作者:a-yiorgo
项目:delaporte
func checkKey(jobs <-chan string, wg *sync.WaitGroup, block *pem.Block) {
// https://github.com/golang/go/issues/10171
// golang's fix? expand the documentation ...
defer wg.Done()
for passwordStr := range jobs {
password := []byte(passwordStr)
key, err := x509.DecryptPEMBlock(block, password)
if err == nil {
// we now have a candidate, is it random noise or is can be parsed?
// for some reason ParseRawPrivateKey fails so its brute force time
// https://github.com/golang/go/issues/8581 - ed25519 are not currently supported by Golang
_, err := ssh.ParseDSAPrivateKey(key)
if err == nil {
printNDie(password)
}
// not DSA? maybe RSA
_, err = x509.ParsePKCS1PrivateKey(key)
if err == nil {
printNDie(password)
}
// ECDSA?
_, err = x509.ParseECPrivateKey(key)
if err == nil {
printNDie(password)
}
}
}
}
作者:ericchian
项目:de
// DecodePrivateKey decodes a PEM-encoded ECDSA private key.
func DecodePrivateKey(encodedKey []byte) (*ecdsa.PrivateKey, error) {
var skippedTypes []string
var block *pem.Block
for {
block, encodedKey = pem.Decode(encodedKey)
if block == nil {
return nil, fmt.Errorf("failed to find EC PRIVATE KEY in PEM data after skipping types %v", skippedTypes)
}
if block.Type == "EC PRIVATE KEY" {
break
} else {
skippedTypes = append(skippedTypes, block.Type)
continue
}
}
privKey, err := x509.ParseECPrivateKey(block.Bytes)
if err != nil {
return nil, err
}
return privKey, nil
}
作者:RichardScother
项目:notar
// ParsePEMPrivateKey returns a data.PrivateKey from a PEM encoded private key. It
// only supports RSA (PKCS#1) and attempts to decrypt using the passphrase, if encrypted.
func ParsePEMPrivateKey(pemBytes []byte, passphrase string) (*data.PrivateKey, error) {
block, _ := pem.Decode(pemBytes)
if block == nil {
return nil, errors.New("no valid private key found")
}
switch block.Type {
case "RSA PRIVATE KEY":
var privKeyBytes []byte
var err error
if x509.IsEncryptedPEMBlock(block) {
privKeyBytes, err = x509.DecryptPEMBlock(block, []byte(passphrase))
if err != nil {
return nil, errors.New("could not decrypt private key")
}
} else {
privKeyBytes = block.Bytes
}
rsaPrivKey, err := x509.ParsePKCS1PrivateKey(privKeyBytes)
if err != nil {
return nil, fmt.Errorf("could not parse DER encoded key: %v", err)
}
tufRSAPrivateKey, err := RSAToPrivateKey(rsaPrivKey, data.RSAKey)
if err != nil {
return nil, fmt.Errorf("could not convert rsa.PrivateKey to data.PrivateKey: %v", err)
}
return tufRSAPrivateKey, nil
case "EC PRIVATE KEY":
var privKeyBytes []byte
var err error
if x509.IsEncryptedPEMBlock(block) {
privKeyBytes, err = x509.DecryptPEMBlock(block, []byte(passphrase))
if err != nil {
return nil, errors.New("could not decrypt private key")
}
} else {
privKeyBytes = block.Bytes
}
ecdsaPrivKey, err := x509.ParseECPrivateKey(privKeyBytes)
if err != nil {
return nil, fmt.Errorf("could not parse DER encoded private key: %v", err)
}
tufECDSAPrivateKey, err := ECDSAToPrivateKey(ecdsaPrivKey, data.ECDSAKey)
if err != nil {
return nil, fmt.Errorf("could not convert ecdsa.PrivateKey to data.PrivateKey: %v", err)
}
return tufECDSAPrivateKey, nil
default:
return nil, fmt.Errorf("unsupported key type %q", block.Type)
}
}
作者:vgori
项目:cryptog
// Sign calculates a signature for a byte array hash using hex-encoded private key
// It is supposed that a hash is calculated for an original message to sign
// Signature is a hex-encoded JSON
func Sign(hash []byte, private_key_hex string) (signature_hex string, err error) {
// decode private key from hex
private_key_bytes, err := hex.DecodeString(private_key_hex)
if err != nil {
return "", err
}
// x509 parse private key
private_key, err := x509.ParseECPrivateKey(private_key_bytes)
if err != nil {
return "", err
}
// sign
r, s, err := ecdsa.Sign(rand.Reader, private_key, hash)
if err != nil {
return "", err
}
// prepare a signature structure to marshal into json
signature := &signature{
R: r,
S: s,
}
// marshal to json
signature_json, err := json.Marshal(signature)
if err != nil {
return "", err
}
// encode to hex
signature_hex = hex.EncodeToString(signature_json)
return signature_hex, nil
}
作者:hujun-ope
项目:manpas
func LoadCertKeyFromEncPkg(encpkg []byte, passwd string) (*CertKey, error) {
blk, _ := pem.Decode(encpkg)
if blk == nil {
return nil, errors.New("Invalid PEM data")
}
if blk.Type != pkgTypeStr {
return nil, errors.New("PEM type is not " + pkgTypeStr)
}
decrypted_pem, err := x509.DecryptPEMBlock(blk, []byte(passwd))
if err != nil {
return nil, err
}
key_pem, rest := pem.Decode(decrypted_pem)
if blk == nil {
return nil, errors.New("decrypted content is not PEM")
}
cert_pem, _ := pem.Decode(rest)
if blk == nil {
return nil, errors.New("Can't find the cert PEM")
}
if _, ok := supportedKeyTypes[key_pem.Type]; !ok {
return nil, errors.New("Unsupported Key types")
}
if cert_pem.Type != "CERTIFICATE" {
return nil, errors.New("Can't find certificate in decrypted PEM data")
}
var ck CertKey
switch key_pem.Type {
case "RSA PRIVATE KEY":
rsack := new(RSACertKey)
priv_key, err := x509.ParsePKCS1PrivateKey(key_pem.Bytes)
if err != nil {
return nil, err
}
rsack.key = priv_key
cert, err := x509.ParseCertificates(cert_pem.Bytes)
if err != nil {
return nil, err
}
rsack.cert = *cert[0]
ck = rsack
return &ck, nil
case "EC PRIVATE KEY":
ecck := new(ECCertKey)
priv_key, err := x509.ParseECPrivateKey(key_pem.Bytes)
if err != nil {
return nil, err
}
ecck.key = priv_key
cert, err := x509.ParseCertificates(cert_pem.Bytes)
if err != nil {
return nil, err
}
ecck.cert = *cert[0]
ck = ecck
return &ck, nil
}
return nil, errors.New("Unussal error, you shouldn't see this")
}
作者:haneric2
项目:cfss
// ParseAndEncode takes key, certificate, and optional password
// as []byte and parses them to get a suitable format to encode them
func ParseAndEncode(key, cert, password []byte) string {
var file string
certBlock, _ := pem.Decode(cert)
certBytes := certBlock.Bytes
certificate, err := x509.ParseCertificate(certBytes)
if err != nil {
return file
}
block, _ := pem.Decode(key)
privKey := block.Bytes
if block.Type == "RSA PRIVATE KEY" {
pkcsKey, err := x509.ParsePKCS1PrivateKey(privKey)
if err != nil {
return file
}
file = Encode(pkcsKey, certificate, password)
} else if block.Type == "EC PRIVATE KEY" {
ecKey, err := x509.ParseECPrivateKey(privKey)
if err != nil {
return file
}
file = Encode(ecKey, certificate, password)
}
return file
}
作者:yoshihara
项目:fabri
func loadECertAndEnrollmentPrivateKey(enrollmentID string, password string) ([]byte, *ecdsa.PrivateKey, error) {
cooked, err := ioutil.ReadFile("./test_resources/key_" + enrollmentID + ".dump")
if err != nil {
return nil, nil, err
}
block, _ := pem.Decode(cooked)
decryptedBlock, err := x509.DecryptPEMBlock(block, []byte(password))
if err != nil {
return nil, nil, err
}
enrollmentPrivateKey, err := x509.ParseECPrivateKey(decryptedBlock)
if err != nil {
return nil, nil, err
}
if err != nil {
return nil, nil, err
}
ecertRaw, err := ioutil.ReadFile("./test_resources/ecert_" + enrollmentID + ".dump")
if err != nil {
return nil, nil, err
}
return ecertRaw, enrollmentPrivateKey, nil
}
作者:jmptrade
项目:gocrypt
// FinishKEX verifies the signed public key. If it is valid, it will
// carry out an ECDH key agreement, zeroise the private key, and store
// the shared key.
func (kex *Session) FinishKEX(signer *ecdsa.PublicKey, signed []byte) error {
var skey signedKey
rest, err := asn1.Unmarshal(signed, &skey)
if err != nil {
return err
} else if len(rest) != 0 {
return errors.New("eckex: trailing data in key exchange")
}
hashed := sha256.Sum256(skey.Public)
if !ecdsa.Verify(signer, hashed[:], skey.R, skey.S) {
return errors.New("eckex: verification failure")
}
pub, err := unpackECPKIX(skey.Public)
if err != nil {
return err
}
priv, err := x509.ParseECPrivateKey(kex.priv)
util.Zero(kex.priv)
if err != nil {
return err
}
kex.shared, err = nistecdh.ECDH(priv, pub)
kex.shared = kex.shared[:32]
return err
}
作者:kal
项目:cfss
// ParsePrivateKeyPEM parses and returns a PEM-encoded private
// key. The private key may be either an unencrypted PKCS#8, PKCS#1,
// or elliptic private key.
func ParsePrivateKeyPEM(keyPEM []byte) (key interface{}, err error) {
keyDER, _ := pem.Decode(keyPEM)
if keyDER == nil {
return nil, cferr.New(cferr.PrivateKeyError, cferr.DecodeFailed, nil)
}
if procType, ok := keyDER.Headers["Proc-Type"]; ok {
if strings.Contains(procType, "ENCRYPTED") {
return nil, cferr.New(cferr.PrivateKeyError, cferr.Encrypted, nil)
}
}
key, err = x509.ParsePKCS8PrivateKey(keyDER.Bytes)
if err != nil {
key, err = x509.ParsePKCS1PrivateKey(keyDER.Bytes)
if err != nil {
key, err = x509.ParseECPrivateKey(keyDER.Bytes)
if err != nil {
// We don't include the actual error into the final error.
// The reason might be we don't want to leak any info about
// the private key.
return nil, cferr.New(cferr.PrivateKeyError, cferr.ParseFailed, nil)
}
}
}
return
}
作者:mehulsbhat
项目:flitte
// addKey parses an SSH private key for execd. It takes in the SSH server configuration and the key to add.
// It returns an error if the key is unsupported by execd.
func addKey(conf *ssh.ServerConfig, block *pem.Block) (err error) {
var key interface{}
switch block.Type {
case "RSA PRIVATE KEY":
key, err = x509.ParsePKCS1PrivateKey(block.Bytes)
case "EC PRIVATE KEY":
key, err = x509.ParseECPrivateKey(block.Bytes)
case "DSA PRIVATE KEY":
key, err = ssh.ParseDSAPrivateKey(block.Bytes)
default:
return fmt.Errorf("unsupported key type %q", block.Type)
}
if err != nil {
return err
}
signer, err := ssh.NewSignerFromKey(key)
if err != nil {
return err
}
conf.AddHostKey(signer)
return nil
}
作者:postfi
项目:cs
func TestECDSAGenerateKeyAndCSR(t *testing.T) {
var si = SubjectInfo{
Country: "US",
CommonName: "localhost",
}
pemKey, csr, err := GenerateKeyAndCSR(ECDSA, 256, &si)
if err != nil {
t.Fatalf("%v", err)
}
p, _ := pem.Decode(pemKey)
if p == nil {
t.Fatal("csr: invalid PEM-encoded ECDSA key")
} else if p.Type != "EC PRIVATE KEY" {
t.Fatal("csr: invalid PEM-encoded ECDSA key")
}
priv, err := x509.ParseECPrivateKey(p.Bytes)
if err != nil {
t.Fatal("csr: invalid PEM-encoded ECDSA key")
} else if priv.Curve != elliptic.P256() {
t.Fatal("csr: invalid PEM-encoded ECDSA key")
}
_, err = ParseCertificateRequest(csr)
if err != nil {
t.Fatalf("%v", err)
}
}
作者:hy
项目:go.sampl
// import private key from pem format
func importPrivateKeyfromPEM(pemsec []byte) *ecdsa.PrivateKey {
block, _ := pem.Decode(pemsec)
//log.Print(block)
sec, _ := x509.ParseECPrivateKey(block.Bytes)
//log.Print(sec)
return sec
}
作者:AndreasBries
项目:go.crypt
// ParsePublicKey parses a PEM encoded private key. Currently, only
// PKCS#1, RSA and ECDSA private keys are supported.
func ParsePrivateKey(pemBytes []byte) (Signer, error) {
block, _ := pem.Decode(pemBytes)
if block == nil {
return nil, errors.New("ssh: no key found")
}
var rawkey interface{}
switch block.Type {
case "RSA PRIVATE KEY":
rsa, err := x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil {
return nil, err
}
rawkey = rsa
case "EC PRIVATE KEY":
ec, err := x509.ParseECPrivateKey(block.Bytes)
if err != nil {
return nil, err
}
rawkey = ec
// TODO(hanwen): find doc for format and implement PEM parsing
// for DSA keys.
default:
return nil, fmt.Errorf("ssh: unsupported key type %q", block.Type)
}
return NewSignerFromKey(rawkey)
}
作者:kiso
项目:cfss
// ParsePrivateKeyDER parses a PKCS #1, PKCS #8, or elliptic curve
// DER-encoded private key. The key must not be in PEM format.
func ParsePrivateKeyDER(keyDER []byte) (key crypto.Signer, err error) {
generalKey, err := x509.ParsePKCS8PrivateKey(keyDER)
if err != nil {
generalKey, err = x509.ParsePKCS1PrivateKey(keyDER)
if err != nil {
generalKey, err = x509.ParseECPrivateKey(keyDER)
if err != nil {
// We don't include the actual error into
// the final error. The reason might be
// we don't want to leak any info about
// the private key.
return nil, cferr.New(cferr.PrivateKeyError,
cferr.ParseFailed)
}
}
}
switch generalKey.(type) {
case *rsa.PrivateKey:
return generalKey.(*rsa.PrivateKey), nil
case *ecdsa.PrivateKey:
return generalKey.(*ecdsa.PrivateKey), nil
}
// should never reach here
return nil, cferr.New(cferr.PrivateKeyError, cferr.ParseFailed)
}
作者:CometKi
项目:platfor
// LoadPrivateKey loads a private key from PEM/DER-encoded data.
func LoadPrivateKey(data []byte) (interface{}, error) {
input := data
block, _ := pem.Decode(data)
if block != nil {
input = block.Bytes
}
var priv interface{}
priv, err0 := x509.ParsePKCS1PrivateKey(input)
if err0 == nil {
return priv, nil
}
priv, err1 := x509.ParsePKCS8PrivateKey(input)
if err1 == nil {
return priv, nil
}
priv, err2 := x509.ParseECPrivateKey(input)
if err2 == nil {
return priv, nil
}
return nil, fmt.Errorf("square/go-jose: parse error, got '%s', '%s' and '%s'", err0, err1, err2)
}
作者:johntdye
项目:golang-devops-stuf
// GetKeyECC returns the ECDSA private key of the record given the correct password.
func (pr PasswordRecord) GetKeyECC(password string) (key *ecdsa.PrivateKey, err error) {
if pr.Type != ECCRecord {
return key, errors.New("Invalid function for record type")
}
if err = pr.ValidatePassword(password); err != nil {
return
}
passKey, err := derivePasswordKey(password, pr.KeySalt)
if err != nil {
return
}
x509Padded, err := symcrypt.DecryptCBC(pr.ECKey.ECPriv, pr.ECKey.ECPrivIV, passKey)
if err != nil {
return
}
ecX509, err := padding.RemovePadding(x509Padded)
if err != nil {
return
}
return x509.ParseECPrivateKey(ecX509)
}
作者:ghaskin
项目:go-cluste
func parseKey(path string) (crypto.PublicKey, error) {
buf, err := ioutil.ReadFile(path)
if err != nil {
return nil, errors.New("failed to open key file \"" + path + "\"")
}
block, _ := pem.Decode(buf)
if block.Type != "PRIVATE KEY" && strings.HasSuffix(block.Type, " PRIVATE KEY") == false {
return nil, errors.New("private key PEM does not appear to contain a private key blob")
}
der := block.Bytes
if key, err := x509.ParsePKCS1PrivateKey(der); err == nil {
return key, nil
}
if key, err := x509.ParsePKCS8PrivateKey(der); err == nil {
switch key := key.(type) {
case *rsa.PrivateKey, *ecdsa.PrivateKey:
return key, nil
default:
return nil, errors.New("crypto/tls: found unknown private key type in PKCS#8 wrapping")
}
}
if key, err := x509.ParseECPrivateKey(der); err == nil {
return key, nil
}
return nil, errors.New("failed to parse private key")
}
作者:quixote
项目:vaul
// GetSigner returns a crypto.Signer corresponding to the private key
// contained in this ParsedCSRBundle. The Signer contains a Public() function
// for getting the corresponding public. The Signer can also be
// type-converted to private keys
func (p *ParsedCSRBundle) getSigner() (crypto.Signer, error) {
var signer crypto.Signer
var err error
if p.PrivateKeyBytes == nil || len(p.PrivateKeyBytes) == 0 {
return nil, errutil.UserError{"Given parsed cert bundle does not have private key information"}
}
switch p.PrivateKeyType {
case ECPrivateKey:
signer, err = x509.ParseECPrivateKey(p.PrivateKeyBytes)
if err != nil {
return nil, errutil.UserError{fmt.Sprintf("Unable to parse CA's private EC key: %s", err)}
}
case RSAPrivateKey:
signer, err = x509.ParsePKCS1PrivateKey(p.PrivateKeyBytes)
if err != nil {
return nil, errutil.UserError{fmt.Sprintf("Unable to parse CA's private RSA key: %s", err)}
}
default:
return nil, errutil.UserError{"Unable to determine type of private key; only RSA and EC are supported"}
}
return signer, nil
}
作者:useide
项目:notar
func ecdsaSign(privKey data.PrivateKey, hashed []byte) ([]byte, error) {
if _, ok := privKey.(*data.ECDSAPrivateKey); !ok {
return nil, fmt.Errorf("private key type not supported: %s", privKey.Algorithm())
}
// Create an ecdsa.PrivateKey out of the private key bytes
ecdsaPrivKey, err := x509.ParseECPrivateKey(privKey.Private())
if err != nil {
return nil, err
}
// Use the ECDSA key to sign the data
r, s, err := ecdsa.Sign(rand.Reader, ecdsaPrivKey, hashed[:])
if err != nil {
return nil, err
}
rBytes, sBytes := r.Bytes(), s.Bytes()
octetLength := (ecdsaPrivKey.Params().BitSize + 7) >> 3
// MUST include leading zeros in the output
rBuf := make([]byte, octetLength-len(rBytes), octetLength)
sBuf := make([]byte, octetLength-len(sBytes), octetLength)
rBuf = append(rBuf, rBytes...)
sBuf = append(sBuf, sBytes...)
return append(rBuf, sBuf...), nil
}
作者:AnonSuit
项目:gokeyles
func init() {
var err error
var pemBytes []byte
var key crypto.Signer
var p *pem.Block
s, err = NewServerFromFile(certFile, keyFile, caFile, addr, os.Stdout)
if err != nil {
log.Fatal(err)
}
if pemBytes, err = ioutil.ReadFile(rsaPrivKey); err != nil {
log.Fatal(err)
}
p, _ = pem.Decode(pemBytes)
if key, err = x509.ParsePKCS1PrivateKey(p.Bytes); err != nil {
log.Fatal(err)
}
s.RegisterKey(key)
if pemBytes, err = ioutil.ReadFile(ecdsaPrivKey); err != nil {
log.Fatal(err)
}
p, _ = pem.Decode(pemBytes)
if key, err = x509.ParseECPrivateKey(p.Bytes); err != nil {
log.Fatal(err)
}
s.RegisterKey(key)
}
