKCS1v15(rand.Reader, pub, origData)
}
Пример #7
0
func EncryptPKCS1v15(msg []byte) string {
	certPEMBlock, err := ioutil.ReadFile("./key.pem")
	if err != nil {
		log.Fatal("PEM error %v", err)
	}

	var keyDERBlock *pem.Block
	keyDERBlock, certPEMBlock = pem.Decode(certPEMBlock)

	var publickey *rsa.PublicKey
	if key, err := x509.ParsePKIXPublicKey(keyDERBlock.Bytes); err == nil {
		publickey = key.(*rsa.PublicKey)
		log.Printf("got a key")
	}

	encryptedmsg, err := rsa.EncryptPKCS1v15(rand.Reader, publickey, msg)

	if err != nil {
		fmt.Println(err)
		os.Exit(1)
	}

	fmt.Printf("OAEP encrypted [%s] to \n[%x]\n", string(msg), encryptedmsg)
	fmt.Println()

	return base64.URLEncoding.EncodeToString(encryptedmsg)
}
Пример #8
0
func TestGeneratePem_GeneratePemThenCheckIfValidPrivateKey(t *testing.T) {
	privateKey := PrivateKey()
	privatePem := GeneratePrivatePem(privateKey)
	pemBlock, _ := pem.Decode(privatePem)
	if pemBlock == nil {
		t.Fatal("The pem key didn't transfer back into a block")
	}
	validKey, err := x509.ParsePKCS1PrivateKey(pemBlock.Bytes)
	if err != nil {
		t.Fatal("The parser failed to create a key")
	}
	output := validKey.Validate()
	if output != nil {
		t.Fatal("The key that was created is not valid")
	}

	snippet := "Hello, world!"
	publicKey := privateKey.PublicKey
	publicEncrypt, _ := rsa.EncryptPKCS1v15(rand.Reader, &publicKey, []byte(snippet))

	privateDecrypt, err := rsa.DecryptPKCS1v15(rand.Reader, validKey, publicEncrypt)
	if err != nil {
		t.Fatal("Something went wrong in the decryption of publicEncrypt: ", err)
	}

	if string(privateDecrypt) != snippet {
		t.Fatal("Something didn't work in: ", privateDecrypt)
	}
}
Пример #9
0
// Used for tests. Everytime its load key from file.
func RSAEncrypt(data []byte) ([]byte, error) {
	pathToKey, cfgErr := cfg.GetStr(cfg.STR_KEYS_PATH)
	if cfgErr != nil {
		return nil, cfgErr
	}

	pemData, err := ioutil.ReadFile(pathToKey + "public_key.pem")
	if err != nil {
		return nil, err
	}
	// Extract the PEM-encoded data block
	block, _ := pem.Decode(pemData)
	if block == nil {
		return nil, errors.New("Empty block.")
	}

	// Decode the RSA public key
	key, err := x509.ParsePKIXPublicKey(block.Bytes)
	if err != nil {
		return nil, err
	}
	pkey := key.(*rsa.PublicKey)
	// Encrypt the data
	out, err := rsa.EncryptPKCS1v15(rand.Reader, pkey, data)
	if err != nil {
		return nil, err
	}

	return out, nil
}
Пример #10
0
func (c *Controller) EncryptChatMessage() (string, error) {

	var err error

	c.r.ParseForm()

	receiver := c.r.FormValue("receiver")
	message := c.r.FormValue("message")
	if len(message) > 5120 {
		return "", errors.New("incorrect message")
	}

	publicKey, err := c.Single("SELECT public_key_0 FROM users WHERE user_id  =  ?", receiver).Bytes()
	if err != nil {
		return "", utils.ErrInfo(err)
	}

	if len(publicKey) > 0 {
		pub, err := utils.BinToRsaPubKey(publicKey)
		if err != nil {
			return "", utils.ErrInfo(err)
		}
		enc_, err := rsa.EncryptPKCS1v15(rand.Reader, pub, []byte(message))
		if err != nil {
			return "", utils.ErrInfo(err)
		}
		return utils.JsonAnswer(string(utils.BinToHex(enc_)), "success").String(), nil
	} else {
		return utils.JsonAnswer("Incorrect user_id", "error").String(), nil
	}

}
Пример #11
0
// RSAEncrypt RSA加密,将消息使用公钥加密后传给对方,由对方使用私钥解密
func RSAEncrypt(publicKey, message []byte) ([]byte, error) {
	block, _ := pem.Decode(publicKey)
	if block == nil {
		return nil, errors.New("public key error")
	}
	pubIntf, err := x509.ParsePKIXPublicKey(block.Bytes)
	if err != nil {
		return nil, err
	}
	pub := pubIntf.(*rsa.PublicKey)
	maxLen := (pub.N.BitLen()+7)/8 - 11 // 每次加密明文的最大长度

	var data []byte
	// 计算密文的最大长度(加密后密文要比明文长,maxLen+11就是加密后密文的最大长度)
	if m := len(message); m%maxLen == 0 {
		data = make([]byte, 0, m/maxLen*(maxLen+11))
	} else {
		data = make([]byte, 0, (m/maxLen+1)*(maxLen+11))
	}
	for {
		if l := len(message); l == 0 {
			break
		} else if l < maxLen {
			maxLen = l
		}
		d, err := rsa.EncryptPKCS1v15(rand.Reader, pub, message[0:maxLen])
		if err != nil {
			return nil, err
		}
		message = message[maxLen:]
		data = append(data, d...)
	}
	return data, nil
}
Пример #12
0
func (ka *rsaKeyAgreement) generateClientKeyExchange(config *Config, clientHello *clientHelloMsg, cert *x509.Certificate) ([]byte, *clientKeyExchangeMsg, error) {
	preMasterSecret := make([]byte, 48)
	vers := clientHello.vers
	if config.Bugs.RsaClientKeyExchangeVersion != 0 {
		vers = config.Bugs.RsaClientKeyExchangeVersion
	}
	vers = versionToWire(vers, clientHello.isDTLS)
	preMasterSecret[0] = byte(vers >> 8)
	preMasterSecret[1] = byte(vers)
	_, err := io.ReadFull(config.rand(), preMasterSecret[2:])
	if err != nil {
		return nil, nil, err
	}

	encrypted, err := rsa.EncryptPKCS1v15(config.rand(), cert.PublicKey.(*rsa.PublicKey), preMasterSecret)
	if err != nil {
		return nil, nil, err
	}
	ckx := new(clientKeyExchangeMsg)
	if clientHello.vers != VersionSSL30 && !config.Bugs.SSL3RSAKeyExchange {
		ckx.ciphertext = make([]byte, len(encrypted)+2)
		ckx.ciphertext[0] = byte(len(encrypted) >> 8)
		ckx.ciphertext[1] = byte(len(encrypted))
		copy(ckx.ciphertext[2:], encrypted)
	} else {
		ckx.ciphertext = encrypted
	}
	return preMasterSecret, ckx, nil
}
Пример #13
0
func main() {
	var primes []uint64 = prime.PrimeSieveBatch{BatchSize: 100}.GetPrimes(10000)
	var p, q uint64 = /*uint64(104723), uint64(104729) */ primes[len(primes)-2], primes[len(primes)-1]
	fmt.Println(p, q)
	var mod int64 = int64(p * q)
	fmt.Println(mod)
	var puk, prk = /*int(65537), uint64(10195862609) */ KeyGenerator1{}.KeyGen(p, q)
	fmt.Println(puk, prk)

	b := []byte("Hi")
	var pub rsa.PublicKey = rsa.PublicKey{N: big.NewInt(mod), E: puk}
	var priv rsa.PrivateKey = rsa.PrivateKey{PublicKey: pub}
	priv.D = big.NewInt(int64(prk))
	priv.Primes = []*big.Int{big.NewInt(int64(p)), big.NewInt(int64(q))}

	fmt.Println(len(b))
	fmt.Printf("% x\n", b)

	//h := md5.New()
	enc, erre := rsa.EncryptPKCS1v15(rand.Reader, &pub, b)
	//h.Reset()
	dec, errd := rsa.DecryptPKCS1v15(rand.Reader, &priv, b)

	//fmt.Println(64 - 11)
	fmt.Printf("%s\n", erre)
	fmt.Printf("%s\n", errd)
	fmt.Printf("% x\n", enc)
	fmt.Printf("% x\n", dec)
}
Пример #14
0
// RSAEncrypt encrypts a content by a public key
func RSAEncrypt(keyBytes []byte, contentBytes []byte) ([]byte, error) {
	pubKey, err := getPubKey(keyBytes)
	if err != nil {
		return nil, err
	}

	return rsa.EncryptPKCS1v15(rand.Reader, pubKey, contentBytes)
}
Пример #15
0
//See: 7.4.7.1.  RSA-Encrypted Premaster Secret Message
func encryptPreMasterSecret(preMasterSecret []byte, pub *rsa.PublicKey) (*encryptedPreMasterSecretBody, error) {
	out, err := rsa.EncryptPKCS1v15(rand.Reader, pub, preMasterSecret)
	if err != nil {
		return nil, err
	}

	return &encryptedPreMasterSecretBody{out}, nil
}
Пример #16
0
func (sem *serverEncryptionManager) makeEncryptionResponse() (packet *LS1EncryptionResponsePacket, err error) {
	encryptedSharedSecret, err := rsa.EncryptPKCS1v15(crand.Reader, &sem.remotePublicKey, sem.sharedSecret)
	if err != nil {
		return nil, err
	}

	encryptedVerifyToken, err := rsa.EncryptPKCS1v15(crand.Reader, &sem.remotePublicKey, sem.verifyToken)
	if err != nil {
		return nil, err
	}

	packet = &LS1EncryptionResponsePacket{
		EncryptedSharedSecret: encryptedSharedSecret,
		EncryptedVerifyToken:  encryptedVerifyToken,
	}

	return packet, nil
}
Пример #17
0
// KeyEncrypt encrypts the content encryption key using RSA PKCS1v15
func (e RSAPKCSKeyEncrypt) KeyEncrypt(cek []byte) (ByteSource, error) {
	if e.alg != jwa.RSA1_5 {
		return nil, ErrUnsupportedAlgorithm
	}
	encrypted, err := rsa.EncryptPKCS1v15(rand.Reader, e.pubkey, cek)
	if err != nil {
		return nil, err
	}
	return ByteKey(encrypted), nil
}
Пример #18
0
func (e *encrypter) encrypt(pass string) (b string, err error) {
	if e.rand == nil {
		e.rand = rand.Reader
	}
	var data []byte
	if data, err = rsa.EncryptPKCS1v15(e.rand, &e.pk, []byte(pass)); err != nil {
		return
	}
	return "rsa:" + base64.StdEncoding.EncodeToString(data), nil
}
Пример #19
0
// Serializes the vote.
func (vote Vote) Serialize(publicKey *rsa.PublicKey) (*[]byte, error) {
	s := strings.Join([]string{"VOTE", vote.ServiceName, vote.Username, vote.Address, vote.Timestamp, ""}, "\n")
	msg := []byte(s)

	// Encrypt the vote using the supplied public key.
	encrypted, err := rsa.EncryptPKCS1v15(rand.Reader, publicKey, msg)
	if err != nil {
		return nil, err
	}

	return &encrypted, nil
}
Пример #20
0
func (u *User) Encrypt(key *rsa.PrivateKey) error {
	if u.Encrypted {
		return nil
	}
	encrypted, err := rsa.EncryptPKCS1v15(rand.Reader, &key.PublicKey, []byte(u.Password))
	if err != nil {
		return err
	}
	u.Password = string(encrypted)
	u.Encrypted = true
	return nil
}
Пример #21
0
func GenKey() (orig []byte, cipher string) {
	orig = make([]byte, KeyLength)
	_, err := rand.Read(orig)
	checkErr(err)

	InitPubkey()
	r, err := rsa.EncryptPKCS1v15(rand.Reader, publicKey, orig)
	checkErr(err)

	cipher = base64.StdEncoding.EncodeToString(r)
	return
}
Пример #22
0
func (this *RsaCipher) DoEncrypt(src []byte) ([]byte, error) {
	block, _ := pem.Decode(this.PubKey)
	if block == nil {
		return nil, errors.New("public key error")
	}
	pubInterface, err := x509.ParsePKIXPublicKey(block.Bytes)
	if err != nil {
		return nil, err
	}
	pub := pubInterface.(*rsa.PublicKey)
	return rsa.EncryptPKCS1v15(rand.Reader, pub, src)
}
Пример #23
0
// 加密
func RsaEncrypt(origData []byte) ([]byte, error) {
	block, _ := pem.Decode(publicKey)
	if block == nil {
		return nil, errors.New("public key error")
	}
	pubInterface, err := x509.ParsePKIXPublicKey(block.Bytes)
	if err != nil {
		return nil, err
	}
	pub := pubInterface.(*rsa.PublicKey)
	return rsa.EncryptPKCS1v15(rand.Reader, pub, origData)
}
Пример #24
0
// rsa and then base64, operate on []byte
func RsaBase64(msg_to_enc []byte) (msg_encrypted string, err error) {
	private_key := get_private_key()
	publick_key := private_key.PublicKey

	msg_rsaed, err := rsa.EncryptPKCS1v15(rand.Reader, &publick_key, msg_to_enc)
	if err != nil {
		return
	}
	msg_rsaed_base64ed := base64.StdEncoding.EncodeToString(msg_rsaed)
	msg_encrypted = msg_rsaed_base64ed
	return
}
Пример #25
0
func (alg *RsaPkcs1v15) WrapNewKey(cekSizeBits int, key interface{}, header map[string]interface{}) (cek []byte, encryptedCek []byte, err error) {
	if pubKey, ok := key.(*rsa.PublicKey); ok {
		if cek, err = arrays.Random(cekSizeBits >> 3); err == nil {
			encryptedCek, err = rsa.EncryptPKCS1v15(rand.Reader, pubKey, cek)
			return
		}

		return nil, nil, err
	}

	return nil, nil, errors.New("RsaPkcs1v15.WrapNewKey(): expected key to be '*rsa.PublicKey'")
}
Пример #26
0
// Encrypt the given payload. Based on the key encryption algorithm,
// this will either use RSA-PKCS1v1.5 or RSA-OAEP (with SHA-1 or SHA-256).
func (ctx rsaEncrypterVerifier) encrypt(cek []byte, alg KeyAlgorithm) ([]byte, error) {
	switch alg {
	case RSA1_5:
		return rsa.EncryptPKCS1v15(randReader, ctx.publicKey, cek)
	case RSA_OAEP:
		return rsa.EncryptOAEP(sha1.New(), randReader, ctx.publicKey, cek, []byte{})
	case RSA_OAEP_256:
		return rsa.EncryptOAEP(sha256.New(), randReader, ctx.publicKey, cek, []byte{})
	}

	return nil, ErrUnsupportedAlgorithm
}
Пример #27
0
func writePubKeyMsg(rawConn net.Conn,
	peerKey *rsa.PublicKey,
	msg []byte) (err error) {
	encryptedMsg, err := rsa.EncryptPKCS1v15(rand.Reader, peerKey, msg)
	if err != nil {
		return
	}

	prefixedMsg := lenPrefix(encryptedMsg)

	_, err = rawConn.Write(prefixedMsg)
	return
}
Пример #28
0
func (pld *PreLoginData) GetPwd(password string) string {
	var n big.Int
	n.SetString(pld.Pubkey, 16)
	pk := rsa.PublicKey{&n, 65537}
	msg := fmt.Sprintf("%d\t%s\n%s", pld.Servertime, pld.Nonce, password)
	fmt.Println("msg:", msg)
	code, err := rsa.EncryptPKCS1v15(rand.Reader, &pk, []byte(msg))
	if err != nil {
		panic(err)
	}
	hexCode := hex.EncodeToString(code)
	fmt.Println("code: ", hexCode)
	return hexCode
}
Пример #29
0
// RSA encrypt
func RsaEncrypt(publicKey []byte, origData []byte) ([]byte, error) {
	block, _ := pem.Decode(publicKey)
	if block == nil {
		return nil, errors.New("public key error")
	}
	pubInterface, err := x509.ParsePKIXPublicKey(block.Bytes)
	if err != nil {
		return nil, err
	}

	pub := pubInterface.(*rsa.PublicKey)
	k := (pub.N.BitLen() + 7) / 8
	if len(origData) > k-11 {
		o1, e1 := rsa.EncryptPKCS1v15(rand.Reader, pub, origData[:k-19])
		o2, e2 := rsa.EncryptPKCS1v15(rand.Reader, pub, origData[k-19:])
		if e1 != nil || e2 != nil {
			return nil, errors.New("RSA encrypt error")
		}
		return append(o1, o2...), nil
	} else {
		return rsa.EncryptPKCS1v15(rand.Reader, pub, origData)
	}
}
Пример #30
0
func encryptSessionKey(skey string) {
	verbose("Encrypting session key...", 2)

	for recipient, pubkeys := range PUBKEYS {
		for _, key := range pubkeys {
			random := rand.Reader
			ciphertext, err := rsa.EncryptPKCS1v15(random, &key.Key, []byte(skey))
			if err != nil {
				fail(fmt.Sprintf("Unable to encrypt session key for %v-%v: %v\n",
					recipient, key.Fingerprint, err))
			}

			uuencode(fmt.Sprintf("%v-%v", recipient, key.Fingerprint), ciphertext)
		}
	}
}