Sorry, I speed read your email, but you were right Piers. "PRIVATE KEY" as header makes the difference.
Rajesh. On Friday, October 4, 2019 at 9:39:52 AM UTC-7, rajesh nataraja wrote: > > Hello Piers, > > I have tried your playground snippet and the snippet I gave here. Both > dont work, what I meant is saving the Marshalled key into a file and then > using that to be processed by other applications (java, python, openssl > command). > This is with go 1.11.5, do you think there is some compatibility issue > with go package here? > > Thanks > Rajesh > > > On Friday, October 4, 2019 at 9:03:54 AM UTC-7, helloPiers wrote: >> >> For PKCS8 (rather than PKCS1), use PEM type "PRIVATE KEY" (rather than >> "RSA PRIVATE KEY"). >> >> You may be constructing the ASN1 by hand deliberately, but just in case >> you didn't see it, there's also a standard library function >> x509.MarshalPKCS8PrivateKey() >> https://godoc.org/crypto/x509#MarshalPKCS8PrivateKey >> >> This can take the output of rsa.GenerateKey() directly, for example like: >> https://play.golang.org/p/UzWACWh2TCo (key size reduced so it runs in >> the playground without timing out). >> >> On Friday, October 4, 2019 at 1:14:15 AM UTC+1, rajesh nataraja wrote: >>> >>> Hi All, >>> >>> I have the following piece of code to generate a private key in PKCS8 >>> form and save it in a file. It does generate a file, but when I try to >>> check using the openssl command >>> >>> openssl rsa -in rsapk.key -check >>> I get the following errors >>> >>> 140092967139232:error:0D0680A8:asn1 encoding >>> routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1199: >>> 140092967139232:error:0D06C03A:asn1 encoding >>> routines:ASN1_D2I_EX_PRIMITIVE:nested asn1 error:tasn_dec.c:767: >>> 140092967139232:error:0D08303A:asn1 encoding >>> routines:ASN1_TEMPLATE_NOEXP_D2I:nested asn1 error:tasn_dec.c:699:Field=n, >>> Type=RSA >>> 140092967139232:error:04093004:rsa routines:OLD_RSA_PRIV_DECODE:RSA >>> lib:rsa_ameth.c:121: >>> >>> >>> Anyone knows what is wrong with my method? >>> >>> package main >>> >>> import ( >>> "crypto/x509" >>> "crypto/rsa" >>> "encoding/pem" >>> "io/ioutil" >>> "crypto/rand" >>> "encoding/asn1" >>> ) >>> >>> type privateKeyInfo struct { >>> Version int >>> PrivateKeyAlgorithm []asn1.ObjectIdentifier >>> PrivateKey []byte >>> } >>> >>> >>> func NewPKCS8PrivateKey() { >>> >>> var pkey privateKeyInfo >>> var bKey []byte >>> oidPublicKeyRSA := asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1} >>> >>> >>> key, err := rsa.GenerateKey(rand.Reader, 2048) >>> if err != nil { >>> return >>> } >>> >>> pkey.Version = 0 >>> pkey.PrivateKeyAlgorithm = make([]asn1.ObjectIdentifier, 1) >>> pkey.PrivateKeyAlgorithm[0] = oidPublicKeyRSA >>> pkey.PrivateKey = x509.MarshalPKCS1PrivateKey(key) >>> >>> bKey , _ = asn1.Marshal(pkey) >>> >>> block := pem.Block{Type: "RSA PRIVATE KEY", Bytes: bKey} >>> >>> ioutil.WriteFile("./rsapk.key", pem.EncodeToMemory(&block), 0600) >>> >>> } >>> >> -- You received this message because you are subscribed to the Google Groups "golang-nuts" group. To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/bf492116-aaf3-4b49-a817-0154e3b59227%40googlegroups.com.
