解析使用 Go 中的 openssl 生成的 curve25519 密钥
[英]Parse curve25519 keys generated using openssl in Go
问题描述
Using OpenSSL version 1.1 and or later, I'm able to generate a curve25519 key:
使用OpenSSL 1.1 或更高版本,我能够生成一个 curve25519 密钥:
openssl genpkey -algorithm x25519
This produces a private key of the form:这会产生一个形式为的私钥:
-----BEGIN PRIVATE KEY-----
MC4CAQAwBQYDK2VuBCIEIDgk3GuFMIaUJd3m95jn/Z8oU+cK9FzPoidIDn/bqRlk
-----END PRIVATE KEY-----
I want to parse this key file in Go and potentially use it using golang.org/x/crypto/nacl/box .我想在 Go 中解析这个密钥文件,并可能使用golang.org/x/crypto/nacl/box使用它。 Looking at crypto/x509 documentation, I can't find a parsing function that parses curve25519.查看crypto/x509文档,我找不到解析curve25519的解析function。 Anyone have an idea?有人有想法吗?
I tried:我试过了:
pKey := `-----BEGIN PUBLIC KEY-----
MCowBQYDK2VuAyEAfLLsWKkI/7EmTOkSf4fyHuRHDnKk6qNncWDzV8jlIUU=
-----END PUBLIC KEY-----`
block, _ := pem.Decode([]byte(pKey))
key, err := x509.ParsePKIXPublicKey(block.Bytes)
if err != nil {
fmt.Println(err)
}
I get the error unknown public key algorithm .我得到错误unknown public key algorithm 。
2 个解决方案
解决方案1
1 已采纳 2019-10-02 21:46:12
Since there is currently no way to parse X25519 keys in the standard library, you may have to do this “by hand”.由于目前无法在标准库中解析 X25519 密钥,因此您可能必须“手动”执行此操作。
You could do it “properly” by using the encoding/asn1 library to decode the keys , but in this case there is a simpler way.您可以通过使用encoding/asn1库来“正确地”解码密钥,但在这种情况下,有一种更简单的方法。
It turns out that for both the private and public keys the actual key is just the last 32 bytes of the base64 decoded block of the key.事实证明,对于私钥和公钥,实际密钥只是密钥的 base64 解码块的最后 32 个字节。
So you can just do:所以你可以这样做:
block, _ := pem.Decode([]byte(pemString))
key := block.Bytes[len(block.Bytes)-32:]
This will work for both public and private keys, and will give you a 32 byte []byte containing the appropriate key.这对公钥和私钥都有效,并且会给你一个 32 字节的[]byte包含适当的密钥。
解决方案2
0 2019-10-01 20:25:22
Your inline key value is malform due to the tab/spaces before -----END PUBLIC KEY-----由于-----END PUBLIC KEY-----之前的制表符/空格,您的内联键值不正确
As a result block is nil and cause the follow-up function to segfault.结果block为nil ,导致后续function出现segfault。
Here's a quick fix for the decoding piece:这是解码部分的快速修复:
pKey := `-----BEGIN PRIVATE KEY-----
MCowBQYDK2VuAyEAfLLsWKkI/7EmTOkSf4fyHuRHDnKk6qNncWDzV8jlIUU=
-----END PRIVATE KEY-----`
block, _ := pem.Decode([]byte(pKey))
if block == nil || block.Type != "PRIVATE KEY" {
log.Fatal("failed to decode PEM block containing private key")
}
key, err := x509.ParsePKIXPublicKey(block.Bytes)
if err != nil {
log.Println("Parse PKI Error:", err)
return
}
Playground: https://play.golang.org/p/O2wk8rmKGWH游乐场: https://play.golang.org/p/O2wk8rmKGWH
Note: ParsePKIXPublicKey function does not recognize this key algorithm.注意: ParsePKIXPublicKey function 无法识别此密钥算法。
2009/11/10 23:00:00 Parse PKI Error: x509: unknown public key algorithm
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.