英文:
How to load DSA PublicKey using go stdlib
问题
我有一个PEM编码的DSA公钥。我需要这个DSA密钥来验证传入的数据。但是我还没有弄清楚如何使用Go加密库加载密钥(我不是加密专家,但从我在网上阅读的内容来看,DSA不再是一个流行的选择)。
我可以将PEM解码为其字节。据我了解,这些字节是DER编码的ASN.1格式。我如何将PEM块放入Go语言的dsa.PublicKey中?
这是一个可运行的示例:http://play.golang.org/p/8Ma2qwhT31
代码如下:
package mainimport "fmt"import "encoding/pem"import "encoding/asn1"import "crypto/dsa"var signingPubKey = []byte(`-----BEGIN PUBLIC KEY-----MIICIDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAgEApSmU3y4DzPhjnpOrdpPscIosWJ4zSV8h02b0abLW6nk7cnb5jSwBZKLrryAlF4vs+cF1mtMYjX0QKtEYq2V6WVDnoXj3BeLYVbhsHuvxYmwXmAkNsSnhMfSCxsck9y6zuNeH0ovzBD90nISIJw+cVAnUt0dzc7YKjBqThHRAvi8HoGZlzB7Ryb8ePSW+Mfr4jcH3Mio5T0OH3HTavN6YzpnohzQo0blwtwEXZOwrNPjQNrSigdPDrtvM32+hLTIJ75Z2NbIRLBjNlwznu7dQAsb/AiPTHXihxCRDm+dH70dps5JfT5Zg9LKsPhANk6fNK3e4wdN89ybQsBaswp9hxzORVD3UiG4LuqP4LMCadjoEazShEiiveeRBgyiFlIldybuPwSq/gUuFveV5JnqttxNG6DnJBlIeYhVlA25XDMjxnJ3w6mi/pZyn9ZR9+hFic7Nm1ra7hRUoigfD/lS33AsDoRLy0xZqCWGRUbkhlo9VjDxo5znjv870Td1/+fp9QzSaESPfFAUBFcykDXIUf1nVeKAkmhkEC9/jGF+VpUsuRV3pjjrLMcuI3+IimfWhWK1C56JJakfT3WB6nwY3A92g4fyVGaWFKfj83tTNL2rzMkfraExPEP+VGesr8b/QMdBlZRR4WEYG3ObD2v/7jgOS2Ol4gq8/QdNejP5J4wsCAQM=-----END PUBLIC KEY-----`)func main() {block, _ := pem.Decode(signingPubKey)if block == nil {fmt.Errorf("expected block to be non-nil", block)return}var pubkey dsa.PublicKey_,err := asn1.Unmarshal(block.Bytes, &pubkey)if (err != nil ){fmt.Errorf("could not unmarshall data: `%s`", err)}fmt.Printf("public key param P: %d\n", pubkey.Parameters.P)fmt.Printf("public key param Q: %d\n", pubkey.Parameters.Q)fmt.Printf("public key param G: %d\n", pubkey.Parameters.G)fmt.Printf("public key Y: %d\n", pubkey.Y)fmt.Printf("done")}
输出对于所有值都是nil,所以显然Unmarshal调用没有达到我想要的效果(或者在管道中的早期阶段出现了问题)。
英文:
I have a PEM encoded DSA public key. I need this DSA key so I can verify incoming data. But I have yet to figure out how to load the key using go crypto library (I am not a crypto expert but from what I'm reading online, DSA is not a popular choice anymore).
I can decode the PEM in to its bytes. Which, from what I understand, are DER-encoded ASN.1. How can I put the PEM blocks in to a golang dsa.PublicKey?
Here's a runnable sample: http://play.golang.org/p/8Ma2qwhT31
The code:
package mainimport "fmt"import "encoding/pem"import "encoding/asn1"import "crypto/dsa"var signingPubKey = []byte(`-----BEGIN PUBLIC KEY-----MIICIDANBgkqhkiG9w0BAQEFAAOCAg0AMIICCAKCAgEApSmU3y4DzPhjnpOrdpPscIosWJ4zSV8h02b0abLW6nk7cnb5jSwBZKLrryAlF4vs+cF1mtMYjX0QKtEYq2V6WVDnoXj3BeLYVbhsHuvxYmwXmAkNsSnhMfSCxsck9y6zuNeH0ovzBD90nISIJw+cVAnUt0dzc7YKjBqThHRAvi8HoGZlzB7Ryb8ePSW+Mfr4jcH3Mio5T0OH3HTavN6YzpnohzQo0blwtwEXZOwrNPjQNrSigdPDrtvM32+hLTIJ75Z2NbIRLBjNlwznu7dQAsb/AiPTHXihxCRDm+dH70dps5JfT5Zg9LKsPhANk6fNK3e4wdN89ybQsBaswp9hxzORVD3UiG4LuqP4LMCadjoEazShEiiveeRBgyiFlIldybuPwSq/gUuFveV5JnqttxNG6DnJBlIeYhVlA25XDMjxnJ3w6mi/pZyn9ZR9+hFic7Nm1ra7hRUoigfD/lS33AsDoRLy0xZqCWGRUbkhlo9VjDxo5znjv870Td1/+fp9QzSaESPfFAUBFcykDXIUf1nVeKAkmhkEC9/jGF+VpUsuRV3pjjrLMcuI3+IimfWhWK1C56JJakfT3WB6nwY3A92g4fyVGaWFKfj83tTNL2rzMkfraExPEP+VGesr8b/QMdBlZRR4WEYG3ObD2v/7jgOS2Ol4gq8/QdNejP5J4wsCAQM=-----END PUBLIC KEY-----`)func main() {block, _ := pem.Decode(signingPubKey)if block == nil {fmt.Errorf("expected block to be non-nil", block)return}var pubkey dsa.PublicKey_,err := asn1.Unmarshal(block.Bytes, &pubkey)if (err != nil ){fmt.Errorf("could not unmarshall data: `%s`", err)}fmt.Printf("public key param P: %d\n", pubkey.Parameters.P)fmt.Printf("public key param Q: %d\n", pubkey.Parameters.Q)fmt.Printf("public key param G: %d\n", pubkey.Parameters.G)fmt.Printf("public key Y: %d\n", pubkey.Y)fmt.Printf("done")}
Which outputs nil for all values, so obviously the Unmarshal call isn't doing what I want (or something is wrong earlier in the pipeline).
答案1
得分: 1
我知道这是一个旧问题,因为没有答案,我也找不到类似的内容,这是我的实现:
pubKeyPath := "./pubKey.pem"pubKeyBytes, err := ioutil.ReadFile(pubKeyPath)if err != nil {fmt.Println("读取文件时出错。错误信息:", err)}pubBlock, _ := pem.Decode(pubKeyBytes)// 这将返回一个 *dsa.PublicKey,但你的 IDE 可能会报错// 说它不是这个类型。pubKey, err := x509.ParsePKIXPublicKey(pubBlock.Bytes)// 所以,进行类型断言:dsaPubKey, ok := pubKey.(*dsa.PublicKey)if !ok {fmt.Println("类型断言失败")}// 使用公钥进行验证type Person struct {email string}// 假设类似的结构体实例被用于签名person := Person{ email: "hello@world.com" }personByteArray, _ := json.Marshal(person)// r 和 s 是签名后得到的值。在这里用它们进行验证fmt.Println(dsa.Verify(dsaPubKey, personByteArray, r, s))
上述实现每次运行代码时都会读取公钥的内容。
如果你正在生成一个可执行文件,并希望在运行 go build 时将公钥的内容嵌入二进制文件中,可以使用 Go 标准库中的 embed 包。
import _ from "embed"//go:embed pubKey.pemvar pubKeyBytes []byte
上述代码片段将在编译时将公钥作为字节加载进来。这样我们就只需要从文件系统中读取一次!
英文:
I know this is an old question, as there has been no answer for this and I couldn't find anything similar, here is my implementation
pubKeyPath := "./pubKey.pem"pubKeyBytes, err := ioutil.ReadFile(pubKeyPath)if err != nil {fmt.Println("Something went wrong when reading the file. Failed with", err)}pubBlock, _ := pem.Decode(pubKeyBytes)// This returns a *dsa.PublicKey, but your IDE might complain// that its not.pubKey, err := x509.ParsePKIXPublicKey(pubBlock.Bytes)// So, type assert:dsaPubKey, ok := pubKey.(*dsa.PublicKey)if !ok {fmt.Println("Failed to type assert")}// Verify something with the Public keytype Person struct {email string}// Assuming that a similar instance of the struct was used for signingperson := Person{ email: "hello@world.com" }personByteArray, _ := json.Marshal(person)// r and s are what you get after signing. Using it here to verifyfmt.Println(dsa.Verify(dsaPubKey, personByteArray, r, s))
The above implementation reads the contents of the public key everytime the code is run.
If you are generating an executable and would like the contents of the public key to be embedded in the binary when you run go build, use the embed package available in go's stdlib
import _ from "embed"//go:embed pubKey.pemvar pubKeyBytes []byte
The above code snippet will load the public key as bytes at compile time. This will enable us to read from the file system only once!
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论