Hello.
I am trying to write code that takes the encrypted private half of an SSH
key plus its password, and output the decrypted secret key. I think I am
using crypto/x509 and encoding/pem correctly to decrypt the data – if I
change the password, the expected error results – but I can't seem to get
at the same text that would be printed by openssl rsa -in ./test.key.
Here's that almost-working example, with an embedded key that's encrypted
with the word "testpass":
package main
import (
"crypto/x509"
"encoding/pem"
"fmt"
"os"
)
func main() {
PASSWORD := []byte(`testpass`)
CRYPTO_TEXT := []byte(`-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: AES-128-CBC,D8CAD500D219AD23A4A3AA911A7EB230
+H1lGhWVpWsMH2BtKcfokvXGdbMCw9KhObnlq7gx0HwkT2CjWkV9gsg1ybJhxYiF
1u3TxfPotrXcbRmTXOM42HmnheM/Ti7taQh2Vxf2rIkcaEm2siMT6O16kMt6CAUp
iVOiuG3XV5BXODQDHGkVor+WJh1ReT6ZCsSzGLk8/3OaBryoxJkSE0ydY1i3HU4E
8RQwKYas1rSfURfUDvCL8wUYkJfd4qzVvgkrrSTicZzU2RTkSxGO6wHmxOoX5cEs
DPEQkUjqmsf35c+CYTWrojB8eKqVavuD64+RBssJnTdfc9jlZEi+o+1LJDyJrJd+
73D/cyoHHj0Wr01gPrPpQOD6x1HAedp1beqT3N3jNt5z3r9tEdVNYNCnSnb9WnlI
5wkS4XsmBz7BD0rAku5qMgel3BWYbZTee+5BQ3Ft60nj+iKngJe1/tupMrKD31Db
o+/cmWaeneWi/xxB7z/lmo++u25ECCxcRqdTbjhdAAKb2Yjwb3K8phwyRvcMF4+Z
/HH/RTJTLb8DvF0sfjgkZMcn8dF2HQxy8cMf1jVF4+UlaPHcKsAXEBjooJkzuVrC
ZMGlScWcMvh4VfB0wL7t5jnf3FEfaR9KR3rzAhm+XLDF0Zzol8tOk7CKr0covL1S
TBpbQ8u1XGXtEt/NVkwB4Q7QOCeAxGSb0HMciKEN7uclA6AwZ+wBqzfMxqHzOL6z
9ecUlq/pypAh56gLJyWOivQBSrHkUdMBr6/VNtLHB1NZOFq2fIPBaWuhN/69Lhj4
rzq5p0YlE+ivIlg1SkH3BbX/59acKMfXNjfyuZG4If4EUCPzgcsQb8QWNAYlOfr1
g/35tc3wpEenrGqtQE9rwPeD+ArhecUZ9iMtjohL+si7bgxGBHyp+a1eN8irN0rh
rToOYTq+9xnpI4sQp+D0oZZ+B7EVTLL7EYGNfAvroDPl/sIuHPtc4Cns7MgRH4Z9
F7Lvd0lSEbMOL+uVdkhR4/AjIiv9aLsv4O/0NTsqDwG0evjFt5G1hLDelMaqaGeL
jz3eOv8IvL4ueqp1KTOD7ofT62GOj4tR8z4RE2uhHl5ummrI+7G3/2iAQeuWRlTQ
DafjhU2NSN+TIGzaCn3Kghmj5Wwl3tXIqf8JRDenBIl2RxsczyDxn0UtKn61DOXB
dQLvSn0YRU+q0F7GJPp/FjWiekPhj3UkWyEFEX+Py5+QHx2CxOvsh0Nd1iKLjn/w
wEpIHuny/rPuz7e+W3y883IQhEBToqFa8QwX3V60kfwpfffYoF6M/dFe3gOkOt5o
KQGuZFtfoxUdie4TFZqhqF2fCYBNPmySKJy+aH8qom9ITcvHaUGvGZKBuA9C0qJy
rON/oWs8Fi5Cl+Vi8Eu0Qi2v3lepsUmeiA5wc6S6voJsE/RL1OPiw4wpKZqhpwdz
kqQe1YAlfpw2uLs67ugeNZUraeJYRgJihL+M0X1z99eoaMD0xU6mwhtI5b1V6dkD
lEbCbnAznehhU59zM4ZNc65ZQHpqdrmjYd6CiuZ5sMvI9c8UKvFWj2Rn8MY3kV+b
2wSPDF/dbJ1M6oLTvGshXviRRMgrRFTc2GMy5fbSb8Zqex57SQ0QXqQJ9FQZCIMJ
-----END RSA PRIVATE KEY-----`)
pemBlock, _ := pem.Decode(CRYPTO_TEXT)
if pemBlock != nil {
if x509.IsEncryptedPEMBlock(pemBlock) {
fmt.Printf("Decrypting private PEM data...\n")
clearText, err := x509.DecryptPEMBlock(pemBlock, PASSWORD)
if err == nil {
fmt.Printf("clearText (len %d): %s\n", len(clearText), clearText)
} else {
fmt.Printf("Error decrypting PEM-encoded secret: %s\n", err)
os.Exit(2)
}
pkcsData, err := x509.ParsePKCS1PrivateKey(clearText)
if err != nil {
fmt.Printf("ERROR parsing PKCS data: %s!", err)
os.Exit(3)
}
fmt.Printf("PKCS data: %v\n", pkcsData)
}
}
os.Exit(0)
}
Thanks in advance to anyone who can help me produce the plain text of the
decrypted private key, as if decrypted with command-line openssl.
Sincerely,
- benton
--
You received this message because you are subscribed to the Google Groups
"golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to golang-nuts+unsubscr...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
