作者:boumeno
项目:packe
func TestRoundTripPkcs8Ecdsa(t *testing.T) {
privateKey, err := ecdsa.GenerateKey(elliptic.P224(), rand.Reader)
if err != nil {
t.Fatalf("failed to generate a private key: %s", err)
}
bytes, err := marshalPKCS8PrivateKey(privateKey)
if err != nil {
t.Fatalf("failed to marshal private key: %s", err)
}
key, err := x509.ParsePKCS8PrivateKey(bytes)
if err != nil {
t.Fatalf("failed to parse private key: %s", err)
}
actualPrivateKey, ok := key.(*ecdsa.PrivateKey)
if !ok {
t.Fatalf("expected key to be of type *ecdsa.PrivateKey, but actual was %T", key)
}
// sanity check, not exhaustive
if actualPrivateKey.D.Cmp(privateKey.D) != 0 {
t.Errorf("private key's D did not round trip")
}
if actualPrivateKey.X.Cmp(privateKey.X) != 0 {
t.Errorf("private key's X did not round trip")
}
if actualPrivateKey.Y.Cmp(privateKey.Y) != 0 {
t.Errorf("private key's Y did not round trip")
}
if actualPrivateKey.Curve.Params().B.Cmp(privateKey.Curve.Params().B) != 0 {
t.Errorf("private key's Curve.B did not round trip")
}
}
作者:ConradIrwi
项目:pkcs15too
func open(keyfile string) (*rsa.PrivateKey, error) {
bytes, err := ioutil.ReadFile(keyfile)
if err != nil {
return nil, err
}
block, _ := pem.Decode(bytes)
if block == nil {
return nil, fmt.Errorf("%s: no valid PEM data found", keyfile)
} else if block.Type != "PRIVATE KEY" {
return nil, fmt.Errorf("%s: expected PRIVATE KEY, got %s", keyfile, block.Type)
}
key, err := x509.ParsePKCS8PrivateKey(block.Bytes)
if err != nil {
return nil, err
}
rsaKey, ok := key.(*rsa.PrivateKey)
if !ok {
return nil, fmt.Errorf("")
} else {
return rsaKey, nil
}
}
作者:colemicken
项目:azkube-kvb
func parseRsaPrivateKey(path string) (*rsa.PrivateKey, error) {
privateKeyData, err := ioutil.ReadFile(path)
if err != nil {
log.Fatalln("failed", err)
}
block, _ := pem.Decode(privateKeyData)
if block == nil {
panic("failed to decode a pem block from private key pem")
}
privatePkcs1Key, errPkcs1 := x509.ParsePKCS1PrivateKey(block.Bytes)
if errPkcs1 == nil {
return privatePkcs1Key, nil
}
privatePkcs8Key, errPkcs8 := x509.ParsePKCS8PrivateKey(block.Bytes)
if errPkcs8 == nil {
privatePkcs8RsaKey, ok := privatePkcs8Key.(*rsa.PrivateKey)
if !ok {
return nil, fmt.Errorf("Pkcs8 contained non-RSA key. Expected RSA key.")
}
return privatePkcs8RsaKey, nil
}
return nil, fmt.Errorf("Failed to parse private key as Pkcs#1 or Pkcs#8. (%s). (%s).", errPkcs1, errPkcs8)
}
作者:ghaskin
项目:go-cluste
func parseKey(path string) (crypto.PublicKey, error) {
buf, err := ioutil.ReadFile(path)
if err != nil {
return nil, errors.New("failed to open key file \"" + path + "\"")
}
block, _ := pem.Decode(buf)
if block.Type != "PRIVATE KEY" && strings.HasSuffix(block.Type, " PRIVATE KEY") == false {
return nil, errors.New("private key PEM does not appear to contain a private key blob")
}
der := block.Bytes
if key, err := x509.ParsePKCS1PrivateKey(der); err == nil {
return key, nil
}
if key, err := x509.ParsePKCS8PrivateKey(der); err == nil {
switch key := key.(type) {
case *rsa.PrivateKey, *ecdsa.PrivateKey:
return key, nil
default:
return nil, errors.New("crypto/tls: found unknown private key type in PKCS#8 wrapping")
}
}
if key, err := x509.ParseECPrivateKey(der); err == nil {
return key, nil
}
return nil, errors.New("failed to parse private key")
}
作者:kal
项目:cfss
// ParsePrivateKeyPEM parses and returns a PEM-encoded private
// key. The private key may be either an unencrypted PKCS#8, PKCS#1,
// or elliptic private key.
func ParsePrivateKeyPEM(keyPEM []byte) (key interface{}, err error) {
keyDER, _ := pem.Decode(keyPEM)
if keyDER == nil {
return nil, cferr.New(cferr.PrivateKeyError, cferr.DecodeFailed, nil)
}
if procType, ok := keyDER.Headers["Proc-Type"]; ok {
if strings.Contains(procType, "ENCRYPTED") {
return nil, cferr.New(cferr.PrivateKeyError, cferr.Encrypted, nil)
}
}
key, err = x509.ParsePKCS8PrivateKey(keyDER.Bytes)
if err != nil {
key, err = x509.ParsePKCS1PrivateKey(keyDER.Bytes)
if err != nil {
key, err = x509.ParseECPrivateKey(keyDER.Bytes)
if err != nil {
// We don't include the actual error into the final error.
// The reason might be we don't want to leak any info about
// the private key.
return nil, cferr.New(cferr.PrivateKeyError, cferr.ParseFailed, nil)
}
}
}
return
}
作者:jameswe
项目:zmopenapi-sdk-golan
//DecryptRSA decrypt given []byte with RSA algorithm
func DecryptRSA(data []byte) []byte {
if data == nil {
return nil
}
privateKey := []byte(PrivateKey)
if !ginutil.IsProduction() {
privateKey = []byte(TestPrivateKey)
}
block, _ := pem.Decode(privateKey)
if block == nil {
return nil
}
privInterface, err := x509.ParsePKCS8PrivateKey(block.Bytes)
if err != nil {
return nil
}
priv := privInterface.(*rsa.PrivateKey)
decrypted := make([]byte, 0, len(data))
for i := 0; i < len(data); i += 128 {
if i+128 < len(data) {
partial, err1 := rsa.DecryptPKCS1v15(rand.Reader, priv, data[i:i+128])
if err1 != nil {
return nil
}
decrypted = append(decrypted, partial...)
} else {
partial, err1 := rsa.DecryptPKCS1v15(rand.Reader, priv, data[i:])
if err1 != nil {
return nil
}
decrypted = append(decrypted, partial...)
}
}
return decrypted
}
作者:CometKi
项目:platfor
// LoadPrivateKey loads a private key from PEM/DER-encoded data.
func LoadPrivateKey(data []byte) (interface{}, error) {
input := data
block, _ := pem.Decode(data)
if block != nil {
input = block.Bytes
}
var priv interface{}
priv, err0 := x509.ParsePKCS1PrivateKey(input)
if err0 == nil {
return priv, nil
}
priv, err1 := x509.ParsePKCS8PrivateKey(input)
if err1 == nil {
return priv, nil
}
priv, err2 := x509.ParseECPrivateKey(input)
if err2 == nil {
return priv, nil
}
return nil, fmt.Errorf("square/go-jose: parse error, got '%s', '%s' and '%s'", err0, err1, err2)
}
作者:keyphac
项目:pso2-g
func loadKey(reader io.Reader) (interface{}, error) {
data, err := ioutil.ReadAll(reader)
if err != nil {
return nil, err
}
for len(data) > 0 {
var block *pem.Block
block, data = pem.Decode(data)
if block == nil {
break
}
switch block.Type {
case "RSA PRIVATE KEY":
return x509.ParsePKCS1PrivateKey(block.Bytes)
case "PRIVATE KEY":
return x509.ParsePKCS8PrivateKey(block.Bytes)
case "RSA PUBLIC KEY":
fallthrough
case "PUBLIC KEY":
return x509.ParsePKIXPublicKey(block.Bytes)
}
}
return nil, errors.New("no key found")
}
作者:kiso
项目:cfss
// ParsePrivateKeyDER parses a PKCS #1, PKCS #8, or elliptic curve
// DER-encoded private key. The key must not be in PEM format.
func ParsePrivateKeyDER(keyDER []byte) (key crypto.Signer, err error) {
generalKey, err := x509.ParsePKCS8PrivateKey(keyDER)
if err != nil {
generalKey, err = x509.ParsePKCS1PrivateKey(keyDER)
if err != nil {
generalKey, err = x509.ParseECPrivateKey(keyDER)
if err != nil {
// We don't include the actual error into
// the final error. The reason might be
// we don't want to leak any info about
// the private key.
return nil, cferr.New(cferr.PrivateKeyError,
cferr.ParseFailed)
}
}
}
switch generalKey.(type) {
case *rsa.PrivateKey:
return generalKey.(*rsa.PrivateKey), nil
case *ecdsa.PrivateKey:
return generalKey.(*ecdsa.PrivateKey), nil
}
// should never reach here
return nil, cferr.New(cferr.PrivateKeyError, cferr.ParseFailed)
}
作者:89hmdy
项目:alipay-wireles
// 通过Alipay的商户私钥进行签名
func AlipayPrivateKeySign(privateKeyStr string, content []byte) (sign string, err error) {
der, err := base64.StdEncoding.DecodeString(privateKeyStr)
if err != nil {
return
}
privatekey, err := x509.ParsePKCS8PrivateKey(der)
if err != nil {
return
}
hashType := crypto.SHA1
if !hashType.Available() {
err = errors.New("unsupport sha1")
return
}
h := hashType.New()
h.Write(content)
digest := h.Sum(nil)
_privatekey := privatekey.(*rsa.PrivateKey)
signature, err := rsa.SignPKCS1v15(rand.Reader, _privatekey, crypto.SHA1, digest)
if err != nil {
return
}
sign = base64.StdEncoding.EncodeToString(signature)
return
}
作者:tomzhan
项目:golang-devops-stuf
func (k *Keychain) AddPEMKey(privateKeyPath string) error {
var rsakey interface{}
var err error
keyContent, err := ioutil.ReadFile(privateKeyPath)
if err != nil {
return err
}
block, _ := pem.Decode([]byte(keyContent))
if block == nil {
return errors.New("no block in key")
}
rsakey, err = x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil {
rsakey, err = x509.ParsePKCS8PrivateKey(block.Bytes)
}
if err != nil {
return err
}
k.keys = append(k.keys, rsakey)
return nil
}
作者:tomzhan
项目:certifido
/*
Reads and returns the next DER-encoded private key from r,
which may optionally be base64 encoded (PEM format)
and may be preceded by "garbage" (PEM headers).
This function takes care not to read more bytes than
necessary which allows the function to be called
multiple times on a stream of concatenated keys.
*/
func ReadNextKey(in io.Reader) (crypto.Signer, error) {
data, err := ReadNextSEQUENCE(in)
if err != nil {
return nil, err
}
key1, err1 := x509.ParseECPrivateKey(data)
key2, err2 := x509.ParsePKCS1PrivateKey(data)
key3, err3 := x509.ParsePKCS8PrivateKey(data)
if err1 == nil {
return key1, nil
}
if err2 == nil {
return key2, nil
}
if err3 != nil {
return nil, err3
}
switch key := key3.(type) {
case *rsa.PrivateKey:
return key, nil
case *ecdsa.PrivateKey:
return key, nil
}
return nil, fmt.Errorf("Unknown key type in PKCS8 container")
}
作者:securitykiss-co
项目:goss
func parseCakey(cakeyfile *string) (*rsa.PrivateKey, error) {
cakeybytes, err := ioutil.ReadFile(*cakeyfile)
if err != nil {
return nil, err
}
cakeyblock, _ := pem.Decode(cakeybytes)
if cakeyblock == nil {
return nil, fmt.Errorf("Not valid CA key %s", *cakeyfile)
}
der := cakeyblock.Bytes
// Try to parse as PKCS1
cakey1, err := x509.ParsePKCS1PrivateKey(der)
if err == nil {
return cakey1, err
}
// Otherwise try PKCS8
cakey8, err := x509.ParsePKCS8PrivateKey(der)
if err != nil {
return nil, err
}
switch k := cakey8.(type) {
case *rsa.PrivateKey:
return k, nil
default:
return nil, fmt.Errorf("CA key %s not an PKCS8 RSA private key", cakeyfile)
}
}
作者:sjn197
项目:go-fuz
func FuzzPKCS(data []byte) int {
score := 0
if k, err := x509.ParsePKCS1PrivateKey(data); err == nil {
score = 1
data1 := x509.MarshalPKCS1PrivateKey(k)
k1, err := x509.ParsePKCS1PrivateKey(data1)
if err != nil {
panic(err)
}
if !fuzz.DeepEqual(k, k1) {
panic("keys are not equal")
}
}
if k0, err := x509.ParsePKCS8PrivateKey(data); err == nil {
score = 1
if k, ok := k0.(*rsa.PrivateKey); ok {
data1 := x509.MarshalPKCS1PrivateKey(k)
k1, err := x509.ParsePKCS1PrivateKey(data1)
if err != nil {
panic(err)
}
if !fuzz.DeepEqual(k, k1) {
panic("keys are not equal")
}
}
}
return score
}
作者:jameswe
项目:zmopenapi-sdk-golan
//SignWithRSA sign given encrypted data with RSA algorithm
func SignRSA(raw []byte, algorithm crypto.Hash) []byte {
if raw == nil {
return nil
}
privateKey := []byte(PrivateKey)
if !ginutil.IsProduction() {
privateKey = []byte(TestPrivateKey)
}
block, _ := pem.Decode(privateKey)
if block == nil {
return nil
}
privInterface, err := x509.ParsePKCS8PrivateKey(block.Bytes)
if err != nil {
return nil
}
priv := privInterface.(*rsa.PrivateKey)
var data []byte
if algorithm == crypto.SHA1 {
data = EncryptSHA(raw)
} else {
data = EncryptMD5(EncryptSHA(raw))
}
signed, err := rsa.SignPKCS1v15(rand.Reader, priv, algorithm, data)
if err != nil {
return nil
}
return signed
}
作者:ably-fork
项目:flyn
func NewGCS(name string, info map[string]string) (Backend, error) {
b := &gcsBackend{
name: name,
bucketName: info["bucket"],
}
keyJSON := []byte(info["key"])
if b.bucketName == "" {
return nil, fmt.Errorf("blobstore: missing Google Cloud Storage bucket param for %s", name)
}
if len(keyJSON) == 0 {
return nil, fmt.Errorf("blobstore: missing Google Cloud Storage key JSON param for %s", name)
}
jwtToken, err := google.JWTConfigFromJSON(keyJSON, "https://www.googleapis.com/auth/devstorage.read_write")
if err != nil {
return nil, fmt.Errorf("blobstore: error loading Google Cloud Storage JSON key: %s", err)
}
tokenSource := jwtToken.TokenSource(context.Background())
// Test getting an OAuth token so we can disambiguate an issue with the
// token and an issue with the bucket permissions below.
if _, err := tokenSource.Token(); err != nil {
return nil, fmt.Errorf("blobstore: error getting Google Cloud Storage OAuth token: %s", err)
}
pemBlock, _ := pem.Decode(jwtToken.PrivateKey)
privateKey, err := x509.ParsePKCS8PrivateKey(pemBlock.Bytes)
if err != nil {
return nil, fmt.Errorf("blobstore: error decoding Google Cloud Storage private key: %s", err)
}
rsaPrivateKey, ok := privateKey.(*rsa.PrivateKey)
if !ok {
return nil, fmt.Errorf("blobstore: unexpected Google Cloud Storage key type: %T", privateKey)
}
b.signOpts = func() *storage.SignedURLOptions {
return &storage.SignedURLOptions{
GoogleAccessID: jwtToken.Email,
SignBytes: func(b []byte) ([]byte, error) {
digest := sha256.Sum256(b)
return rsa.SignPKCS1v15(rand.Reader, rsaPrivateKey, crypto.SHA256, digest[:])
},
Method: "GET",
Expires: time.Now().Add(10 * time.Minute),
}
}
client, err := storage.NewClient(context.Background(), option.WithTokenSource(tokenSource))
if err != nil {
return nil, fmt.Errorf("blobstore: error creating Google Cloud Storage client: %s", err)
}
b.bucket = client.Bucket(b.bucketName)
_, err = b.bucket.Attrs(context.Background())
if err != nil {
return nil, fmt.Errorf("blobstore: error checking Google Cloud Storage bucket %q existence, ensure that it exists and Owner access for %s is included the bucket ACL: %q", b.bucketName, jwtToken.Email, err)
}
return b, nil
}
作者:khi
项目:httpcach
// X509KeyPair parses a public/private key pair from a pair of
// PEM encoded data.
func X509KeyPair(certPEMBlock, keyPEMBlock []byte) (cert Certificate, err error) {
var certDERBlock *pem.Block
for {
certDERBlock, certPEMBlock = pem.Decode(certPEMBlock)
if certDERBlock == nil {
break
}
if certDERBlock.Type == "CERTIFICATE" {
cert.Certificate = append(cert.Certificate, certDERBlock.Bytes)
}
}
if len(cert.Certificate) == 0 {
err = errors.New("crypto/tls: failed to parse certificate PEM data")
return
}
keyDERBlock, _ := pem.Decode(keyPEMBlock)
if keyDERBlock == nil {
err = errors.New("crypto/tls: failed to parse key PEM data")
return
}
// OpenSSL 0.9.8 generates PKCS#1 private keys by default, while
// OpenSSL 1.0.0 generates PKCS#8 keys. We try both.
var key *rsa.PrivateKey
if key, err = x509.ParsePKCS1PrivateKey(keyDERBlock.Bytes); err != nil {
var privKey interface{}
if privKey, err = x509.ParsePKCS8PrivateKey(keyDERBlock.Bytes); err != nil {
err = errors.New("crypto/tls: failed to parse key: " + err.Error())
return
}
var ok bool
if key, ok = privKey.(*rsa.PrivateKey); !ok {
err = errors.New("crypto/tls: found non-RSA private key in PKCS#8 wrapping")
return
}
}
cert.PrivateKey = key
// We don't need to parse the public key for TLS, but we so do anyway
// to check that it looks sane and matches the private key.
x509Cert, err := x509.ParseCertificate(cert.Certificate[0])
if err != nil {
return
}
if x509Cert.PublicKeyAlgorithm != x509.RSA || x509Cert.PublicKey.(*rsa.PublicKey).N.Cmp(key.PublicKey.N) != 0 {
err = errors.New("crypto/tls: private key does not match public key")
return
}
return
}
作者:kn
项目:pemuti
// parsePKCSPrivateKey attempts to decode a RSA private key first using PKCS1
// encoding, and then PKCS8 encoding.
func parsePKCSPrivateKey(buf []byte) (interface{}, error) {
// attempt PKCS1 parsing
key, err := x509.ParsePKCS1PrivateKey(buf)
if err != nil {
// attempt PKCS8 parsing
return x509.ParsePKCS8PrivateKey(buf)
}
return key, nil
}
作者:vanadiu
项目:go.jn
// parsePKCS8PrivateKey parses the provided private key in the PKCS#8 format.
func parsePKCS8PrivateKey(data []byte) (*ecdsa.PrivateKey, error) {
key, err := x509.ParsePKCS8PrivateKey(data)
if err != nil {
return nil, err
}
eckey, ok := key.(*ecdsa.PrivateKey)
if !ok {
return nil, fmt.Errorf("not an ECDSA private key")
}
return eckey, nil
}
作者:89hmdy
项目:toas
func ParsePKCS8Key(publicKey, privateKey []byte) (Key, error) {
puk, err := x509.ParsePKIXPublicKey(publicKey)
if err != nil {
return nil, err
}
prk, err := x509.ParsePKCS8PrivateKey(privateKey)
if err != nil {
return nil, err
}
return &key{publicKey: puk.(*rsa.PublicKey), privateKey: prk.(*rsa.PrivateKey)}, nil
}
