英文:
How to read an RSA key from file
问题
我需要从文件中读取一个RSA私钥来签署JWT。我找到了一些关于如何将生成的RSA密钥保存到磁盘的示例,但没有找到关于如何基于预先生成的密钥从文件构建密钥结构的示例。
生成密钥的方法如下:
<pre>
openssl genrsa 2048 | openssl pkcs8 -topk8 -nocrypt
</pre>
示例密钥:
<pre>
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQClHYNDPVSFFmWF
oKGTqd/n7Dt2+tGXh97KJjVLAqCBZZHlQJ534v2OzFjTgzuMNehD9Y6HnkYFdkRb
QzYi2YDROOzRl1bhyyWPA35OGf50r7LiNvSvNPNtswsCuK7ywOcH0yEMKSiW4q5R
GKYi42w961EcTQQPrfihavY+c2FYPv4+pXymzaIz9hGBPLHwaHq/QTAyHxPCfkOo
s/x3mxUVd7Ni2bz1VJGlyqcNEeU88wTAYMmv8oQ3y2NfKExtYn+W6TCDiq/+ZkOp
wacuAU0J7tCNgcXvkq39KH5uza2uSiTniye6uhlkvYWD3s9riIIiekTEiHk/kkc6
jMg8HN/7AgMBAAECggEBAJ12u8vQHV6esUrymaTdCG+BVmRtZpyA ...
-----END RSA PRIVATE KEY-----
</pre>
英文:
I need to read in an RSA private key from a file to sign a JWT. I have found some examples on how to save a generated RSA key to disk but nothing showing how to build a key struct based on a pre-generated key from a file.
The key is generated like this:
<pre>
openssl genrsa 2048 | openssl pkcs8 -topk8 -nocrypt
</pre>
Example key:
<pre>
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQClHYNDPVSFFmWF
oKGTqd/n7Dt2+tGXh97KJjVLAqCBZZHlQJ534v2OzFjTgzuMNehD9Y6HnkYFdkRb
QzYi2YDROOzRl1bhyyWPA35OGf50r7LiNvSvNPNtswsCuK7ywOcH0yEMKSiW4q5R
GKYi42w961EcTQQPrfihavY+c2FYPv4+pXymzaIz9hGBPLHwaHq/QTAyHxPCfkOo
s/x3mxUVd7Ni2bz1VJGlyqcNEeU88wTAYMmv8oQ3y2NfKExtYn+W6TCDiq/+ZkOp
wacuAU0J7tCNgcXvkq39KH5uza2uSiTniye6uhlkvYWD3s9riIIiekTEiHk/kkc6
jMg8HN/7AgMBAAECggEBAJ12u8vQHV6esUrymaTdCG+BVmRtZpyA ...
-----END RSA PRIVATE KEY-----
</pre>
答案1
得分: 65
pem.Decode 和 x509.ParsePKCS1PrivateKey 的组合可以解决问题:
package mainimport ("crypto/x509""encoding/pem""fmt")func main() {pemString := `-----BEGIN RSA PRIVATE KEY-----MIICXQIBAAKBgQDLets8+7M+iAQAqN/5BVyCIjhTQ4cmXulL+gm3v0oGMWzLupUSv8KPA+Tp7dgC/DZPfMLaNH1obBBhJ9DhS6RdS3AS3kzeFrdu8zFHLWF53DUBhS925dCAEuJpDnNizdEhxTfoHrhuCmz8l2nt1pe5eUK2XWgd08Uc93h5ij098wIDAQABAoGAHLaZeWGLSaen6O/rqxg2laZ+jEFbMO7zvOTruiIkL/uJfrY1kw+8RLIn+1q0wLcWcuEIHgKKL9IP/aXAtAoYh1FBvRPLkovF1NZB0Je/+CSGka6wvc3TGdvppZJerKNcUvuOYLxkmLy4g9zuY5qrxFyhtIn2qZzXEtLaVOHzPQECQQDvN0mSajpU7dTBw4jwx7IRXGSSx65c+AsHSc1Rj++9qtPC6WsFgAfFN2CEmqhMbEUVGPv/aPjdyWk9pyLE9xR/AkEA2cGwyIunijE5v2rlZAD7C4vRgdcMyCf3uuPcgzFtsR6ZhyQSgLZ8YRPuvwm4cdPJMmO3YwBfxT6XGuSc2k8MjQJBAI0+b8prvpV2+DCQa8L/pjxp+VhRXrq2GozrHrgR7NRokTB88hwFRJFF6U9iogy9wOx8HA7qxEbwLZuhm/4AhbECQC2ad8h4Ht09E+f3nhTEc87mODkl7WJZpHL6V2sORfeq/eIkds+H6CJ4hy5w/bSw8tjfsz9Di8sGIaUbLZI2rd0CQQCzlVwEtRtoNCyMJTTrkgUuNufLP19RZ5FpyXxBO5/uQastnN77KfUwdj3SJt44U/uh1jAIv4oSLBr8HYUkbnI8-----END RSA PRIVATE KEY-----`block, _ := pem.Decode([]byte(pemString))key, _ := x509.ParsePKCS1PrivateKey(block.Bytes)fmt.Println(key.N)}
如果你手头的是一个 PKCS#8 编码的密钥,你可以使用以下代码:
func main() {pemString := `-----BEGIN PRIVATE KEY-----MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAKhPSTDs4cpKfnMcp86fCkpnuER7bGc+mGkhkw6bE+BnROfrDCFBSjrENLS5JcsenANQ1kYGt9iVW2fdZAWUdDoj+t7g6+fDpzY1BzPSUls421Dmu7joDPY8jSdMzFCeg7Lyj0I36bJJ7ooDVPW6Q0XQcb8FfBiFPAKuY4elj/YDAgMBAAECgYBo2GMWmCmbM0aL/KjH/KiTawMNnfkMY6DbtK9/5LjADHSPKAt5V8ueygSvI7rYSiwToLKqEptJztiO3gnls/GmFzj1V/QEvFs6Ux3b0hD2SGpGy1m6NWWoAFlMISRkNiAxo+AMdCi4I1hpk4+bHr9VO2BvV0zKFxmgn1R8qAR+4QJBANqKxJ/qJ5+lyPuDYf5s+gkZWjCLTC7hPxIJQByDLICwiEnqcn0n9Gslk5ngJIGQcKBXIp5i0jWSdKN/hLxwgHECQQDFKGmo8niLzEJ5sa1rspww8Hc2aJM0pBwceshT8ZgVPnpgmITU1ENsKpJ+y1RTjZD6N0aj9gS9UB/UXdTrHBezAkEAqkDRTYOtusH9AXQpM3zSjaQijw72Gs9/wx1RxOSsFtVwV6U97CLkV1S+2HG1/vn3w/IeFiYGfZXLKFR/pA5BAQJAbFeu6IaGM9yFUzaOZDZ8mnAqMp349t6QDB5045xJxLLWsSpfJE2Y12H1qvO1XUzYNIgXq5ZQOHBFbYA6txBy/QJBAKDRQN476YClq9652X+1lYIY/h8MxKiXpVZVncXRgY6pbj4pmWEAM88jra9Wq6R77ocyECziXCqi18A/sl6ymWc=-----END PRIVATE KEY-----`block, _ := pem.Decode([]byte(pemString))parseResult, _ := x509.ParsePKCS8PrivateKey(block.Bytes)key := parseResult.(*rsa.PrivateKey)fmt.Println(key.N)}
英文:
A combination of pem.Decode and x509.ParsePKCS1PrivateKey should do the trick:
package mainimport ("crypto/x509""encoding/pem""fmt")func main() {pemString := `-----BEGIN RSA PRIVATE KEY-----MIICXQIBAAKBgQDLets8+7M+iAQAqN/5BVyCIjhTQ4cmXulL+gm3v0oGMWzLupUSv8KPA+Tp7dgC/DZPfMLaNH1obBBhJ9DhS6RdS3AS3kzeFrdu8zFHLWF53DUBhS925dCAEuJpDnNizdEhxTfoHrhuCmz8l2nt1pe5eUK2XWgd08Uc93h5ij098wIDAQABAoGAHLaZeWGLSaen6O/rqxg2laZ+jEFbMO7zvOTruiIkL/uJfrY1kw+8RLIn+1q0wLcWcuEIHgKKL9IP/aXAtAoYh1FBvRPLkovF1NZB0Je/+CSGka6wvc3TGdvppZJerKNcUvuOYLxkmLy4g9zuY5qrxFyhtIn2qZzXEtLaVOHzPQECQQDvN0mSajpU7dTBw4jwx7IRXGSSx65c+AsHSc1Rj++9qtPC6WsFgAfFN2CEmqhMbEUVGPv/aPjdyWk9pyLE9xR/AkEA2cGwyIunijE5v2rlZAD7C4vRgdcMyCf3uuPcgzFtsR6ZhyQSgLZ8YRPuvwm4cdPJMmO3YwBfxT6XGuSc2k8MjQJBAI0+b8prvpV2+DCQa8L/pjxp+VhRXrq2GozrHrgR7NRokTB88hwFRJFF6U9iogy9wOx8HA7qxEbwLZuhm/4AhbECQC2ad8h4Ht09E+f3nhTEc87mODkl7WJZpHL6V2sORfeq/eIkds+H6CJ4hy5w/bSw8tjfsz9Di8sGIaUbLZI2rd0CQQCzlVwEtRtoNCyMJTTrkgUuNufLP19RZ5FpyXxBO5/uQastnN77KfUwdj3SJt44U/uh1jAIv4oSLBr8HYUkbnI8-----END RSA PRIVATE KEY-----`block, _ := pem.Decode([]byte(pemString))key, _ := x509.ParsePKCS1PrivateKey(block.Bytes)fmt.Println(key.N)}
If what you are sitting on is a PKCS#8 encoded key, instead you would do something like the following:
func main() {pemString := `-----BEGIN PRIVATE KEY-----MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAKhPSTDs4cpKfnMcp86fCkpnuER7bGc+mGkhkw6bE+BnROfrDCFBSjrENLS5JcsenANQ1kYGt9iVW2fdZAWUdDoj+t7g6+fDpzY1BzPSUls421Dmu7joDPY8jSdMzFCeg7Lyj0I36bJJ7ooDVPW6Q0XQcb8FfBiFPAKuY4elj/YDAgMBAAECgYBo2GMWmCmbM0aL/KjH/KiTawMNnfkMY6DbtK9/5LjADHSPKAt5V8ueygSvI7rYSiwToLKqEptJztiO3gnls/GmFzj1V/QEvFs6Ux3b0hD2SGpGy1m6NWWoAFlMISRkNiAxo+AMdCi4I1hpk4+bHr9VO2BvV0zKFxmgn1R8qAR+4QJBANqKxJ/qJ5+lyPuDYf5s+gkZWjCLTC7hPxIJQByDLICwiEnqcn0n9Gslk5ngJIGQcKBXIp5i0jWSdKN/hLxwgHECQQDFKGmo8niLzEJ5sa1rspww8Hc2aJM0pBwceshT8ZgVPnpgmITU1ENsKpJ+y1RTjZD6N0aj9gS9UB/UXdTrHBezAkEAqkDRTYOtusH9AXQpM3zSjaQijw72Gs9/wx1RxOSsFtVwV6U97CLkV1S+2HG1/vn3w/IeFiYGfZXLKFR/pA5BAQJAbFeu6IaGM9yFUzaOZDZ8mnAqMp349t6QDB5045xJxLLWsSpfJE2Y12H1qvO1XUzYNIgXq5ZQOHBFbYA6txBy/QJBAKDRQN476YClq9652X+1lYIY/h8MxKiXpVZVncXRgY6pbj4pmWEAM88jra9Wq6R77ocyECziXCqi18A/sl6ymWc=-----END PRIVATE KEY-----`block, _ := pem.Decode([]byte(pemString))parseResult, _ := x509.ParsePKCS8PrivateKey(block.Bytes)key := parseResult.(*rsa.PrivateKey)fmt.Println(key.N)}
答案2
得分: 3
有一个有用的函数ssh.ParseRawPrivateKey,它已经实现了一些所需的逻辑。我建议在此基础上进行构建,特别是如果您的密钥用作SSH密钥,就像在我的情况下一样。
import ("os""crypto/rsa""golang.org/x/crypto/ssh""io/ioutil")func mustNot(err error) {if err != nil {panic(err)}}func loadRsaPrivateKey() *rsa.PrivateKey {bytes, err := ioutil.ReadFile(os.Getenv("HOME") + "/.ssh/id_rsa")mustNot(err)key, err := ssh.ParseRawPrivateKey(bytes)mustNot(err)return key.(*rsa.PrivateKey)}
英文:
There is a helpful function ssh.ParseRawPrivateKey which already implements some of the required logic. I suggest building upon it, especially if your key is used as a SSH key, which in my case it is.
import ("os""crypto/rsa""golang.org/x/crypto/ssh""io/ioutil")func mustNot(err error) {if err != nil {panic(err)}}func loadRsaPrivateKey() *rsa.PrivateKey {bytes, err := ioutil.ReadFile(os.Getenv("HOME") + "/.ssh/id_rsa")mustNot(err)key, err := ssh.ParseRawPrivateKey(bytes)mustNot(err)return key.(*rsa.PrivateKey)}
答案3
得分: 1
这是一个完整的示例,包括私钥和公钥的pem文件:
import ("crypto/rand""crypto/rsa""crypto/x509""encoding/pem""io/ioutil""log")func RSAConfigSetup(rsaPrivateKeyLocation, privatePassphrase, rsaPublicKeyLocation string) (*rsa.PrivateKey, error) {if rsaPrivateKeyLocation == "" {log.Println("未提供RSA密钥,生成临时密钥")return GenRSA(4096)}priv, err := ioutil.ReadFile(rsaPrivateKeyLocation)if err != nil {log.Println("未找到RSA私钥,生成临时密钥")return GenRSA(4096)}privPem, _ := pem.Decode(priv)if privPem.Type != "RSA PRIVATE KEY" {log.Println("RSA私钥类型错误", privPem.Type)}if x509.IsEncryptedPEMBlock(privPem) && privatePassphrase == "" {log.Println("需要密码来打开私钥pem文件")return GenRSA(4096)}var privPemBytes []byteif privatePassphrase != "" {privPemBytes, err = x509.DecryptPEMBlock(privPem, []byte(privatePassphrase))} else {privPemBytes = privPem.Bytes}var parsedKey interface{}//PKCS1if parsedKey, err = x509.ParsePKCS1PrivateKey(privPemBytes); err != nil {//如果你手上的是PKCS#8编码的密钥if parsedKey, err = x509.ParsePKCS8PrivateKey(privPemBytes); err != nil { // 注意这里返回的是`interface{}`log.Println("无法解析RSA私钥,生成临时密钥", err)return GenRSA(4096)}}var privateKey *rsa.PrivateKeyvar ok boolprivateKey, ok = parsedKey.(*rsa.PrivateKey)if !ok {log.Println("无法解析RSA私钥,生成临时密钥", err)return GenRSA(4096)}pub, err := ioutil.ReadFile(rsaPublicKeyLocation)if err != nil {log.Println("未找到RSA公钥,生成临时密钥")return GenRSA(4096)}pubPem, _ := pem.Decode(pub)if pubPem == nil {log.Println("使用 `ssh-keygen -f id_rsa.pub -e -m pem > id_rsa.pem` 生成RSA公钥的pem编码 - RSA公钥不是pem格式")return GenRSA(4096)}if pubPem.Type != "RSA PUBLIC KEY" {log.Println("RSA公钥类型错误", pubPem.Type)return GenRSA(4096)}if parsedKey, err = x509.ParsePKIXPublicKey(pubPem.Bytes); err != nil {log.Println("无法解析RSA公钥,生成临时密钥", err)return GenRSA(4096)}var pubKey *rsa.PublicKeyif pubKey, ok = parsedKey.(*rsa.PublicKey); !ok {log.Println("无法解析RSA公钥,生成临时密钥", err)return GenRSA(4096)}privateKey.PublicKey = *pubKeyreturn privateKey, nil}// GenRSA 返回一个长度为bits的新RSA密钥func GenRSA(bits int) (*rsa.PrivateKey, error) {key, err := rsa.GenerateKey(rand.Reader, bits)return key, err}
这是一个用于设置RSA配置的函数,它可以根据提供的私钥和公钥文件路径以及私钥密码来生成RSA私钥。如果未提供私钥文件或无法解析私钥文件,则会生成一个临时的RSA私钥。函数还会读取公钥文件并将其与私钥关联起来。最后,函数返回生成的RSA私钥。
另外,还有一个名为GenRSA的函数,用于生成指定位数的RSA密钥对。
英文:
Here's a full example for both private and public pem files:
import ("crypto/rand""crypto/rsa""crypto/x509""encoding/pem""io/ioutil""log")func RSAConfigSetup(rsaPrivateKeyLocation, privatePassphrase, rsaPublicKeyLocation string) (*rsa.PrivateKey, error) {if rsaPrivateKeyLocation == "" {log.Println("No RSA Key given, generating temp one")return GenRSA(4096)}priv, err := ioutil.ReadFile(rsaPrivateKeyLocation)if err != nil {log.Println("No RSA private key found, generating temp one")return GenRSA(4096)}privPem, _ := pem.Decode(priv)if privPem.Type != "RSA PRIVATE KEY" {log.Println("RSA private key is of the wrong type", privPem.Type)}if x509.IsEncryptedPEMBlock(privPem) && privatePassphrase == "" {log.Println("Passphrase is required to open private pem file")return GenRSA(4096)}var privPemBytes []byteif privatePassphrase != "" {privPemBytes, err = x509.DecryptPEMBlock(privPem, []byte(privatePassphrase))} else {privPemBytes = privPem.Bytes}var parsedKey interface{}//PKCS1if parsedKey, err = x509.ParsePKCS1PrivateKey(privPemBytes); err != nil {//If what you are sitting on is a PKCS#8 encoded keyif parsedKey, err = x509.ParsePKCS8PrivateKey(privPemBytes); err != nil { // note this returns type `interface{}`log.Println("Unable to parse RSA private key, generating a temp one", err)return GenRSA(4096)}}var privateKey *rsa.PrivateKeyvar ok boolprivateKey, ok = parsedKey.(*rsa.PrivateKey)if !ok {log.Println("Unable to parse RSA private key, generating a temp one", err)return GenRSA(4096)}pub, err := ioutil.ReadFile(rsaPublicKeyLocation)if err != nil {log.Println("No RSA public key found, generating temp one")return GenRSA(4096)}pubPem, _ := pem.Decode(pub)if pubPem == nil {log.Println("Use `ssh-keygen -f id_rsa.pub -e -m pem > id_rsa.pem` to generate the pem encoding of your RSA public key - rsa public key not in pem format")return GenRSA(4096)}if pubPem.Type != "RSA PUBLIC KEY" {log.Println("RSA public key is of the wrong type", pubPem.Type)return GenRSA(4096)}if parsedKey, err = x509.ParsePKIXPublicKey(pubPem.Bytes); err != nil {log.Println("Unable to parse RSA public key, generating a temp one", err)return GenRSA(4096)}var pubKey *rsa.PublicKeyif pubKey, ok = parsedKey.(*rsa.PublicKey); !ok {log.Println("Unable to parse RSA public key, generating a temp one", err)return GenRSA(4096)}privateKey.PublicKey = *pubKeyreturn privateKey, nil}// GenRSA returns a new RSA key of bits lengthfunc GenRSA(bits int) (*rsa.PrivateKey, error) {key, err := rsa.GenerateKey(rand.Reader, bits)return key, err}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论