在Go语言中生成X.509证书时出现错误。

huangapple go评论78阅读模式
英文:

Error generating X.509 certificate in Go

问题

我是你的中文翻译助手,以下是你要翻译的内容:

我是新手使用Go语言,我正在尝试使用以下代码生成一个X.509证书:

cert, err := x509.CreateCertificate(
	random,
	&certTemplate,
	cert,
	publicKey,
	privateKey
)

其中,publicKey变量的类型为interface{},并且是通过调用x509.ParsePKIXPublicKey(bytes)函数得到的结果。

我遇到的错误是:

x509: 只支持RSA和ECDSA公钥

我得出的结论是,这是因为将publicKey作为interface{}类型传递给x509.CreateCertificate函数,导致它与该函数内部的类型判断不匹配。我尝试使用相同的结果将&publicKey传递给函数,但是仍然得到相同的错误。我还尝试使用publicKey进行类型断言,像这样:

var pk *ecdsa.PublicKey
pk = publicKey.(*ecdsa.PublicKey)

cert, err := x509.CreateCertificate(
	random,
	&certTemplate,
	cert,
	pk,
	privateKey
)

但是,然后我得到了这个错误:panic: 接口转换: interface {}是nil,而不是*ecdsa.PublicKey 如果我将&pk作为参数传递也会出现相同的错误。

这是我生成公钥的方法:

// 生成密钥对
curve := elliptic.P384()
privateKey := new(ecdsa.PrivateKey)
privateKey, err := ecdsa.GenerateKey(curve, rand.Reader)
publicKey := &privateKey.PublicKey

// 为了使用protobuf进行通信,从公钥中获取字节
publicKeyBytes, err := x509.MarshalPKIXPublicKey(publicKey)

// 进行protobuf通信

receivedPublicKey, err := x509.ParsePKIXPublicKey(publicKeyBytes)

// 在这里进行公钥验证(验证成功)
// 填充X.509模板

// 创建证书
certificate, err := x509.CreateCertificate(
	random,
	&certificateTemplate,
	certificate,
	receivedPublicKey,
	privateKey,
)

如果有人能指导我正确的方向或者知道如何解决这个问题,将非常有帮助。提前感谢!

英文:

I'm new using Go and I'm trying to generate an X.509 certificate using this code:

cert, err := x509.CreateCertificate(
	random,
	&certTemplate,
	cert,
	publicKey,
	privateKey
)

where the publicKey variable is typed as interface{} and it is the result of calling x509.ParsePKIXPublicKey(bytes).

The error I'm having is:

x509: only RSA and ECDSA public keys supported

I arrived to the conclusion that this is a consequence of passing the publicKey typed as interface{} to the x509.CreateCertificate function, since it doesn't match the type switch inside that function. I tried passing &publicKey with the same result. I also tried doing a type assertion using the publicKey, like this:

var pk *ecdsa.PublicKey
pk = publicKey.(*ecdsa.PublicKey)

cert, err := x509.CreateCertificate(
	random,
	&certTemplate,
	cert,
	pk,
	privateKey
)

but then I get this error: *panic: interface conversion: interface {} is nil, not ecdsa.PublicKey The same error occurs if I pass &pk as a parameter.

This is how I generate the public key:

// Generate key pair
curve := elliptic.P384()
privateKey := new(ecdsa.PrivateKey)
privateKey, err := ecdsa.GenerateKey(curve, rand.Reader)
publicKey := &privatekey.PublicKey

// Obtain bytes from public key for communication using protobuf
publicKeyBytes, err := x509.MarshalPKIXPublicKey(publicKey)

// Protobuf communication takes place here

receivedPublicKey, err := x509.ParsePKIXPublicKey(publicKeyBytes)

// verification of public key here (the verification ends successfully)
// populate X.509 template

// create certificate
certificate, err := x509.CreateCertificate(
	random,
	&certificateTemplate,
	certificate,
	receivedPublicKey,
	privateKey,
)

If someone can point me in the right direction or knows how to solve this issue it will be really helpful. Thanks in advance!

答案1

得分: 3

我明白了,你想要翻译的内容如下:

我通过以下方式使其工作:

// 生成密钥对
curve := elliptic.P384()
//privateKey := new(ecdsa.PrivateKey)
privateKey, err := ecdsa.GenerateKey(curve, rand.Reader)
publicKey := &privateKey.PublicKey

其余部分与你所写的完全相同,请尝试复制并使其工作。

英文:

I got it to work doing something like this:

// Generate key pair
curve := elliptic.P384()
//privateKey := new(ecdsa.PrivateKey)
privateKey, err := ecdsa.GenerateKey(curve, rand.Reader)
publicKey := &privateKey.PublicKey

And the rest as exactly what you wrote, see if you can mirror this and make it work.

答案2

得分: 2

crypto/tls包中包含一个名为generate_cert.go的文件,展示了生成自签名证书的正确和惯用方式。

你可以在这里找到它:
https://golang.org/src/crypto/tls/generate_cert.go

或者通过浏览你安装Go的文件系统位置中的tls包目录中的文件来找到它。

有许多事情应该正确处理,而不是列举它们所有,阅读、运行、修改和理解该代码是掌握在生成证书时如何使用加密包的最佳方式。

特别要注意将公钥和私钥传递给x509.CreateCertificate函数时要小心。在加密包中,密钥的类型是interface{},这会将编译时类型检查转换为运行时类型检查,可能会带来一些危险。

英文:

The crypto/tls package contains a file called generate_cert.go which shows the proper and idiomatic way to generate a self signed certificate.

You can find it here:
https://golang.org/src/crypto/tls/generate_cert.go

Or by browsing the files in the tls package directory in the filesystem location where you installed Go.

There are a number of things that should be done correctly and short of enumerating them all, reading, running, modifying and understanding that code is the best way to get to grips with how to use the crypto packages when generating certs.

In particular be careful of what you pass in to the x509.CreateCertificate function as the public and private keys. In the crypto packages keys are of the interface{} type which happily and dangerously turns compile time type checks into runtime type checks.

huangapple
  • 本文由 发表于 2015年11月19日 04:25:01
  • 转载请务必保留本文链接:https://go.coder-hub.com/33789680.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定