英文:
Save and load crypto/rsa PrivateKey to and from the disk
问题
我正在使用crypto/rsa,并尝试找到一种正确保存和加载密钥的方法。是否有一种正确的方法可以从rsa.PrivateKey创建一个[]byte?如果是这样,是否有一种正确的方法可以为rsa.PublicKey做到这一点?
非常感谢大家。
英文:
I'm using crypto/rsa, and trying to find a way to properly save and load a key. Is there a correct way to create a []byte from an rsa.PrivateKey. If so, is there a way to properly do so for an rsa.PublicKey?
Thank you all very much.
答案1
得分: 99
你需要一种格式来将密钥编组。Go标准库支持的一种格式可以在这里找到:http://golang.org/pkg/crypto/x509/#MarshalPKCS1PrivateKey
func MarshalPKCS1PrivateKey(key *rsa.PrivateKey) []byte
逆函数是http://golang.org/pkg/crypto/x509/#ParsePKCS1PrivateKey。
func ParsePKCS1PrivateKey(der []byte) (key *rsa.PrivateKey, err error)
然而,将编组的密钥编码为PEM文件是相对标准的做法。
pemdata := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY",Bytes: x509.MarshalPKCS1PrivateKey(key),},)
你可以在这里找到一个完整的示例:这里。
英文:
You need some sort of format to marshal the key into. One format supported by the Go standard library can be found here: http://golang.org/pkg/crypto/x509/#MarshalPKCS1PrivateKey
func MarshalPKCS1PrivateKey(key *rsa.PrivateKey) []byte
The inverse function is http://golang.org/pkg/crypto/x509/#ParsePKCS1PrivateKey.
func ParsePKCS1PrivateKey(der []byte) (key *rsa.PrivateKey, err error)
However, it is relatively standard to encode the marshaled key into a PEM file.
pemdata := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY",Bytes: x509.MarshalPKCS1PrivateKey(key),},)
You can find a full example here.
答案2
得分: 66
这是一个代码片段,展示了公钥和私钥的导入和导出。它基于其他非常有用的答案,以及官方文档的复制粘贴。
package mainimport ("crypto/rand""crypto/rsa""crypto/x509""encoding/pem""errors""fmt")func GenerateRsaKeyPair() (*rsa.PrivateKey, *rsa.PublicKey) {privkey, _ := rsa.GenerateKey(rand.Reader, 4096)return privkey, &privkey.PublicKey}func ExportRsaPrivateKeyAsPemStr(privkey *rsa.PrivateKey) string {privkey_bytes := x509.MarshalPKCS1PrivateKey(privkey)privkey_pem := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY",Bytes: privkey_bytes,},)return string(privkey_pem)}func ParseRsaPrivateKeyFromPemStr(privPEM string) (*rsa.PrivateKey, error) {block, _ := pem.Decode([]byte(privPEM))if block == nil {return nil, errors.New("failed to parse PEM block containing the key")}priv, err := x509.ParsePKCS1PrivateKey(block.Bytes)if err != nil {return nil, err}return priv, nil}func ExportRsaPublicKeyAsPemStr(pubkey *rsa.PublicKey) (string, error) {pubkey_bytes, err := x509.MarshalPKIXPublicKey(pubkey)if err != nil {return "", err}pubkey_pem := pem.EncodeToMemory(&pem.Block{Type: "RSA PUBLIC KEY",Bytes: pubkey_bytes,},)return string(pubkey_pem), nil}func ParseRsaPublicKeyFromPemStr(pubPEM string) (*rsa.PublicKey, error) {block, _ := pem.Decode([]byte(pubPEM))if block == nil {return nil, errors.New("failed to parse PEM block containing the key")}pub, err := x509.ParsePKIXPublicKey(block.Bytes)if err != nil {return nil, err}switch pub := pub.(type) {case *rsa.PublicKey:return pub, nildefault:break // fall through}return nil, errors.New("Key type is not RSA")}func main() {// 创建密钥对priv, pub := GenerateRsaKeyPair()// 导出密钥为pem字符串priv_pem := ExportRsaPrivateKeyAsPemStr(priv)pub_pem, _ := ExportRsaPublicKeyAsPemStr(pub)// 从pem字符串导入密钥priv_parsed, _ := ParseRsaPrivateKeyFromPemStr(priv_pem)pub_parsed, _ := ParseRsaPublicKeyFromPemStr(pub_pem)// 导出新导入的密钥priv_parsed_pem := ExportRsaPrivateKeyAsPemStr(priv_parsed)pub_parsed_pem, _ := ExportRsaPublicKeyAsPemStr(pub_parsed)fmt.Println(priv_parsed_pem)fmt.Println(pub_parsed_pem)// 检查导出/导入的密钥是否与原始密钥匹配if priv_pem != priv_parsed_pem || pub_pem != pub_parsed_pem {fmt.Println("Failure: Export and Import did not result in same Keys")} else {fmt.Println("Success")}}
英文:
Here's code snippet that shows the import and export of both public and private keys. It's based on the other answers which were super helpful, as well as copy-pasta from the official docs.
package mainimport ("crypto/rand""crypto/rsa""crypto/x509""encoding/pem""errors""fmt")func GenerateRsaKeyPair() (*rsa.PrivateKey, *rsa.PublicKey) {privkey, _ := rsa.GenerateKey(rand.Reader, 4096)return privkey, &privkey.PublicKey}func ExportRsaPrivateKeyAsPemStr(privkey *rsa.PrivateKey) string {privkey_bytes := x509.MarshalPKCS1PrivateKey(privkey)privkey_pem := pem.EncodeToMemory(&pem.Block{Type: "RSA PRIVATE KEY",Bytes: privkey_bytes,},)return string(privkey_pem)}func ParseRsaPrivateKeyFromPemStr(privPEM string) (*rsa.PrivateKey, error) {block, _ := pem.Decode([]byte(privPEM))if block == nil {return nil, errors.New("failed to parse PEM block containing the key")}priv, err := x509.ParsePKCS1PrivateKey(block.Bytes)if err != nil {return nil, err}return priv, nil}func ExportRsaPublicKeyAsPemStr(pubkey *rsa.PublicKey) (string, error) {pubkey_bytes, err := x509.MarshalPKIXPublicKey(pubkey)if err != nil {return "", err}pubkey_pem := pem.EncodeToMemory(&pem.Block{Type: "RSA PUBLIC KEY",Bytes: pubkey_bytes,},)return string(pubkey_pem), nil}func ParseRsaPublicKeyFromPemStr(pubPEM string) (*rsa.PublicKey, error) {block, _ := pem.Decode([]byte(pubPEM))if block == nil {return nil, errors.New("failed to parse PEM block containing the key")}pub, err := x509.ParsePKIXPublicKey(block.Bytes)if err != nil {return nil, err}switch pub := pub.(type) {case *rsa.PublicKey:return pub, nildefault:break // fall through}return nil, errors.New("Key type is not RSA")}func main() {// Create the keyspriv, pub := GenerateRsaKeyPair()// Export the keys to pem stringpriv_pem := ExportRsaPrivateKeyAsPemStr(priv)pub_pem, _ := ExportRsaPublicKeyAsPemStr(pub)// Import the keys from pem stringpriv_parsed, _ := ParseRsaPrivateKeyFromPemStr(priv_pem)pub_parsed, _ := ParseRsaPublicKeyFromPemStr(pub_pem)// Export the newly imported keyspriv_parsed_pem := ExportRsaPrivateKeyAsPemStr(priv_parsed)pub_parsed_pem, _ := ExportRsaPublicKeyAsPemStr(pub_parsed)fmt.Println(priv_parsed_pem)fmt.Println(pub_parsed_pem)// Check that the exported/imported keys match the original keysif priv_pem != priv_parsed_pem || pub_pem != pub_parsed_pem {fmt.Println("Failure: Export and Import did not result in same Keys")} else {fmt.Println("Success")}}
答案3
得分: 30
由于您的问题中的公钥部分没有得到回答,而我刚好遇到了同样的问题并解决了它,所以在这里是解决方法:
请注意MarshalPKIXPublicKey参数前面的&
Priv := rsa.GenerateKey(rand.Reader, 4096)pubASN1, err := x509.MarshalPKIXPublicKey(&Priv.PublicKey)if err != nil {// 处理错误}pubBytes := pem.EncodeToMemory(&pem.Block{Type: "RSA PUBLIC KEY",Bytes: pubASN1,})ioutil.WriteFile("key.pub", pubBytes, 0644)
相关阅读:
- MarshalPKIXPublicKey(pub interface{}) ([]byte, error) godoc
- EncodeToMemory(b *Block) []byte godoc
- Block godoc
PS: MarshalPKIXPublicKey也接受ECDSA密钥,根据需要调整pem头部。
英文:
Since the public key part of your question wasn't answered and I just ran into the same problem and solved it, here it is:
Note the & in front of the Argument to MarshalPKIXPublicKey
Priv := rsa.GenerateKey(rand.Reader, 4096)pubASN1, err := x509.MarshalPKIXPublicKey(&Priv.PublicKey)if err != nil {// do something about it}pubBytes := pem.EncodeToMemory(&pem.Block{Type: "RSA PUBLIC KEY",Bytes: pubASN1,})ioutil.WriteFile("key.pub", pubBytes, 0644)
Relevant reads:
- MarshalPKIXPublicKey(pub interface{}) ([]byte, error) godoc
- EncodeToMemory(b *Block) []byte godoc
- Block godoc
PS: MarshalPKIXPublicKey also accepts ECDSA keys, ajust the pem header appropriately.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论