本文整理汇总了Golang中crypto/x509.EncryptPEMBlock函数的典型用法代码示例。如果您正苦于以下问题:Golang EncryptPEMBlock函数的具体用法?Golang EncryptPEMBlock怎么用?Golang EncryptPEMBlock使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了EncryptPEMBlock函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Golang代码示例。
示例1: TestProcessPrivateKeyFile_encrypted
func TestProcessPrivateKeyFile_encrypted(t *testing.T) {
// Encrypt the file
b, err := x509.EncryptPEMBlock(rand.Reader,
"RSA PRIVATE KEY",
[]byte("what"),
[]byte("password"),
x509.PEMCipherAES128)
if err != nil {
t.Fatalf("err: %s", err)
}
tf, err := ioutil.TempFile("", "packer")
if err != nil {
t.Fatalf("bad: %s", err)
}
defer os.Remove(tf.Name())
err = pem.Encode(tf, b)
tf.Close()
if err != nil {
t.Fatalf("err: %s", err)
}
path := tf.Name()
// Should have an error with a bad password
if _, err := processPrivateKeyFile(path, "bad"); err == nil {
t.Fatal("should error")
}
if _, err := processPrivateKeyFile(path, "password"); err != nil {
t.Fatalf("bad: %s", err)
}
}
示例2: readKeyOrGenerate
func readKeyOrGenerate(path, pass string) (*rsa.PrivateKey, error) {
file, err := ioutil.ReadFile(path)
var key *rsa.PrivateKey
if err != nil {
log.Printf("Generating new key %s...", path)
key, err = rsa.GenerateKey(rand.Reader, rsaBitLength)
if err != nil {
return nil, err
}
raw := x509.MarshalPKCS1PrivateKey(key)
block, err := x509.EncryptPEMBlock(rand.Reader, blockType, raw, []byte(pass), cipherType)
if err != nil {
return nil, err
}
encoded := pem.EncodeToMemory(block)
ioutil.WriteFile(path, encoded, 0400)
} else {
log.Printf("Loading key %s...", path)
block, _ := pem.Decode(file)
if block == nil {
return nil, fmt.Errorf("%s doesn't contain a PEM key", path)
}
raw, err := x509.DecryptPEMBlock(block, []byte(pass))
if err != nil {
return nil, err
}
key, err = x509.ParsePKCS1PrivateKey(raw)
if err != nil {
return nil, err
}
}
return key, nil
}
示例3: PrivateKeyToEncryptedPEM
// PrivateKeyToEncryptedPEM converts a private key to an encrypted PEM
func PrivateKeyToEncryptedPEM(privateKey interface{}, pwd []byte) ([]byte, error) {
switch k := privateKey.(type) {
case *ecdsa.PrivateKey:
if k == nil {
return nil, errors.New("Invalid ecdsa private key. It must be different from nil.")
}
raw, err := x509.MarshalECPrivateKey(k)
if err != nil {
return nil, err
}
block, err := x509.EncryptPEMBlock(
rand.Reader,
"ECDSA PRIVATE KEY",
raw,
pwd,
x509.PEMCipherAES256)
if err != nil {
return nil, err
}
return pem.EncodeToMemory(block), nil
default:
return nil, errors.New("Invalid key type. It must be *ecdsa.PrivateKey")
}
}
示例4: FuzzPEM
func FuzzPEM(data []byte) int {
var b pem.Block
err := gob.NewDecoder(bytes.NewReader(data)).Decode(&b)
if err != nil {
return 0
}
b1, err := x509.DecryptPEMBlock(&b, []byte("pass"))
if err != nil {
return 0
}
b2, err := x509.EncryptPEMBlock(zeroReader(0), "msg", b1, []byte("pass1"), x509.PEMCipherDES)
if err != nil {
panic(err)
}
_, err = x509.DecryptPEMBlock(b2, []byte("pass"))
if err == nil {
panic("decoded with a wrong pass")
}
b3, err := x509.DecryptPEMBlock(b2, []byte("pass1"))
if err != nil {
panic(err)
}
if !bytes.Equal(b1, b3) {
panic("data changed")
}
return 1
}
示例5: PrivateKeyToEncryptedPEM
// PrivateKeyToEncryptedPEM converts a private key to an encrypted PEM
func PrivateKeyToEncryptedPEM(privateKey interface{}, pwd []byte) ([]byte, error) {
switch x := privateKey.(type) {
case *ecdsa.PrivateKey:
raw, err := x509.MarshalECPrivateKey(x)
if err != nil {
return nil, err
}
block, err := x509.EncryptPEMBlock(
rand.Reader,
"ECDSA PRIVATE KEY",
raw,
pwd,
x509.PEMCipherAES256)
if err != nil {
return nil, err
}
return pem.EncodeToMemory(block), nil
default:
return nil, ErrInvalidKey
}
}
示例6: writeKey
// writeKey takes an unencrypted keyblock and, if the kek is not nil, encrypts it before
// writing it to disk. If the kek is nil, writes it to disk unencrypted.
func (k *KeyReadWriter) writeKey(keyBlock *pem.Block, kekData KEKData, pkh PEMKeyHeaders) error {
if kekData.KEK != nil {
encryptedPEMBlock, err := x509.EncryptPEMBlock(rand.Reader,
keyBlock.Type,
keyBlock.Bytes,
kekData.KEK,
x509.PEMCipherAES256)
if err != nil {
return err
}
if encryptedPEMBlock.Headers == nil {
return errors.New("unable to encrypt key - invalid PEM file produced")
}
keyBlock = encryptedPEMBlock
}
if pkh != nil {
headers, err := pkh.MarshalHeaders(kekData)
if err != nil {
return err
}
mergePEMHeaders(keyBlock.Headers, headers)
}
keyBlock.Headers[versionHeader] = strconv.FormatUint(kekData.Version, 10)
if err := ioutils.AtomicWriteFile(k.paths.Key, pem.EncodeToMemory(keyBlock), keyPerms); err != nil {
return err
}
k.kekData = kekData
k.headersObj = pkh
return nil
}
示例7: EncryptPrivateKey
// EncryptPrivateKey returns an encrypted PEM key given a Privatekey
// and a passphrase
func EncryptPrivateKey(key data.PrivateKey, role, passphrase string) ([]byte, error) {
bt, err := blockType(key)
if err != nil {
return nil, err
}
password := []byte(passphrase)
cipherType := x509.PEMCipherAES256
encryptedPEMBlock, err := x509.EncryptPEMBlock(rand.Reader,
bt,
key.Private(),
password,
cipherType)
if err != nil {
return nil, err
}
if encryptedPEMBlock.Headers == nil {
return nil, fmt.Errorf("unable to encrypt key - invalid PEM file produced")
}
encryptedPEMBlock.Headers["role"] = role
return pem.EncodeToMemory(encryptedPEMBlock), nil
}
示例8: EncodePEM
func EncodePEM(binary []byte, blockType string, password string) (pemBlock string, err error) {
var blk *pem.Block
/* Awaiting Go 1.1 */
if password != "" {
passwordBytes := ([]byte)(password)
blk, err = x509.EncryptPEMBlock(rand.Reader, blockType, binary, passwordBytes, x509.PEMCipherAES256)
if err != nil {
return
}
} else {
/* */
blk = new(pem.Block)
blk.Type = blockType
blk.Bytes = binary
/* Awaiting Go 1.1 */
}
/* */
buf := new(bytes.Buffer)
err = pem.Encode(buf, blk)
if err != nil {
return
}
pemBlock = buf.String()
return
}
示例9: EncryptPrivateKey
// EncryptPrivateKey returns an encrypted PEM key given a Privatekey
// and a passphrase
func EncryptPrivateKey(key *data.PrivateKey, passphrase string) ([]byte, error) {
var blockType string
algorithm := key.Algorithm()
switch algorithm {
case data.RSAKey:
blockType = "RSA PRIVATE KEY"
case data.ECDSAKey:
blockType = "EC PRIVATE KEY"
default:
return nil, fmt.Errorf("only RSA or ECDSA keys are currently supported. Found: %s", algorithm)
}
password := []byte(passphrase)
cipherType := x509.PEMCipherAES256
encryptedPEMBlock, err := x509.EncryptPEMBlock(rand.Reader,
blockType,
key.Private(),
password,
cipherType)
if err != nil {
return nil, err
}
return pem.EncodeToMemory(encryptedPEMBlock), nil
}
示例10: EncryptECPrivateKey
// EncryptECPrivateKey receives a PEM encoded private key and returns an encrypted
// AES256 version using a passphrase
// TODO: Make this method generic to handle RSA keys
func EncryptECPrivateKey(key []byte, passphraseStr string) ([]byte, error) {
passphrase := []byte(passphraseStr)
cipherType := x509.PEMCipherAES256
keyBlock, _ := pem.Decode(key)
if keyBlock == nil {
// This RootCA does not have a valid signer.
return nil, fmt.Errorf("error while decoding PEM key")
}
encryptedPEMBlock, err := x509.EncryptPEMBlock(rand.Reader,
"EC PRIVATE KEY",
keyBlock.Bytes,
passphrase,
cipherType)
if err != nil {
return nil, err
}
if encryptedPEMBlock.Headers == nil {
return nil, fmt.Errorf("unable to encrypt key - invalid PEM file produced")
}
return pem.EncodeToMemory(encryptedPEMBlock), nil
}
示例11: exportPrivateKeytoEncryptedPEM
// export private key to pem format
func exportPrivateKeytoEncryptedPEM(sec *rsa.PrivateKey, password []byte) []byte {
l := x509.MarshalPKCS1PrivateKey(sec)
m, _ := x509.EncryptPEMBlock(rand.Reader, "RSA PRIVATE KEY", l, password, x509.PEMCipherAES256)
n := pem.EncodeToMemory(m)
//log.Print(string(n))
return n
}
示例12: EncPemKey
func (ck *RSACertKey) EncPemKey(passwd []byte) ([]byte, error) {
//kpem := ck.PemKey()
kpem := x509.MarshalPKCS1PrivateKey(ck.key)
encblock, err := x509.EncryptPEMBlock(rand.Reader, "RSA PRIVATE KEY", kpem, passwd, x509.PEMCipherAES128)
if err != nil {
return nil, err
}
return pem.EncodeToMemory(encblock), nil
}
示例13: EncPkg
func (ck *ECCertKey) EncPkg(passwd string) ([]byte, error) {
var pkgpem []byte
pkgpem = append(pkgpem, ck.PemKey()...)
pkgpem = append(pkgpem, ck.PemCert()...)
encblock, err := x509.EncryptPEMBlock(rand.Reader, pkgTypeStr, pkgpem, []byte(passwd), x509.PEMCipherAES128)
if err != nil {
return nil, err
}
return pem.EncodeToMemory(encblock), nil
}
示例14: _generateKey
func _generateKey(passpharse []byte, config ConfigType) (pubBlock, priBlock *pem.Block, err error) {
encodepasspharse := _passpharseHash(passpharse, config.Way)
pri, err := rsa.GenerateKey(rand.Reader, config.KeyLength)
if err != nil {
return
}
//public key encoding
pubbyte, err := x509.MarshalPKIXPublicKey(pri.Public())
if err != nil {
return
}
pubBlock, err = x509.EncryptPEMBlock(rand.Reader, "RSA PUBLIC KEY", pubbyte, []byte{}, x509.PEMCipherAES256)
if err != nil {
return
}
//private key encoding
pribyte := x509.MarshalPKCS1PrivateKey(pri)
priBlock, err = x509.EncryptPEMBlock(rand.Reader, "RSA PRIVATE KEY", pribyte, encodepasspharse, x509.PEMCipherAES256)
return
}
示例15: AEStoEncryptedPEM
// AEStoEncryptedPEM encapsulates an AES key in the encrypted PEM format
func AEStoEncryptedPEM(raw []byte, pwd []byte) ([]byte, error) {
block, err := x509.EncryptPEMBlock(
rand.Reader,
"AES PRIVATE KEY",
raw,
pwd,
x509.PEMCipherAES256)
if err != nil {
return nil, err
}
return pem.EncodeToMemory(block), nil
}