On Friday, 11 August 2017 15:31:37 UTC+2, Terry An wrote: > > My private key is generated by "openssl req -new -x509 -keyout a.key -out > a.crt -days 3650" with password. > > It seems you have a PKCS8 encrypted key, which needs somewhat special treatment from the Go crypto library.
You need to pem-decode it, then decrypt it (I'm not yet sure how) to DER, then submit it to x509.parsePKCS8PrivateKey. At least, that is what it seems to me. As soon as I have familiarised myself with the decryption aspect, I'll be able to tell you more. You may want to use OpenSSL to re-arrange things so the encryption occurs in a different place, or convert the key from PKCS8 to RSA and encrypt that. And, just maybe, the ParsePKCS8PrivateKey function in the x509 package could be extended in the most appropriate fashion to provide for decryption. Lucio. PS: I found a lot of useful hints in the manner in which crypto objects are handled in the crypto/acme nd crypto/acme/autocert packages. -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
