GO RSA 加载公钥

huangapple go评论96阅读模式
英文:

GO RSA load public key

问题

你好,我可以帮你翻译这段代码。以下是翻译好的内容:

你好,我想知道如何在Go语言中通过字符串加载RSA公钥?我已经阅读了一些文档,但是我无法弄清楚如何加载它。我不想通过PEM格式加载,我想通过以下格式加载:

-----BEGIN PUBLIC KEY-----
KEY
-----END PUBLIC KEY-----

我正在尝试使用rsa.EncryptOAEP函数,但是我需要公钥参数,但是我不知道如何获取它。

func main() {
	pubPem, err := pem.Decode([]byte("KEY"))
	if err != nil {
		fmt.Println(string(err))
		return
	}
	if pubPem.Type != "RSA PUBLIC KEY" {
		fmt.Println("not rsa?")
	}
}

我尝试了这个方法,但是它不起作用,我认为是因为使用了pem.Decode函数。

英文:

Hello i was wondering how i could load a RSA public key via a string in GO? I've read a few docs but i cant figure out how i could go about loading it? I don't wanna load via PEM i wanna load via the

-----BEGIN PUBLIC KEY-----
KEY
-----END PUBLIC KEY-----

Im trying to use rsa.EncryptOAEP but i need the public key parameter but i cant figure out how todo it.

func main() {
	pubPem, err := pem.Decode([]byte("KEY"))
	if err != nil {
		fmt.Println(string(err))
		return
	}
	if pubPem.Type != "RSA PUBLIC KEY" {
		fmt.Println("not rsa?")
	}
}

Ive tried this but it doesnt work because its pem.Decode (i think)

答案1

得分: 5

如已在评论中描述的那样,发布的密钥是PEM编码的。你可能对某些内容感到困惑。KEY 部分是经过Base64编码的DER编码密钥,每64个字符后带有换行符。如果只有这部分内容,最简单的方法是添加头部和尾部。pem.Decode() 函数即使在正文中没有换行符也可以工作,只要头部和尾部在单独的行中。

从头部/尾部行可以推断出这是一个X.509/SPKI格式的公钥。导入此格式的密钥由 ParsePKIXPublicKey() 函数支持。

如果要使用OAEP作为填充方式,必须为加密指定OAEP参数。对于解密,必须使用相同的参数,否则解密将失败。

OAEP使用两个摘要函数,一个用于哈希标签,一个用于掩码生成函数MGF1。RFC8017 允许独立选择这两个摘要函数。然而,Go目前不支持这一点,即两个摘要函数必须选择相同。此外,OAEP使用一个默认为空的标签(出于兼容性原因不应更改)。

以下代码展示了导入X.509/SPKI密钥并使用SHA256作为摘要进行OAEP加密的示例(为简单起见,省略了异常处理):

import (
	"crypto/rand"
	"crypto/rsa"
	"crypto/sha256"
	"crypto/x509"
	"encoding/pem"
)

...

// X.509 SPKI key, PEM encoded
var spkiPem = `-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZ67dtUTLxoXnNEzRBFB
mwukEJGC+y69cGgpNbtElQj3m4Aft/7cu9qYbTNguTSnCDt7uovZNb21u1vpZwKH
yVgFEGO4SA8RNnjhJt2D7z8RDMWX3saody7jo9TKlrPABLZGo2o8vadW8Dly/v+I
d0YDheCkVCoCEeUjQ8koXZhTwhYkGPu+vkdiqX5cUaiVTu1uzt591aO5Vw/hV4DI
hFKnOTnYXnpXiwRwtPyYoGTa64yWfi2t0bv99qz0BgDjQjD0civCe8LRXGGhyB1U
1aHjDDGEnulTYJyEqCzNGwBpzEHUjqIOXElFjt55AFGpCHAuyuoXoP3gQvoSj6RC
sQIDAQAB
-----END PUBLIC KEY-----`

/*
//Works also:
var spkiPem = `-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZ67dtUTLxoXnNEzRBFBmwukEJGC+y69cGgpNbtElQj3m4Aft/7cu9qYbTNguTSnCDt7uovZNb21u1vpZwKHyVgFEGO4SA8RNnjhJt2D7z8RDMWX3saody7jo9TKlrPABLZGo2o8vadW8Dly/v+Id0YDheCkVCoCEeUjQ8koXZhTwhYkGPu+vkdiqX5cUaiVTu1uzt591aO5Vw/hV4DIhFKnOTnYXnpXiwRwtPyYoGTa64yWfi2t0bv99qz0BgDjQjD0civCe8LRXGGhyB1U1aHjDDGEnulTYJyEqCzNGwBpzEHUjqIOXElFjt55AFGpCHAuyuoXoP3gQvoSj6RCsQIDAQAB
-----END PUBLIC KEY-----`
*/

// 加载 X.509/SPKI 密钥
spkiBlock, _ := pem.Decode([]byte(spkiPem))
var spkiKey *rsa.PublicKey
pubInterface, _ := x509.ParsePKIXPublicKey(spkiBlock.Bytes)
spkiKey = pubInterface.(*rsa.PublicKey)

// 使用 OAEP 进行加密
plaintext := []byte("The quick brown fox jumps over the lazy dog")
oaepLabel := []byte("")
oaepDigests := sha256.New()
ciphertext, _ := rsa.EncryptOAEP(oaepDigests, rand.Reader, spkiKey, plaintext, oaepLabel)
fmt.Println(ciphertext)
英文:

As already described in the comment, the posted key is PEM encoded. You may be confusing something.<br>
The part called KEY is the Base64 encoded DER encoded key with line breaks after every 64 characters. If you have only this, it is easiest to add header and footer.<br>
pem.Decode() works even without the line breaks in the body, only header and footer must be in separate lines.

From the header/footer lines it can be deduced that this is a public key in X.509/SPKI format. Importing a key of this format is supported by ParsePKIXPublicKey().

If you want to use OAEP as padding, the OAEP parameters must be specified for encryption. For decryption the same parameters must be used, otherwise decryption will fail.

OAEP uses two digests, one for hashing the label, one for the mask generation function MGF1. RFC8017 allows both to be chosen independently of each other. However, Go does not currently support this, i.e. the two digests must be chosen identically. Also, OAEP uses a label which is empty by default (and should not be changed for compatibility reasons).

The following code shows the import of an X.509/SPKI key and the encryption with OAEP using SHA256 as digest (for simplicity without exception handling):

import (
	&quot;crypto/rand&quot;
	&quot;crypto/rsa&quot;
	&quot;crypto/sha256&quot;
	&quot;crypto/x509&quot;
	&quot;encoding/pem&quot;
)

...

// X.509 SPKI key, PEM encoded
var spkiPem = `-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZ67dtUTLxoXnNEzRBFB
mwukEJGC+y69cGgpNbtElQj3m4Aft/7cu9qYbTNguTSnCDt7uovZNb21u1vpZwKH
yVgFEGO4SA8RNnjhJt2D7z8RDMWX3saody7jo9TKlrPABLZGo2o8vadW8Dly/v+I
d0YDheCkVCoCEeUjQ8koXZhTwhYkGPu+vkdiqX5cUaiVTu1uzt591aO5Vw/hV4DI
hFKnOTnYXnpXiwRwtPyYoGTa64yWfi2t0bv99qz0BgDjQjD0civCe8LRXGGhyB1U
1aHjDDGEnulTYJyEqCzNGwBpzEHUjqIOXElFjt55AFGpCHAuyuoXoP3gQvoSj6RC
sQIDAQAB
-----END PUBLIC KEY-----`

/*
//Works also:
var spkiPem = `-----BEGIN PUBLIC KEY-----
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAoZ67dtUTLxoXnNEzRBFBmwukEJGC+y69cGgpNbtElQj3m4Aft/7cu9qYbTNguTSnCDt7uovZNb21u1vpZwKHyVgFEGO4SA8RNnjhJt2D7z8RDMWX3saody7jo9TKlrPABLZGo2o8vadW8Dly/v+Id0YDheCkVCoCEeUjQ8koXZhTwhYkGPu+vkdiqX5cUaiVTu1uzt591aO5Vw/hV4DIhFKnOTnYXnpXiwRwtPyYoGTa64yWfi2t0bv99qz0BgDjQjD0civCe8LRXGGhyB1U1aHjDDGEnulTYJyEqCzNGwBpzEHUjqIOXElFjt55AFGpCHAuyuoXoP3gQvoSj6RCsQIDAQAB
-----END PUBLIC KEY-----`
*/

// Load X.509/SPKI key
spkiBlock, _ := pem.Decode([]byte(spkiPem))
var spkiKey *rsa.PublicKey
pubInterface, _ := x509.ParsePKIXPublicKey(spkiBlock.Bytes)
spkiKey = pubInterface.(*rsa.PublicKey)

// Encryption using OAEP
plaintext := []byte(&quot;The quick brown fox jumps over the lazy dog&quot;)
oaepLabel := []byte(&quot;&quot;)
oaepDigests := sha256.New()
ciphertext, _ := rsa.EncryptOAEP(oaepDigests, rand.Reader, spkiKey, plaintext, oaepLabel)
fmt.Println(ciphertext)

huangapple
  • 本文由 发表于 2022年1月15日 12:12:51
  • 转载请务必保留本文链接:https://go.coder-hub.com/70718821.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定