On Friday, 11 August 2017 15:31:37 UTC+2, Terry An wrote:
>
> My private key is generated by "openssl req -new -x509 -keyout a.key -out 
> a.crt -days 3650" with password.
>
> It seems you have a PKCS8 encrypted key, which needs somewhat special 
treatment from the Go crypto library.

You need to pem-decode it, then decrypt it (I'm not yet sure how) to DER, 
then submit it to x509.parsePKCS8PrivateKey. At least, that is what it 
seems to me. As soon as I have familiarised myself with the decryption 
aspect, I'll be able to tell you more.

You may want to use OpenSSL to re-arrange things so the encryption occurs 
in a different place, or convert the key from PKCS8 to RSA and encrypt that.

And, just maybe, the ParsePKCS8PrivateKey function in the x509 package 
could be extended in the most appropriate fashion to provide for decryption.

Lucio.

PS: I found a lot of useful hints in the manner in which crypto objects are 
handled in the crypto/acme nd crypto/acme/autocert packages.

-- 
You received this message because you are subscribed to the Google Groups 
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to golang-nuts+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to