go-http-peering/crypto/pem.go

package crypto

import (
	"crypto"
	"crypto/rand"
	"crypto/rsa"
	"crypto/x509"
	"encoding/pem"
	"errors"

	jwt "github.com/dgrijalva/jwt-go"
)

func EncodePublicKeyToPEM(key crypto.PublicKey) ([]byte, error) {
	pub, err := x509.MarshalPKIXPublicKey(key)
	if err != nil {
		return nil, err
	}
	data := pem.EncodeToMemory(&pem.Block{
		Type:  "PUBLIC KEY",
		Bytes: pub,
	})
	return data, nil
}

func DecodePEMToPublicKey(pem []byte) (crypto.PublicKey, error) {
	return jwt.ParseRSAPublicKeyFromPEM(pem)
}

func DecodePEMEncryptedPrivateKey(key []byte, passphrase []byte) (*rsa.PrivateKey, error) {
	var err error

	// Parse PEM block
	var block *pem.Block
	if block, _ = pem.Decode(key); block == nil {
		return nil, errors.New("invalid PEM block")
	}

	decryptedBlock, err := x509.DecryptPEMBlock(block, passphrase)
	if err != nil {
		return nil, err
	}

	var parsedKey interface{}
	if parsedKey, err = x509.ParsePKCS1PrivateKey(decryptedBlock); err != nil {
		return nil, err
	}

	var privateKey *rsa.PrivateKey
	var ok bool
	if privateKey, ok = parsedKey.(*rsa.PrivateKey); !ok {
		return nil, errors.New("invalid RSA private key")
	}

	return privateKey, nil
}

func EncodePrivateKeyToEncryptedPEM(key *rsa.PrivateKey, passphrase []byte) ([]byte, error) {
	if passphrase == nil {
		return nil, errors.New("passphrase cannot be empty")
	}

	block := &pem.Block{
		Type:  "RSA PRIVATE KEY",
		Bytes: x509.MarshalPKCS1PrivateKey(key),
	}

	block, err := x509.EncryptPEMBlock(
		rand.Reader, block.Type,
		block.Bytes, passphrase, x509.PEMCipherAES256,
	)
	if err != nil {
		return nil, err
	}

	return pem.EncodeToMemory(block), nil
}
Initial commit 2019-02-03 20:56:58 +01:00			`package crypto`

			`import (`
Redesign authentication protocol 2019-02-22 17:35:49 +01:00			`"crypto"`
			`"crypto/rand"`
Initial commit 2019-02-03 20:56:58 +01:00			`"crypto/rsa"`
			`"crypto/x509"`
			`"encoding/pem"`
Redesign authentication protocol 2019-02-22 17:35:49 +01:00			`"errors"`
Initial commit 2019-02-03 20:56:58 +01:00
			`jwt "github.com/dgrijalva/jwt-go"`
			`)`

Redesign authentication protocol 2019-02-22 17:35:49 +01:00			`func EncodePublicKeyToPEM(key crypto.PublicKey) ([]byte, error) {`
Initial commit 2019-02-03 20:56:58 +01:00			`pub, err := x509.MarshalPKIXPublicKey(key)`
			`if err != nil {`
			`return nil, err`
			`}`
			`data := pem.EncodeToMemory(&pem.Block{`
			`Type: "PUBLIC KEY",`
			`Bytes: pub,`
			`})`
			`return data, nil`
			`}`

Redesign authentication protocol 2019-02-22 17:35:49 +01:00			`func DecodePEMToPublicKey(pem []byte) (crypto.PublicKey, error) {`
Initial commit 2019-02-03 20:56:58 +01:00			`return jwt.ParseRSAPublicKeyFromPEM(pem)`
			`}`
Redesign authentication protocol 2019-02-22 17:35:49 +01:00
			`func DecodePEMEncryptedPrivateKey(key []byte, passphrase []byte) (*rsa.PrivateKey, error) {`
			`var err error`

			`// Parse PEM block`
			`var block *pem.Block`
			`if block, _ = pem.Decode(key); block == nil {`
			`return nil, errors.New("invalid PEM block")`
			`}`

			`decryptedBlock, err := x509.DecryptPEMBlock(block, passphrase)`
			`if err != nil {`
			`return nil, err`
			`}`

			`var parsedKey interface{}`
			`if parsedKey, err = x509.ParsePKCS1PrivateKey(decryptedBlock); err != nil {`
			`return nil, err`
			`}`

			`var privateKey *rsa.PrivateKey`
			`var ok bool`
			`if privateKey, ok = parsedKey.(*rsa.PrivateKey); !ok {`
			`return nil, errors.New("invalid RSA private key")`
			`}`

			`return privateKey, nil`
			`}`

			`func EncodePrivateKeyToEncryptedPEM(key *rsa.PrivateKey, passphrase []byte) ([]byte, error) {`
			`if passphrase == nil {`
			`return nil, errors.New("passphrase cannot be empty")`
			`}`

			`block := &pem.Block{`
			`Type: "RSA PRIVATE KEY",`
			`Bytes: x509.MarshalPKCS1PrivateKey(key),`
			`}`

			`block, err := x509.EncryptPEMBlock(`
			`rand.Reader, block.Type,`
			`block.Bytes, passphrase, x509.PEMCipherAES256,`
			`)`
			`if err != nil {`
			`return nil, err`
			`}`

			`return pem.EncodeToMemory(block), nil`
			`}`