Пример #1
0
func TestRoundTripPkcs8Ecdsa(t *testing.T) {
	privateKey, err := ecdsa.GenerateKey(elliptic.P224(), rand.Reader)
	if err != nil {
		t.Fatalf("failed to generate a private key: %s", err)
	}

	bytes, err := marshalPKCS8PrivateKey(privateKey)
	if err != nil {
		t.Fatalf("failed to marshal private key: %s", err)
	}

	key, err := x509.ParsePKCS8PrivateKey(bytes)
	if err != nil {
		t.Fatalf("failed to parse private key: %s", err)
	}

	actualPrivateKey, ok := key.(*ecdsa.PrivateKey)
	if !ok {
		t.Fatalf("expected key to be of type *ecdsa.PrivateKey, but actual was %T", key)
	}

	// sanity check, not exhaustive
	if actualPrivateKey.D.Cmp(privateKey.D) != 0 {
		t.Errorf("private key's D did not round trip")
	}
	if actualPrivateKey.X.Cmp(privateKey.X) != 0 {
		t.Errorf("private key's X did not round trip")
	}
	if actualPrivateKey.Y.Cmp(privateKey.Y) != 0 {
		t.Errorf("private key's Y did not round trip")
	}
	if actualPrivateKey.Curve.Params().B.Cmp(privateKey.Curve.Params().B) != 0 {
		t.Errorf("private key's Curve.B did not round trip")
	}
}
Пример #2
0
func open(keyfile string) (*rsa.PrivateKey, error) {

	bytes, err := ioutil.ReadFile(keyfile)
	if err != nil {
		return nil, err
	}

	block, _ := pem.Decode(bytes)
	if block == nil {
		return nil, fmt.Errorf("%s: no valid PEM data found", keyfile)
	} else if block.Type != "PRIVATE KEY" {
		return nil, fmt.Errorf("%s: expected PRIVATE KEY, got %s", keyfile, block.Type)
	}
	key, err := x509.ParsePKCS8PrivateKey(block.Bytes)
	if err != nil {
		return nil, err
	}

	rsaKey, ok := key.(*rsa.PrivateKey)

	if !ok {
		return nil, fmt.Errorf("")

	} else {
		return rsaKey, nil
	}
}
Пример #3
0
func parseRsaPrivateKey(path string) (*rsa.PrivateKey, error) {
	privateKeyData, err := ioutil.ReadFile(path)
	if err != nil {
		log.Fatalln("failed", err)
	}

	block, _ := pem.Decode(privateKeyData)
	if block == nil {
		panic("failed to decode a pem block from private key pem")
	}

	privatePkcs1Key, errPkcs1 := x509.ParsePKCS1PrivateKey(block.Bytes)
	if errPkcs1 == nil {
		return privatePkcs1Key, nil
	}

	privatePkcs8Key, errPkcs8 := x509.ParsePKCS8PrivateKey(block.Bytes)
	if errPkcs8 == nil {
		privatePkcs8RsaKey, ok := privatePkcs8Key.(*rsa.PrivateKey)
		if !ok {
			return nil, fmt.Errorf("Pkcs8 contained non-RSA key. Expected RSA key.")
		}
		return privatePkcs8RsaKey, nil
	}

	return nil, fmt.Errorf("Failed to parse private key as Pkcs#1 or Pkcs#8. (%s). (%s).", errPkcs1, errPkcs8)
}
Пример #4
0
func parseKey(path string) (crypto.PublicKey, error) {

	buf, err := ioutil.ReadFile(path)
	if err != nil {
		return nil, errors.New("failed to open key file \"" + path + "\"")
	}

	block, _ := pem.Decode(buf)
	if block.Type != "PRIVATE KEY" && strings.HasSuffix(block.Type, " PRIVATE KEY") == false {
		return nil, errors.New("private key PEM does not appear to contain a private key blob")
	}

	der := block.Bytes
	if key, err := x509.ParsePKCS1PrivateKey(der); err == nil {
		return key, nil
	}
	if key, err := x509.ParsePKCS8PrivateKey(der); err == nil {
		switch key := key.(type) {
		case *rsa.PrivateKey, *ecdsa.PrivateKey:
			return key, nil
		default:
			return nil, errors.New("crypto/tls: found unknown private key type in PKCS#8 wrapping")
		}
	}
	if key, err := x509.ParseECPrivateKey(der); err == nil {
		return key, nil
	}

	return nil, errors.New("failed to parse private key")
}
Пример #5
0
// ParsePrivateKeyPEM parses and returns a PEM-encoded private
// key. The private key may be either an unencrypted PKCS#8, PKCS#1,
// or elliptic private key.
func ParsePrivateKeyPEM(keyPEM []byte) (key interface{}, err error) {
	keyDER, _ := pem.Decode(keyPEM)
	if keyDER == nil {
		return nil, cferr.New(cferr.PrivateKeyError, cferr.DecodeFailed, nil)
	}
	if procType, ok := keyDER.Headers["Proc-Type"]; ok {
		if strings.Contains(procType, "ENCRYPTED") {
			return nil, cferr.New(cferr.PrivateKeyError, cferr.Encrypted, nil)
		}
	}
	key, err = x509.ParsePKCS8PrivateKey(keyDER.Bytes)
	if err != nil {
		key, err = x509.ParsePKCS1PrivateKey(keyDER.Bytes)
		if err != nil {
			key, err = x509.ParseECPrivateKey(keyDER.Bytes)
			if err != nil {
				// We don't include the actual error into the final error.
				// The reason might be we don't want to leak any info about
				// the private key.
				return nil, cferr.New(cferr.PrivateKeyError, cferr.ParseFailed, nil)
			}
		}
	}
	return
}
Пример #6
0
//DecryptRSA decrypt given []byte with RSA algorithm
func DecryptRSA(data []byte) []byte {
	if data == nil {
		return nil
	}
	privateKey := []byte(PrivateKey)
	if !ginutil.IsProduction() {
		privateKey = []byte(TestPrivateKey)
	}
	block, _ := pem.Decode(privateKey)
	if block == nil {
		return nil
	}
	privInterface, err := x509.ParsePKCS8PrivateKey(block.Bytes)
	if err != nil {
		return nil
	}
	priv := privInterface.(*rsa.PrivateKey)
	decrypted := make([]byte, 0, len(data))
	for i := 0; i < len(data); i += 128 {
		if i+128 < len(data) {
			partial, err1 := rsa.DecryptPKCS1v15(rand.Reader, priv, data[i:i+128])
			if err1 != nil {
				return nil
			}
			decrypted = append(decrypted, partial...)
		} else {
			partial, err1 := rsa.DecryptPKCS1v15(rand.Reader, priv, data[i:])
			if err1 != nil {
				return nil
			}
			decrypted = append(decrypted, partial...)
		}
	}
	return decrypted
}
Пример #7
0
// LoadPrivateKey loads a private key from PEM/DER-encoded data.
func LoadPrivateKey(data []byte) (interface{}, error) {
	input := data

	block, _ := pem.Decode(data)
	if block != nil {
		input = block.Bytes
	}

	var priv interface{}
	priv, err0 := x509.ParsePKCS1PrivateKey(input)
	if err0 == nil {
		return priv, nil
	}

	priv, err1 := x509.ParsePKCS8PrivateKey(input)
	if err1 == nil {
		return priv, nil
	}

	priv, err2 := x509.ParseECPrivateKey(input)
	if err2 == nil {
		return priv, nil
	}

	return nil, fmt.Errorf("square/go-jose: parse error, got '%s', '%s' and '%s'", err0, err1, err2)
}
Пример #8
0
func loadKey(reader io.Reader) (interface{}, error) {
	data, err := ioutil.ReadAll(reader)

	if err != nil {
		return nil, err
	}

	for len(data) > 0 {
		var block *pem.Block
		block, data = pem.Decode(data)

		if block == nil {
			break
		}

		switch block.Type {
		case "RSA PRIVATE KEY":
			return x509.ParsePKCS1PrivateKey(block.Bytes)

		case "PRIVATE KEY":
			return x509.ParsePKCS8PrivateKey(block.Bytes)

		case "RSA PUBLIC KEY":
			fallthrough
		case "PUBLIC KEY":
			return x509.ParsePKIXPublicKey(block.Bytes)
		}
	}

	return nil, errors.New("no key found")
}
Пример #9
0
// ParsePrivateKeyDER parses a PKCS #1, PKCS #8, or elliptic curve
// DER-encoded private key. The key must not be in PEM format.
func ParsePrivateKeyDER(keyDER []byte) (key crypto.Signer, err error) {
	generalKey, err := x509.ParsePKCS8PrivateKey(keyDER)
	if err != nil {
		generalKey, err = x509.ParsePKCS1PrivateKey(keyDER)
		if err != nil {
			generalKey, err = x509.ParseECPrivateKey(keyDER)
			if err != nil {
				// We don't include the actual error into
				// the final error. The reason might be
				// we don't want to leak any info about
				// the private key.
				return nil, cferr.New(cferr.PrivateKeyError,
					cferr.ParseFailed)
			}
		}
	}

	switch generalKey.(type) {
	case *rsa.PrivateKey:
		return generalKey.(*rsa.PrivateKey), nil
	case *ecdsa.PrivateKey:
		return generalKey.(*ecdsa.PrivateKey), nil
	}

	// should never reach here
	return nil, cferr.New(cferr.PrivateKeyError, cferr.ParseFailed)
}
Пример #10
0
// 通过Alipay的商户私钥进行签名
func AlipayPrivateKeySign(privateKeyStr string, content []byte) (sign string, err error) {
	der, err := base64.StdEncoding.DecodeString(privateKeyStr)
	if err != nil {
		return
	}

	privatekey, err := x509.ParsePKCS8PrivateKey(der)
	if err != nil {
		return
	}

	hashType := crypto.SHA1
	if !hashType.Available() {
		err = errors.New("unsupport sha1")
		return
	}

	h := hashType.New()
	h.Write(content)
	digest := h.Sum(nil)

	_privatekey := privatekey.(*rsa.PrivateKey)

	signature, err := rsa.SignPKCS1v15(rand.Reader, _privatekey, crypto.SHA1, digest)
	if err != nil {
		return
	}

	sign = base64.StdEncoding.EncodeToString(signature)
	return
}
Пример #11
0
func (k *Keychain) AddPEMKey(privateKeyPath string) error {
	var rsakey interface{}
	var err error

	keyContent, err := ioutil.ReadFile(privateKeyPath)
	if err != nil {
		return err
	}

	block, _ := pem.Decode([]byte(keyContent))
	if block == nil {
		return errors.New("no block in key")
	}

	rsakey, err = x509.ParsePKCS1PrivateKey(block.Bytes)
	if err != nil {
		rsakey, err = x509.ParsePKCS8PrivateKey(block.Bytes)
	}

	if err != nil {
		return err
	}

	k.keys = append(k.keys, rsakey)

	return nil
}
Пример #12
0
/*
  Reads and returns the next DER-encoded private key from r,
  which may optionally be base64 encoded (PEM format)
  and may be preceded by "garbage" (PEM headers).
  This function takes care not to read more bytes than
  necessary which allows the function to be called
  multiple times on a stream of concatenated keys.
*/
func ReadNextKey(in io.Reader) (crypto.Signer, error) {
	data, err := ReadNextSEQUENCE(in)
	if err != nil {
		return nil, err
	}
	key1, err1 := x509.ParseECPrivateKey(data)
	key2, err2 := x509.ParsePKCS1PrivateKey(data)
	key3, err3 := x509.ParsePKCS8PrivateKey(data)
	if err1 == nil {
		return key1, nil
	}
	if err2 == nil {
		return key2, nil
	}
	if err3 != nil {
		return nil, err3
	}
	switch key := key3.(type) {
	case *rsa.PrivateKey:
		return key, nil
	case *ecdsa.PrivateKey:
		return key, nil
	}
	return nil, fmt.Errorf("Unknown key type in PKCS8 container")
}
Пример #13
0
func parseCakey(cakeyfile *string) (*rsa.PrivateKey, error) {
	cakeybytes, err := ioutil.ReadFile(*cakeyfile)
	if err != nil {
		return nil, err
	}
	cakeyblock, _ := pem.Decode(cakeybytes)
	if cakeyblock == nil {
		return nil, fmt.Errorf("Not valid CA key %s", *cakeyfile)
	}
	der := cakeyblock.Bytes

	// Try to parse as PKCS1
	cakey1, err := x509.ParsePKCS1PrivateKey(der)
	if err == nil {
		return cakey1, err
	}

	// Otherwise try PKCS8
	cakey8, err := x509.ParsePKCS8PrivateKey(der)
	if err != nil {
		return nil, err
	}
	switch k := cakey8.(type) {
	case *rsa.PrivateKey:
		return k, nil
	default:
		return nil, fmt.Errorf("CA key %s not an PKCS8 RSA private key", cakeyfile)
	}

}
Пример #14
0
func FuzzPKCS(data []byte) int {
	score := 0
	if k, err := x509.ParsePKCS1PrivateKey(data); err == nil {
		score = 1
		data1 := x509.MarshalPKCS1PrivateKey(k)
		k1, err := x509.ParsePKCS1PrivateKey(data1)
		if err != nil {
			panic(err)
		}
		if !fuzz.DeepEqual(k, k1) {
			panic("keys are not equal")
		}
	}
	if k0, err := x509.ParsePKCS8PrivateKey(data); err == nil {
		score = 1
		if k, ok := k0.(*rsa.PrivateKey); ok {
			data1 := x509.MarshalPKCS1PrivateKey(k)
			k1, err := x509.ParsePKCS1PrivateKey(data1)
			if err != nil {
				panic(err)
			}
			if !fuzz.DeepEqual(k, k1) {
				panic("keys are not equal")
			}
		}
	}
	return score
}
Пример #15
0
//SignWithRSA sign given encrypted data with RSA algorithm
func SignRSA(raw []byte, algorithm crypto.Hash) []byte {
	if raw == nil {
		return nil
	}
	privateKey := []byte(PrivateKey)
	if !ginutil.IsProduction() {
		privateKey = []byte(TestPrivateKey)
	}
	block, _ := pem.Decode(privateKey)
	if block == nil {
		return nil
	}
	privInterface, err := x509.ParsePKCS8PrivateKey(block.Bytes)
	if err != nil {
		return nil
	}
	priv := privInterface.(*rsa.PrivateKey)
	var data []byte
	if algorithm == crypto.SHA1 {
		data = EncryptSHA(raw)
	} else {
		data = EncryptMD5(EncryptSHA(raw))
	}
	signed, err := rsa.SignPKCS1v15(rand.Reader, priv, algorithm, data)
	if err != nil {
		return nil
	}
	return signed
}
Пример #16
0
func NewGCS(name string, info map[string]string) (Backend, error) {
	b := &gcsBackend{
		name:       name,
		bucketName: info["bucket"],
	}
	keyJSON := []byte(info["key"])

	if b.bucketName == "" {
		return nil, fmt.Errorf("blobstore: missing Google Cloud Storage bucket param for %s", name)
	}
	if len(keyJSON) == 0 {
		return nil, fmt.Errorf("blobstore: missing Google Cloud Storage key JSON param for %s", name)
	}

	jwtToken, err := google.JWTConfigFromJSON(keyJSON, "https://www.googleapis.com/auth/devstorage.read_write")
	if err != nil {
		return nil, fmt.Errorf("blobstore: error loading Google Cloud Storage JSON key: %s", err)
	}
	tokenSource := jwtToken.TokenSource(context.Background())

	// Test getting an OAuth token so we can disambiguate an issue with the
	// token and an issue with the bucket permissions below.
	if _, err := tokenSource.Token(); err != nil {
		return nil, fmt.Errorf("blobstore: error getting Google Cloud Storage OAuth token: %s", err)
	}

	pemBlock, _ := pem.Decode(jwtToken.PrivateKey)
	privateKey, err := x509.ParsePKCS8PrivateKey(pemBlock.Bytes)
	if err != nil {
		return nil, fmt.Errorf("blobstore: error decoding Google Cloud Storage private key: %s", err)
	}
	rsaPrivateKey, ok := privateKey.(*rsa.PrivateKey)
	if !ok {
		return nil, fmt.Errorf("blobstore: unexpected Google Cloud Storage key type: %T", privateKey)
	}
	b.signOpts = func() *storage.SignedURLOptions {
		return &storage.SignedURLOptions{
			GoogleAccessID: jwtToken.Email,
			SignBytes: func(b []byte) ([]byte, error) {
				digest := sha256.Sum256(b)
				return rsa.SignPKCS1v15(rand.Reader, rsaPrivateKey, crypto.SHA256, digest[:])
			},
			Method:  "GET",
			Expires: time.Now().Add(10 * time.Minute),
		}
	}

	client, err := storage.NewClient(context.Background(), option.WithTokenSource(tokenSource))
	if err != nil {
		return nil, fmt.Errorf("blobstore: error creating Google Cloud Storage client: %s", err)
	}
	b.bucket = client.Bucket(b.bucketName)

	_, err = b.bucket.Attrs(context.Background())
	if err != nil {
		return nil, fmt.Errorf("blobstore: error checking Google Cloud Storage bucket %q existence, ensure that it exists and Owner access for %s is included the bucket ACL: %q", b.bucketName, jwtToken.Email, err)
	}
	return b, nil
}
Пример #17
0
// X509KeyPair parses a public/private key pair from a pair of
// PEM encoded data.
func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (cert Certificate, err error) {
	var certDERBlock *pem.Block
	for {
		certDERBlock, certPEMBlock = pem.Decode(certPEMBlock)
		if certDERBlock == nil {
			break
		}
		if certDERBlock.Type == "CERTIFICATE" {
			cert.Certificate = append(cert.Certificate, certDERBlock.Bytes)
		}
	}

	if len(cert.Certificate) == 0 {
		err = errors.New("crypto/tls: failed to parse certificate PEM data")
		return
	}

	keyDERBlock, _ := pem.Decode(keyPEMBlock)
	if keyDERBlock == nil {
		err = errors.New("crypto/tls: failed to parse key PEM data")
		return
	}

	// OpenSSL 0.9.8 generates PKCS#1 private keys by default, while
	// OpenSSL 1.0.0 generates PKCS#8 keys. We try both.
	var key *rsa.PrivateKey
	if key, err = x509.ParsePKCS1PrivateKey(keyDERBlock.Bytes); err != nil {
		var privKey interface{}
		if privKey, err = x509.ParsePKCS8PrivateKey(keyDERBlock.Bytes); err != nil {
			err = errors.New("crypto/tls: failed to parse key: " + err.Error())
			return
		}

		var ok bool
		if key, ok = privKey.(*rsa.PrivateKey); !ok {
			err = errors.New("crypto/tls: found non-RSA private key in PKCS#8 wrapping")
			return
		}
	}

	cert.PrivateKey = key

	// We don't need to parse the public key for TLS, but we so do anyway
	// to check that it looks sane and matches the private key.
	x509Cert, err := x509.ParseCertificate(cert.Certificate[0])
	if err != nil {
		return
	}

	if x509Cert.PublicKeyAlgorithm != x509.RSA || x509Cert.PublicKey.(*rsa.PublicKey).N.Cmp(key.PublicKey.N) != 0 {
		err = errors.New("crypto/tls: private key does not match public key")
		return
	}

	return
}
Пример #18
0
// parsePKCSPrivateKey attempts to decode a RSA private key first using PKCS1
// encoding, and then PKCS8 encoding.
func parsePKCSPrivateKey(buf []byte) (interface{}, error) {
	// attempt PKCS1 parsing
	key, err := x509.ParsePKCS1PrivateKey(buf)
	if err != nil {
		// attempt PKCS8 parsing
		return x509.ParsePKCS8PrivateKey(buf)
	}

	return key, nil
}
Пример #19
0
// parsePKCS8PrivateKey parses the provided private key in the PKCS#8 format.
func parsePKCS8PrivateKey(data []byte) (*ecdsa.PrivateKey, error) {
	key, err := x509.ParsePKCS8PrivateKey(data)
	if err != nil {
		return nil, err
	}
	eckey, ok := key.(*ecdsa.PrivateKey)
	if !ok {
		return nil, fmt.Errorf("not an ECDSA private key")
	}
	return eckey, nil
}
Пример #20
0
func ParsePKCS8Key(publicKey, privateKey []byte) (Key, error) {
	puk, err := x509.ParsePKIXPublicKey(publicKey)
	if err != nil {
		return nil, err
	}

	prk, err := x509.ParsePKCS8PrivateKey(privateKey)
	if err != nil {
		return nil, err
	}
	return &key{publicKey: puk.(*rsa.PublicKey), privateKey: prk.(*rsa.PrivateKey)}, nil
}
Пример #21
0
func main() {
	if len(os.Args) != 2 {
		fmt.Fprintf(os.Stderr, "USAGE: %v <keyfile>\n", "analysekey")
		os.Exit(1)
	}

	file, err := os.Open(os.Args[1])
	if err != nil {
		fmt.Fprintf(os.Stderr, "%v\n", err)
		os.Exit(1)
	}

	data, err := asn1.ReadNextSEQUENCE(file)
	if err != nil {
		fmt.Fprintf(os.Stderr, "%v\n", err)
		os.Exit(1)
	}

	fmt.Fprintf(os.Stdout, "%v\n", asn1.AnalyseDER(data))

	key1, err1 := x509.ParseECPrivateKey(data)
	key2, err2 := x509.ParsePKCS1PrivateKey(data)
	key3, err3 := x509.ParsePKCS8PrivateKey(data)

	var pub interface{}
	if err1 == nil && key1 != nil {
		fmt.Fprintf(os.Stdout, "ParseECPrivateKey OK\n")
		pub = key1.Public()
	}
	if err2 == nil && key2 != nil {
		fmt.Fprintf(os.Stdout, "ParsePKCS1PrivateKey OK\n")
		pub = key2.Public()
	}
	if err3 == nil && key3 != nil {
		fmt.Fprintf(os.Stdout, "ParsePKCS8PrivateKey OK => %T\n", key3)
		switch key := key3.(type) {
		case *rsa.PrivateKey:
			pub = key.Public()
		case *ecdsa.PrivateKey:
			pub = key.Public()
		}
	}

	if pub != nil {
		pubkeybytes, err := x509.MarshalPKIXPublicKey(pub)
		if err != nil {
			fmt.Fprintf(os.Stderr, "%v\n", err)
			os.Exit(1)
		}

		fmt.Fprintf(os.Stdout, "\nCORRESPONDING PUBLIC KEY: %v\n", asn1.AnalyseDER(pubkeybytes))
	}
}
Пример #22
0
// LoadPrivateKeyBytes loads an RSA or ECDSA private key from a byte slice.
func LoadPrivateKeyBytes(data []byte) (PrivateKey, error) {
	block, _ := pem.Decode(data) // ignoring remaining data
	switch PemType(block.Type) {
	case PemPkcs8Info:
		return x509.ParsePKCS8PrivateKey(block.Bytes)
	case PemRsaPrivate:
		return x509.ParsePKCS1PrivateKey(block.Bytes)
	case PemEcPrivate:
		return x509.ParseECPrivateKey(block.Bytes)
	default:
		return nil, &PemTypeError{"* PRIVATE KEY", PemType(block.Type)}
	}
}
Пример #23
0
// X509KeyPair parses a public/private key pair from a pair of PEM encoded
// data.  It is slightly modified version of tls.X509Proxy where Leaf
// assignment is made to make proxy certificate works.
func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (cert tls.Certificate, err error) {
	var certDERBlock *pem.Block
	for {
		certDERBlock, certPEMBlock = pem.Decode(certPEMBlock)
		if certDERBlock == nil {
			break
		}
		// parse certificates
		certs, err2 := x509.ParseCertificates(certDERBlock.Bytes)
		if err2 == nil {
			// assign the Leaf
			cert.Leaf = certs[0]
		}
		if certDERBlock.Type == "CERTIFICATE" {
			cert.Certificate = append(cert.Certificate, certDERBlock.Bytes)
		}
	}

	if len(cert.Certificate) == 0 {
		err = errors.New("crypto/tls: failed to parse certificate PEM data")
		return
	}

	keyDERBlock, _ := pem.Decode(keyPEMBlock)
	if keyDERBlock == nil {
		err = errors.New("crypto/tls: failed to parse key PEM data")
		return
	}

	// OpenSSL 0.9.8 generates PKCS#1 private keys by default, while
	// OpenSSL 1.0.0 generates PKCS#8 keys. We try both.
	var key *rsa.PrivateKey
	if key, err = x509.ParsePKCS1PrivateKey(keyDERBlock.Bytes); err != nil {
		var privKey interface{}
		if privKey, err = x509.ParsePKCS8PrivateKey(keyDERBlock.Bytes); err != nil {
			err = errors.New("crypto/tls: failed to parse key: " + err.Error())
			return
		}

		var ok bool
		if key, ok = privKey.(*rsa.PrivateKey); !ok {
			err = errors.New("crypto/tls: found non-RSA private key in PKCS#8 wrapping")
			return
		}
	}

	cert.PrivateKey = key

	return
}
Пример #24
0
func mustUnmarshalRSA(data string) *rsa.PrivateKey {
	block, _ := pem.Decode([]byte(data))
	if block == nil {
		panic("failed to decode PEM data")
	}
	key, err := x509.ParsePKCS8PrivateKey(block.Bytes)
	if err != nil {
		panic("failed to parse RSA key: " + err.Error())
	}
	if key, ok := key.(*rsa.PrivateKey); ok {
		return key
	}
	panic("key is not of type *rsa.PrivateKey")
}
Пример #25
0
func genPrivKeyFromPKSC8(pkcs8Key string) (privkey *rsa.PrivateKey) {
	// 解base64
	encodedKey, err := base64.StdEncoding.DecodeString(pkcs8Key)
	if err != nil {
		log.Fatal(err)
	}
	// 使用pkcs8格式
	pkcs8, err := x509.ParsePKCS8PrivateKey(encodedKey)

	var ok bool
	if privkey, ok = pkcs8.(*rsa.PrivateKey); !ok {
		log.Fatal(ok)
	}
	return
}
Пример #26
0
func getPKCS8Type(bs []byte) (PrivateKeyType, error) {
	k, err := x509.ParsePKCS8PrivateKey(bs)
	if err != nil {
		return UnknownPrivateKey, errutil.UserError{fmt.Sprintf("Failed to parse pkcs#8 key: %v", err)}
	}

	switch k.(type) {
	case *ecdsa.PrivateKey:
		return ECPrivateKey, nil
	case *rsa.PrivateKey:
		return RSAPrivateKey, nil
	default:
		return UnknownPrivateKey, errutil.UserError{"Found unknown private key type in pkcs#8 wrapping"}
	}
}
Пример #27
0
/*读取私钥*/
func getPriKey(in []byte) (*rsa.PrivateKey, error) {
	block, _ := pem.Decode(in)
	if block == nil {
		return nil, ErrPrivateKey
	}
	pri, err := x509.ParsePKCS1PrivateKey(block.Bytes)
	if err == nil {
		return pri, nil
	}
	pri2, err := x509.ParsePKCS8PrivateKey(block.Bytes)
	if err != nil {
		return nil, err
	} else {
		return pri2.(*rsa.PrivateKey), nil
	}
}
Пример #28
0
func (m *SigningMethodRS256) parsePrivateKey(key []byte) (pkey *rsa.PrivateKey, err error) {
	var block *pem.Block
	if block, _ = pem.Decode(key); block != nil {
		var parsedKey interface{}
		if parsedKey, err = x509.ParsePKCS1PrivateKey(block.Bytes); err != nil {
			if parsedKey, err = x509.ParsePKCS8PrivateKey(block.Bytes); err != nil {
				return nil, err
			}
		}
		var ok bool
		if pkey, ok = parsedKey.(*rsa.PrivateKey); !ok {
			err = errors.New("Key is not a valid RSA private key")
		}
	}
	return
}
Пример #29
0
func load_key() (privateKey *rsa.PrivateKey, err error) {
	parent_private_pem_block, _ := pem.Decode([]byte(PRIVATE_KEY))

	x509_private_key, err := x509.ParsePKCS8PrivateKey(parent_private_pem_block.Bytes)
	if err != nil {
		fmt.Println("ParsePKCS8PrivateKey err:", err)
		return
	}
	var ok bool
	privateKey, ok = x509_private_key.(*rsa.PrivateKey)
	if !ok {
		fmt.Println("Not RSA key")
		return nil, errors.New("Load key error")
	}
	return
}
Пример #30
0
func dumpPKCS8(der []byte) error {
	priv, err := x509.ParsePKCS8PrivateKey(der)
	if err != nil {
		return err
	}

	switch priv := priv.(type) {
	case *rsa.PrivateKey:
		printRSAKey(priv)
	case *ecdsa.PrivateKey:
		printECKey(priv)
	default:
		err = fmt.Errorf("unknown key type")
	}
	return err
}