[go-nuts] Re: extract rsa-encrypted public-key from tls-certificate (pem-format)

Thu, 22 Feb 2018 16:10:15 -0800 

Hi, 
I believe you want something like 
this: https://play.golang.org/p/IL8f5AqpeQ3

This example is quick and dirty, but it should be a good starting point for 
you. I am assuming that both public & private keys are RSA keys, for EC 
keys the process is similar. 
Also, if you decide to copy past the code, please handle the errors 
properly!

Golang have quite good crypto library fortunately.

Regards,
Maciej

W dniu czwartek, 22 lutego 2018 16:30:30 UTC użytkownik Andro Yamamoto 
napisał:
>
> Hi,
>
>
> What I have:
> - tls-certificate (x.509 format, pem encoded)
> - within the tls-certificate -> public-key (rsa encrypted)
> - corresponding private-key (pem encoded, rsa encrypted)
>
>
> What I want:
> - validate pem encoded private-keys // (something like 'openssl rsa -in 
> client.key -check' )
> - validate key-pair (if private-key is matching certificate) // (something 
> like is key matching certificate running -> 'openssl x509 -noout -modulus 
> -in client.cert | openssl md5' == 'openssl rsa -noout -modulus -in 
> PRIVATEKEY.key | openssl md5')
>
>
> What I tried:
>
> *func *CheckKeyPair(clientcert, key string) error {
>
>
>    block, _ := pem.Decode([]byte(clientcert))          // decode pem 
> encoded tls certificate
>
>    cert,_ := x509.ParseCertificate(block.Bytes)      // parse certificate 
> (get type x509.*Certificate)
>
>    fmt.Println(reflect.TypeOf(cert.PublicKey))          // print parsed 
> public-key from certificate (get type *rsa.PublicKey)
>
>   
>
> *return *nil
>
> }
>
> I fill this function with an the tls-certificate (type string) and 
> private-key (type string).
>
> I've already started several experiments. That's why I haven't posted my 
> mischief yet. 
> I thought I would use this function, to validate the key-pair. -> 
> tls.X509KeyPair (https://golang.org/pkg/crypto/tls/#X509KeyPair)
> Does anyone know how to move on?
>
> Best,
> A
>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to golang-nuts+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Reply via email to