I have a pkcs11 token that only contains the private key object. I want to use crypto11 package to retrieve the private key. When I try to parse the x509 key pair by inputting the certificate file and the secret key object. I received the error. var pks *crypto11.SecretKey cannot convert pks (variable of type *crypto11.SecretKey) to []bytecompiler
I want to know what is the correct way to retrieve the private key object. And How do I convert the crypto11 package and certificate file to the x509 certificate for TLS connection?
// Load the device certificate file
certificate, err := ioutil.ReadFile("/PATH/cert.pem.crt")
if err != nil {
fmt.Println("Error loading device certificate:", err)
return
}
//Create Crypto11 instance
ct11, err := crypto11.Configure(&crypto11.Config{
Path: "/PATH/libsofthsm2.so",
SlotNumber: #######,
Pin: "####",
})
//Find Private key
pks, err := ct11.FindKey(nil, []byte("MyPrivateKeyLabel"))
if err != nil {
log.Fatal("Could not search for private key: ", err)
}
//x509cert
cert, err := tls.X509KeyPair(certificate, []byte(pks))
if err != nil {
log.Fatal("Error on X509Key Pair ", err)
}
The solution is pretty simple. I just need to convert the certificate file (pem crt) into the der format.
cerDer, cr := pem.Decode(certFile) //import "encoding/pem"
After that, we could parse the certificate file:
cert, err := x509.ParseCertificate(cerDer.Bytes)
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.