Hi, I believe you want something like this: https://play.golang.org/p/IL8f5AqpeQ3
This example is quick and dirty, but it should be a good starting point for you. I am assuming that both public & private keys are RSA keys, for EC keys the process is similar. Also, if you decide to copy past the code, please handle the errors properly! Golang have quite good crypto library fortunately. Regards, Maciej W dniu czwartek, 22 lutego 2018 16:30:30 UTC użytkownik Andro Yamamoto napisał: > > Hi, > > > What I have: > - tls-certificate (x.509 format, pem encoded) > - within the tls-certificate -> public-key (rsa encrypted) > - corresponding private-key (pem encoded, rsa encrypted) > > > What I want: > - validate pem encoded private-keys // (something like 'openssl rsa -in > client.key -check' ) > - validate key-pair (if private-key is matching certificate) // (something > like is key matching certificate running -> 'openssl x509 -noout -modulus > -in client.cert | openssl md5' == 'openssl rsa -noout -modulus -in > PRIVATEKEY.key | openssl md5') > > > What I tried: > > *func *CheckKeyPair(clientcert, key string) error { > > > block, _ := pem.Decode([]byte(clientcert)) // decode pem > encoded tls certificate > > cert,_ := x509.ParseCertificate(block.Bytes) // parse certificate > (get type x509.*Certificate) > > fmt.Println(reflect.TypeOf(cert.PublicKey)) // print parsed > public-key from certificate (get type *rsa.PublicKey) > > > > *return *nil > > } > > I fill this function with an the tls-certificate (type string) and > private-key (type string). > > I've already started several experiments. That's why I haven't posted my > mischief yet. > I thought I would use this function, to validate the key-pair. -> > tls.X509KeyPair (https://golang.org/pkg/crypto/tls/#X509KeyPair) > Does anyone know how to move on? > > Best, > A > > > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.