Hi all I am currently trying to accomplish three things with the following code.
Generate a public/private key pair using the crypto/rsa library.
Export the public and private keys into individual PEM files to be used in separate programs.
Load the PEM files respectively into their individual scripts to encode/decode messages.
Everything works fine until I try to decrypt a test message with "Private-key-decryption.go". I received this error when decrypting the ciphertext "Error from decryption: crypto/rsa: decryption error"
Included are all of my code blocks I am using
Key-Generation.go
package main
import (
"crypto"
"crypto/rand"
"crypto/rsa"
"crypto/sha256"
"crypto/x509"
"encoding/pem"
"fmt"
"os"
)
//Write_private_key_to_file write pem_key to a file
func WriteToFile(Pem_Key string, filename string) {
f, err := os.Create(filename)
if err != nil {
fmt.Println(err)
return
}
l, err := f.WriteString(Pem_Key)
if err != nil {
fmt.Println(err)
f.Close()
return
}
fmt.Println(l, "bytes written successfully")
err = f.Close()
if err != nil {
fmt.Println(err)
return
}
}
//ExportRsaPrivateKeyAsPemStr returns private pem key
func ExportRsaPrivateKeyAsPemStr(privkey *rsa.PrivateKey) string {
privkey_bytes := x509.MarshalPKCS1PrivateKey(privkey)
privkey_pem := pem.EncodeToMemory(
&pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: privkey_bytes,
},
)
return string(privkey_pem)
}
//ExportRsaPublicKeyAsPemStr_to_pem_file extracts public key from generated private key
func ExportRsaPublicKeyAsPemStr(publickey *rsa.PublicKey) (string, error) {
pubkey_bytes, err := x509.MarshalPKIXPublicKey(publickey)
if err != nil {
return "", err
}
//fmt.Println(pubkey_bytes)
pubkey_pem := pem.EncodeToMemory(
&pem.Block{
Type: "RSA PUBLIC KEY",
Bytes: pubkey_bytes,
},
)
return string(pubkey_pem), nil
}
func main() {
// generate a 1024-bit private-key
priv, err := rsa.GenerateKey(rand.Reader, 1024)
// extract the public key from the private key as string
pub := &priv.PublicKey
message := []byte("test message")
hashed := sha256.Sum256(message)
signature, err := rsa.SignPKCS1v15(rand.Reader, priv, crypto.SHA256, hashed[:])
if err != nil {
fmt.Printf("Error from signing: %s\n", err)
return
}
err = rsa.VerifyPKCS1v15(&priv.PublicKey, crypto.SHA256, hashed[:], signature)
if err != nil {
fmt.Printf("Error from verification: %s\n", err)
return
} else {
fmt.Printf("signature is verified\n")
}
//calling function to export private key into PEM file
pem_priv := ExportRsaPrivateKeyAsPemStr(priv)
//writing private key to file
WriteToFile(pem_priv, "private-key.pem")
//calling function to export public key as pPEM file
pem_pub, _ := ExportRsaPublicKeyAsPemStr(pub)
WriteToFile(pem_pub, "public-key.pem")
}
Public-key_encryption.go
package main
import (
"crypto/rand"
"crypto/rsa"
"crypto/sha256"
"crypto/x509"
"encoding/pem"
"errors"
"fmt"
"io/ioutil"
)
//ParseRsaPublicKeyFromPemStr takes a publicKeyPEM file as a string and returns a rsa.PublicKey object
func ParseRsaPublicKeyFromPemStr(pubPEM string) (*rsa.PublicKey, error) {
block, _ := pem.Decode([]byte(pubPEM))
if block == nil {
return nil, errors.New("failed to parse PEM block containing the key")
}
pub, err := x509.ParsePKIXPublicKey(block.Bytes)
if err != nil {
return nil, err
}
switch pub := pub.(type) {
case *rsa.PublicKey:
return pub, nil
default:
break // fall through
}
return nil, errors.New("Key type is not RSA")
}
func main() {
//reading in the public key file to be passed the the rsa object creator
PublicKeyAsString, err := ioutil.ReadFile("public-key.pem")
if err != nil {
fmt.Print(err)
}
//Creating parsing Public PEM key to *rsa.PublicKey
rsa_public_key_object, _ := ParseRsaPublicKeyFromPemStr(string(PublicKeyAsString))
challengeMsg := []byte("c")
ciphertext, err := rsa.EncryptOAEP(sha256.New(), rand.Reader, rsa_public_key_object, challengeMsg, nil)
if err != nil {
fmt.Printf("Error from encryption: %s\n", err)
return
}
fmt.Printf("%x", ciphertext)
}
Private-key-decryption.go
package main
import (
"crypto/rand"
"crypto/rsa"
"crypto/sha256"
"crypto/x509"
"encoding/pem"
"errors"
"fmt"
"io/ioutil"
)
//takes a privatekey PEM file as a string and returns a pointer rsa.PublicKey object
func parseRsaPrivateKeyFromPemStr(p string) (*rsa.PrivateKey, error) {
block, _ := pem.Decode([]byte(p))
if block == nil {
return nil, errors.New("failed to parse PEM block containing the key")
}
key, err := x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil {
return nil, err
}
return key, nil
}
func main() {
//reading in the public key file to be passed the the rsa object creator
PrivateKeyAsString, err := ioutil.ReadFile("private-key.pem")
if err != nil {
fmt.Print(err)
}
//Creating parsing private PEM key to *rsa.PublicKey
rsa_private_key_object, _ := parseRsaPrivateKeyFromPemStr(string(PrivateKeyAsString))
ciphertext := []byte("1f58ab29106c7971c9a4307c39b6b09f8910b7ac38a8d0abc15de14cbb0f651aa5c7ca377fd64a20017eaaff0a57358bc8dd05645c8b2b24bbb137ab2e5cf657f9a6a7593ce8d043dd774d79986b00f679fc1492a6ed4961f0e1941a5ef3c6ec99f952b0756700a05314c31c768fe9463f77f23312a51a97587b04b4d8b50de0")
plaintext, err := rsa.DecryptOAEP(sha256.New(), rand.Reader, rsa_private_key_object, ciphertext, nil)
if err != nil {
fmt.Printf("Error from decryption: %s\n", err)
return
}
fmt.Printf("\nPlaintext: %s\n", string(plaintext))
}
Please let me know what needs to be changed. This is my first crypto project and I am starting to get bags under my eyes lol
You're close. In the encryption part, you produce a hex string with that %x format string. So, in the decryption part, you should do the corresponding hex decode.
In your Private-key-decryption.go, change
ciphertext := []byte("1f58ab29106c7971c9a4307c39b6b09f8910b7ac38a8d0abc15de14cbb0f651aa5c7ca377fd64a20017eaaff0a57358bc8dd05645c8b2b24bbb137ab2e5cf657f9a6a7593ce8d043dd774d79986b00f679fc1492a6ed4961f0e1941a5ef3c6ec99f952b0756700a05314c31c768fe9463f77f23312a51a97587b04b4d8b50de0")
to
ciphertext, err := hex.DecodeString("1f58ab29106c7971c9a4307c39b6b09f8910b7ac38a8d0abc15de14cbb0f651aa5c7ca377fd64a20017eaaff0a57358bc8dd05645c8b2b24bbb137ab2e5cf657f9a6a7593ce8d043dd774d79986b00f679fc1492a6ed4961f0e1941a5ef3c6ec99f952b0756700a05314c31c768fe9463f77f23312a51a97587b04b4d8b50de0")
if err != nil {
fmt.Printf("Error from hex decode: %s\n", err)
return
}
Related
I need to use a public key to encrypt the message "Message" and save it as a file ciphertext.txt by converting pre-received data in HEX encoding. I do not need the public key to be generated, I already have a ready-made public key. Using this public key, you need to encrypt the message.
Here's what I was able to do:
package main
import (
"crypto/rand"
"crypto/rsa"
"crypto/sha256"
"crypto/x509"
"encoding/pem"
"errors"
"log"
"os"
)
func main() {
publicKeyBytes, err := os.ReadFile("publicik.key")
if err!= nil {
return
}
publicKey, err := decodepublicKey(publicKeyBytes)
if err != nil {
return
}
plaintext := []byte("Message")
ciphertext, err := rsa.EncryptOAEP(sha256.New(), rand.Reader, publicKey, plaintext, nil)
if err != nil {
return
}
log.Printf( "%x", ciphertext)
privateKeyBytes, err := os.ReadFile("private.key")
if err != nil {
return
}
privateKey, err := decodePrivateKey(privateKeyBytes)
if err != nil {
return
}
decryptedtext, err := rsa.DecryptOAEP(sha256.New(), rand.Reader, privateKey,ciphertext, nil)
if err != nil {
return
}
log.Printf("%s", decryptedtext)
}
func decodepublicKey(key []byte) (*rsa.PublicKey, error) {
block, _:= pem.Decode(key)
if block == nil {
return nil, errors.New("can't decode pem block")
}
publicKey, err := x509.ParsePKCS1PublicKey(block.Bytes)
if err != nil {
return nil, err
}
return publicKey, nil
}
func decodePrivateKey(key []byte) (*rsa.PrivateKey,error) { block, _ := pem.Decode(key)
if block == nil {
return nil, errors.New("can't decode pem block")
}
privateKey, err := x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil {
return nil, err
}
return privateKey, nil
}
Then I don’t know how to solve this problem?
Please help with solving this problem
I debugged your code and found 2 potential issues:
Double check whether you need to use x509.ParsePKCS1PublicKey() or x509.ParsePKIXPublicKey(). This depends on the format of your public key. More here: https://stackoverflow.com/a/54775627/9698467
You may need to type assert the public key in your decodepublicKey function: return publicKey.(*rsa.PublicKey), nil.
I try to add tls config to "github.com/eclipse/paho.mqtt.golang" client package. However in the config pems load from a file. I want to use pem as string format. For example an object has "caPem" key and its value CA pem as string.
func NewTLSConfig(cACertificate, clientCertificate, clientKey string) *tls.Config {
certpool := x509.NewCertPool()
pemCerts, err := ioutil.ReadFile("/ca.pem")
if err == nil {
certpool.AppendCertsFromPEM(pemCerts)
}
cert, err := tls.LoadX509KeyPair("/client.pem", "/client.key")
if err != nil {
panic(err)
}
cert.Leaf, err = x509.ParseCertificate(cert.Certificate[0])
if err != nil {
panic(err)
}
fmt.Println(cert.Leaf)
return &tls.Config{
RootCAs: certpool,
ClientAuth: tls.RequestClientCert,
ClientCAs: nil,
InsecureSkipVerify: false,
Certificates: []tls.Certificate{cert},
}
}
As you see above code , pemCerts get public key from a file. Functions parameters "caCertificate..." are string. I just want to use them like "pemCerts := caCertificate". How can I implement this
Made an example, of how to this this. It does assume that you do not have more than 1 PEM block in the string. If you do you should adapt it to call strPEMToPubCert multiple times.
(playground link)
package main
import (
"crypto/x509"
"encoding/pem"
"errors"
"fmt"
)
func main() {
var pubPEMData = `-----BEGIN CERTIFICATE-----
MIIG9TCCBd2gAwIBAgISBLS106X/pLzr6OgL1QIQaFjHMA0GCSqGSIb3DQEBCwUA
MDIxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQswCQYDVQQD
EwJSMzAeFw0yMTEyMDUxNDE1NTJaFw0yMjAzMDUxNDE1NTFaMB4xHDAaBgNVBAMM
Eyouc3RhY2tleGNoYW5nZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEK
AoIBAQCad2WyTsmxXwoyz/iQST49XuSAciGr8GcyUtrestK82l4uHvU0/eCsxkUa
nT6xpm60l9OaAXCjJHEl9+0qKOUQ8+FJzr4W9PuiALE1E6j5mpYk3FRERZwX+AFZ
dN2G1rSb+uZvDSiR9eUikj0ueR5TTA+ZUsNLaByE+/EzcUqja9Qxyq7zkizSolxy
/RVTRPB2BaDkGY4I46avu8PJPm6R3skp0L96MnWSDVtJhIGc5lisoUEozrlTbTuT
SfBvPAAIqFT6702LJqFIF5rW04++GrEBh6S1I+17IZxneTMcorx0sYmXVzRGvz6e
0nOfXo6a80hAFgs+vci3UWEze7vrAgMBAAGjggQXMIIEEzAOBgNVHQ8BAf8EBAMC
BaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAw
HQYDVR0OBBYEFMbQN0TT6bdr8CA4WpQ9UwT/XKTZMB8GA1UdIwQYMBaAFBQusxe3
WFbLrlAJQOYfr52LFMLGMFUGCCsGAQUFBwEBBEkwRzAhBggrBgEFBQcwAYYVaHR0
cDovL3IzLm8ubGVuY3Iub3JnMCIGCCsGAQUFBzAChhZodHRwOi8vcjMuaS5sZW5j
ci5vcmcvMIIB5AYDVR0RBIIB2zCCAdeCDyouYXNrdWJ1bnR1LmNvbYISKi5ibG9n
b3ZlcmZsb3cuY29tghIqLm1hdGhvdmVyZmxvdy5uZXSCGCoubWV0YS5zdGFja2V4
Y2hhbmdlLmNvbYIYKi5tZXRhLnN0YWNrb3ZlcmZsb3cuY29tghEqLnNlcnZlcmZh
dWx0LmNvbYINKi5zc3RhdGljLm5ldIITKi5zdGFja2V4Y2hhbmdlLmNvbYITKi5z
dGFja292ZXJmbG93LmNvbYIVKi5zdGFja292ZXJmbG93LmVtYWlsgg8qLnN1cGVy
dXNlci5jb22CDWFza3VidW50dS5jb22CEGJsb2dvdmVyZmxvdy5jb22CEG1hdGhv
dmVyZmxvdy5uZXSCFG9wZW5pZC5zdGFja2F1dGguY29tgg9zZXJ2ZXJmYXVsdC5j
b22CC3NzdGF0aWMubmV0gg1zdGFja2FwcHMuY29tgg1zdGFja2F1dGguY29tghFz
dGFja2V4Y2hhbmdlLmNvbYISc3RhY2tvdmVyZmxvdy5ibG9nghFzdGFja292ZXJm
bG93LmNvbYITc3RhY2tvdmVyZmxvdy5lbWFpbIIRc3RhY2tzbmlwcGV0cy5uZXSC
DXN1cGVydXNlci5jb20wTAYDVR0gBEUwQzAIBgZngQwBAgEwNwYLKwYBBAGC3xMB
AQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5jcnlwdC5vcmcwggEF
BgorBgEEAdZ5AgQCBIH2BIHzAPEAdwDfpV6raIJPH2yt7rhfTj5a6s2iEqRqXo47
EsAgRFwqcwAAAX2LKmpMAAAEAwBIMEYCIQC1jB7OwpQiHacbVnEZgWegpCOksm6Z
TYkTjXCmIo9m1AIhAPjs+1PPNr/avFzSydhUROI+Rvqx0iZqXzNc24PIOXjBAHYA
KXm+8J45OSHwVnOfY6V35b5XfZxgCvj5TV0mXCVdx4QAAAF9iypqRAAABAMARzBF
AiEA0oJ418l3aDXj4EVAtzf5o2nUdYiZiH7pLvA1hd7ZSKUCICFeACPl73NNLSzR
7yoKEV6nO7Zlk4rUd/fUyROY35OMMA0GCSqGSIb3DQEBCwUAA4IBAQB+hvmbEaHF
jEkSZiTllNe+XWtfz6TiWIugoqdDL67app49ZTTZ94oLRGxybm62nBIEX/2gCRgd
fqnDecg4BWIyl2jti73eKkmt9+pcCDqZ1JcbW8rDLmZJnzdcC0o739BGRq/ufP5R
Fb8qXAap2VH/29MQImxB166PsAb9rKdS1kNSfg4Zsu7nisg7q47dyzZMT9cTbajf
D/T6hl30nHOyJFvny5vYwDLtiNg5BJ2xZzZFh4B73mY53jjN2EXn4S5LI9J+0NmY
dic7TY+lsttvfrJ+cySMO7E1T1SkgEgHtfsadlRRWNFl80R91sS98FHbhBg/MSMk
yAm4xgff5rYD
-----END CERTIFICATE-----`
crt, _, err := strPEMToPubCert(pubPEMData)
if err != nil {
panic(err)
}
fmt.Println(crt.DNSNames)
}
func strPEMToPubCert(pemStr string) (*x509.Certificate, []byte, error) {
block, rest := pem.Decode([]byte(pemStr))
if block == nil || block.Type != "CERTIFICATE" {
return nil, rest, errors.New("failed to decode PEM block containing certificate")
}
cert, err := x509.ParseCertificate(block.Bytes)
if err != nil {
return nil, rest, err
}
return cert, rest, nil
}
I have a private key in a file -----BEGIN PRIVATE KEY-----\nxxx-----END PRIVATE KEY-----\n
I am trying to perform the below which is in Ruby in Go and got stuck as Go accepts only pem file. Kindly suggest.
azure_certificate_private_key = OpenSSL::PKey.read(private_key_file)
base64_signature = Base64.strict_encode64(private_key.sign(OpenSSL::Digest::SHA256.new, headerPayloadConcatenated))
I have tried as,
signBytes, err := ioutil.ReadFile(privKeyPath)
signer, err := ParsePrivateKey(signBytes)
no key found error
package main
import (
"encoding/pem"
"crypto/x509"
"io/ioutil"
)
func main() {
signBytes, err := ioutil.ReadFile(privKeyPath)
if err != nil {
panic(err) //or do whatever with err
}
keyRSA := parseRSAKey(signBytes)
//keyRSA is a *rsa.PrivateKey
//....use the key
}
func parseRSAKey(b []byte) *rsa.PrivateKey {
block, _ := pem.Decode(b)
if block == nil {
panic("no PEM block")
}
key, err := x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil {
panic(err)
}
return key
}
this should work to parse a RSA private key.
Need a help here with a symmetric PGP decryption in Golang, I've been trying to run symmetrical decryption on an encrypted hex generated on OpenPGP.js, unfortunately, no success to decrypt in Golang. This is the encryption in JS.
const openpgp = require('openpgp')
async function main() {
let options = {
message: openpgp.message.fromBinary(new Uint8Array([0x01, 0x01, 0x01])), // input as Message object
passwords: ['secret stuff'], // multiple passwords possible
armor: false // don't ASCII armor (for Uint8Array output)
}
const cypher_text = await openpgp.encrypt(options)
const encrypted = cypher_text.message.packets.write()
console.log(Buffer.from(encrypted).toString('hex'))
options = {
message: await openpgp.message.read(encrypted), // parse encrypted bytes
passwords: ['secret stuff'], // decrypt with password
format: 'binary' // output as Uint8Array
}
const decrypted = await openpgp.decrypt(options)
console.log(decrypted.data)
}
main()
console.log >>
c32e040903088c4db97456263252e0ef4f42627301e0ba3323b141a9ebd0476e5fe848d3c2b6021c8c06581ae2d19f7cd23b011b4b3a68758cb6fb12287db2a9ab6fdfad97670ae995e4deb7ca313d0aa705d264850adefb20353b263fc32ff8dc571f6dce8b722ddbdf40a907
Uint8Array [ 1, 1, 1 ]
My code is based on the following GIST https://gist.github.com/jyap808/8250124
package main
import (
"bytes"
"errors"
"io/ioutil"
"log"
"golang.org/x/crypto/openpgp/armor"
"golang.org/x/crypto/openpgp/packet"
"golang.org/x/crypto/openpgp"
)
func main() {
password := []byte("secret stuff")
packetConfig := &packet.Config{
DefaultCipher: packet.CipherAES256,
}
cypherHex := []byte("c32e040903088c4db97456263252e0ef4f42627301e0ba3323b141a9ebd0476e5fe848d3c2b6021c8c06581ae2d19f7cd23b011b4b3a68758cb6fb12287db2a9ab6fdfad97670ae995e4deb7ca313d0aa705d264850adefb20353b263fc32ff8dc571f6dce8b722ddbdf40a907")
encbuf := bytes.NewBuffer(nil)
w, err := armor.Encode(encbuf, openpgp.SignatureType, nil)
if err != nil {
log.Fatal(err)
}
w.Write(cypherHex)
encbuf.Read(cypherHex)
w.Close()
log.Println(encbuf)
decbuf := bytes.NewBuffer([]byte(encbuf.String()))
armorBlock, err := armor.Decode(decbuf)
if err != nil {
log.Fatalf("Failed on decode %+v\n", err)
}
failed := false
prompt := func(keys []openpgp.Key, symmetric bool) ([]byte, error) {
if failed {
return nil, errors.New("decryption failed")
}
return password, nil
}
md, err := openpgp.ReadMessage(armorBlock.Body, nil, prompt, packetConfig)
if err != nil {
log.Fatalf("Failed on read message %+v\n", err)
}
plaintext, err := ioutil.ReadAll(md.UnverifiedBody)
if err != nil {
log.Fatalf("Failed on read all body %+v\n", err)
}
log.Println(plaintext)
}
I noticed after log the encbuf that the armored key is kind of incomplete
2020/01/24 22:51:54 jcwYWU5
OTVlNGRlYjdjYTMxM2QwYWE3MDVkMjY0ODUwYWRlZmIyMDM1M2IyNjNmYzMyZmY4
ZGM1NzFmNmRjZThiNzIyZGRiZGY0MGE5MDc=
=9ciH
-----END PGP SIGNATURE-----
Update: Trying to decrypt without armor as well, if fails with EOF
import (
"bytes"
"io/ioutil"
"log"
"golang.org/x/crypto/openpgp"
"golang.org/x/crypto/openpgp/packet"
)
func main() {
password := []byte("secret stuff")
packetConfig := &packet.Config{
DefaultCipher: packet.CipherAES128,
}
cypherHex := []byte("c32e040903088c4db97456263252e0ef4f42627301e0ba3323b141a9ebd0476e5fe848d3c2b6021c8c06581ae2d19f7cd23b011b4b3a68758cb6fb12287db2a9ab6fdfad97670ae995e4deb7ca313d0aa705d264850adefb20353b263fc32ff8dc571f6dce8b722ddbdf40a907")
encbuf := bytes.NewBuffer(nil)
encbuf.Read(cypherHex)
prompt := func(keys []openpgp.Key, symmetric bool) ([]byte, error) {
return password, nil
}
md, err := openpgp.ReadMessage(encbuf, nil, prompt, packetConfig)
if err != nil {
log.Fatalf("Failed on read message %+v\n", err)
}
plaintext, err := ioutil.ReadAll(md.UnverifiedBody)
if err != nil {
log.Fatalf("Failed on read all body %+v\n", err)
}
log.Println(plaintext)
}
First, you're not decoding the hex-encoded ciphertext. Use the encoding/hex package to decode the data:
ct, err := hex.DecodeString(`c32e040903088c4db97456263252e0ef4f42627301e0ba3323b141a9ebd0476e5fe848d3c2b6021c8c06581ae2d19f7cd23b011b4b3a68758cb6fb12287db2a9ab6fdfad97670ae995e4deb7ca313d0aa705d264850adefb20353b263fc32ff8dc571f6dce8b722ddbdf40a907`)
if err != nil {
log.Fatal(err)
}
Next problem is that you're incorrectly creating the bytes.Buffer. You're putting no data into the buffer, then calling the Read method which does nothing (and of you did initialize it with data, Read would "read" all the data out before you decrypt it anyway). The buffer could be initialized with the data, or filled using the Write method -- in this case you only need an io.Reader and can use bytes.NewReader.
r := bytes.NewReader(ct)
Finally, you now have 3 0x01 bytes, which you can see more clearly using a better formatting:
d, err := ioutil.ReadAll(md.UnverifiedBody)
if err != nil {
log.Fatal(err)
}
fmt.Printf("%#v\n", d)
https://play.golang.org/p/Y3VqADQvEIH
I'm using crypto/rsa, and trying to find a way to properly save and load a key. Is there a correct way to create a []byte from an rsa.PrivateKey. If so, is there a way to properly do so for an rsa.PublicKey?
Thank you all very much.
You need some sort of format to marshal the key into. One format supported by the Go standard library can be found here: http://golang.org/pkg/crypto/x509/#MarshalPKCS1PrivateKey
func MarshalPKCS1PrivateKey(key *rsa.PrivateKey) []byte
The inverse function is http://golang.org/pkg/crypto/x509/#ParsePKCS1PrivateKey.
func ParsePKCS1PrivateKey(der []byte) (key *rsa.PrivateKey, err error)
However, it is relatively standard to encode the marshaled key into a PEM file.
pemdata := pem.EncodeToMemory(
&pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: x509.MarshalPKCS1PrivateKey(key),
},
)
You can find a full example here.
Here's code snippet that shows the import and export of both public and private keys. It's based on the other answers which were super helpful, as well as copy-pasta from the official docs.
package main
import (
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"encoding/pem"
"errors"
"fmt"
)
func GenerateRsaKeyPair() (*rsa.PrivateKey, *rsa.PublicKey) {
privkey, _ := rsa.GenerateKey(rand.Reader, 4096)
return privkey, &privkey.PublicKey
}
func ExportRsaPrivateKeyAsPemStr(privkey *rsa.PrivateKey) string {
privkey_bytes := x509.MarshalPKCS1PrivateKey(privkey)
privkey_pem := pem.EncodeToMemory(
&pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: privkey_bytes,
},
)
return string(privkey_pem)
}
func ParseRsaPrivateKeyFromPemStr(privPEM string) (*rsa.PrivateKey, error) {
block, _ := pem.Decode([]byte(privPEM))
if block == nil {
return nil, errors.New("failed to parse PEM block containing the key")
}
priv, err := x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil {
return nil, err
}
return priv, nil
}
func ExportRsaPublicKeyAsPemStr(pubkey *rsa.PublicKey) (string, error) {
pubkey_bytes, err := x509.MarshalPKIXPublicKey(pubkey)
if err != nil {
return "", err
}
pubkey_pem := pem.EncodeToMemory(
&pem.Block{
Type: "RSA PUBLIC KEY",
Bytes: pubkey_bytes,
},
)
return string(pubkey_pem), nil
}
func ParseRsaPublicKeyFromPemStr(pubPEM string) (*rsa.PublicKey, error) {
block, _ := pem.Decode([]byte(pubPEM))
if block == nil {
return nil, errors.New("failed to parse PEM block containing the key")
}
pub, err := x509.ParsePKIXPublicKey(block.Bytes)
if err != nil {
return nil, err
}
switch pub := pub.(type) {
case *rsa.PublicKey:
return pub, nil
default:
break // fall through
}
return nil, errors.New("Key type is not RSA")
}
func main() {
// Create the keys
priv, pub := GenerateRsaKeyPair()
// Export the keys to pem string
priv_pem := ExportRsaPrivateKeyAsPemStr(priv)
pub_pem, _ := ExportRsaPublicKeyAsPemStr(pub)
// Import the keys from pem string
priv_parsed, _ := ParseRsaPrivateKeyFromPemStr(priv_pem)
pub_parsed, _ := ParseRsaPublicKeyFromPemStr(pub_pem)
// Export the newly imported keys
priv_parsed_pem := ExportRsaPrivateKeyAsPemStr(priv_parsed)
pub_parsed_pem, _ := ExportRsaPublicKeyAsPemStr(pub_parsed)
fmt.Println(priv_parsed_pem)
fmt.Println(pub_parsed_pem)
// Check that the exported/imported keys match the original keys
if priv_pem != priv_parsed_pem || pub_pem != pub_parsed_pem {
fmt.Println("Failure: Export and Import did not result in same Keys")
} else {
fmt.Println("Success")
}
}
Since the public key part of your question wasn't answered and I just ran into the same problem and solved it, here it is:
Note the & in front of the Argument to MarshalPKIXPublicKey
Priv := rsa.GenerateKey(rand.Reader, 4096)
pubASN1, err := x509.MarshalPKIXPublicKey(&Priv.PublicKey)
if err != nil {
// do something about it
}
pubBytes := pem.EncodeToMemory(&pem.Block{
Type: "RSA PUBLIC KEY",
Bytes: pubASN1,
})
ioutil.WriteFile("key.pub", pubBytes, 0644)
Relevant reads:
MarshalPKIXPublicKey(pub interface{}) ([]byte, error) godoc
EncodeToMemory(b *Block) []byte godoc
Block godoc
PS: MarshalPKIXPublicKey also accepts ECDSA keys, ajust the pem header appropriately.