For PKCS8 (rather than PKCS1), use PEM type "PRIVATE KEY" (rather than "RSA PRIVATE KEY").
You may be constructing the ASN1 by hand deliberately, but just in case you didn't see it, there's also a standard library function x509.MarshalPKCS8PrivateKey() https://godoc.org/crypto/x509#MarshalPKCS8PrivateKey This can take the output of rsa.GenerateKey() directly, for example like: https://play.golang.org/p/UzWACWh2TCo (key size reduced so it runs in the playground without timing out). On Friday, October 4, 2019 at 1:14:15 AM UTC+1, rajesh nataraja wrote: > > Hi All, > > I have the following piece of code to generate a private key in PKCS8 form > and save it in a file. It does generate a file, but when I try to check > using the openssl command > > openssl rsa -in rsapk.key -check > I get the following errors > > 140092967139232:error:0D0680A8:asn1 encoding > routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1199: > 140092967139232:error:0D06C03A:asn1 encoding > routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:767: > 140092967139232:error:0D08303A:asn1 encoding > routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:699:Field=n, > Type=RSA > 140092967139232:error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA > lib:rsa_ameth.c:121: > > > Anyone knows what is wrong with my method? > > package main > > import ( > "crypto/x509" > "crypto/rsa" > "encoding/pem" > "io/ioutil" > "crypto/rand" > "encoding/asn1" > ) > > type privateKeyInfo struct { > Version int > PrivateKeyAlgorithm []asn1.ObjectIdentifier > PrivateKey []byte > } > > > func NewPKCS8PrivateKey() { > > var pkey privateKeyInfo > var bKey []byte > oidPublicKeyRSA := asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1} > > > key, err := rsa.GenerateKey(rand.Reader, 2048) > if err != nil { > return > } > > pkey.Version = 0 > pkey.PrivateKeyAlgorithm = make([]asn1.ObjectIdentifier, 1) > pkey.PrivateKeyAlgorithm[0] = oidPublicKeyRSA > pkey.PrivateKey = x509.MarshalPKCS1PrivateKey(key) > > bKey , _ = asn1.Marshal(pkey) > > block := pem.Block{Type: "RSA PRIVATE KEY", Bytes: bKey} > > ioutil.WriteFile("./rsapk.key", pem.EncodeToMemory(&block), 0600) > > } > -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/e5000151-f5d0-4eff-92e2-b4ffff687619%40googlegroups.com.
