1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
|
package main
// generate an ecdsa or rsa private key
import (
"crypto"
"crypto/elliptic"
"crypto/ecdsa"
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"encoding/pem"
"flag"
"fmt"
"io"
"io/ioutil"
"os"
)
type (
CreateFlags struct {
CryptType string // rsa or ecdsa
CryptLength int // the bit length
Output string // a path or stream to output the private key to
output_stream io.WriteCloser // the actual stream to the output
}
)
// create a new private key
func create_private_key() {
flags := parse_create_flags()
var err error
flags.output_stream, err = open_output_stream(flags.Output)
if err != nil {
crash_with_help(2, fmt.Sprintf("Error when creating file %s: %s", flags.Output, err))
}
defer flags.output_stream.Close()
switch flags.CryptType {
case "rsa": create_private_key_rsa(flags)
case "ecdsa": create_private_key_ecdsa(flags)
default: crash_with_help(2, fmt.Sprintf("%s not supported!", flags.CryptType))
}
}
// generate a rsa private key
func create_private_key_rsa(flags CreateFlags) {
if flags.CryptLength < 2048 {
crash_with_help(2, "Length is smaller than 2048!")
}
priv, err := rsa.GenerateKey( rand.Reader, flags.CryptLength)
if err != nil {
fmt.Fprintln(os.Stderr, "Error: ", err)
os.Exit(3)
}
marshal := x509.MarshalPKCS1PrivateKey(priv)
block := &pem.Block{Type: TypeLabelRSA, Bytes: marshal}
pem.Encode(flags.output_stream, block)
}
// generate a ecdsa private key
func create_private_key_ecdsa(flags CreateFlags) {
var curve elliptic.Curve
switch flags.CryptLength {
case 224: curve = elliptic.P224()
case 256: curve = elliptic.P256()
case 384: curve = elliptic.P384()
case 521: curve = elliptic.P521()
default: crash_with_help(2, "Unsupported crypt length!")
}
priv, err := ecdsa.GenerateKey(curve, rand.Reader)
if err != nil {
fmt.Fprintln(os.Stderr, "Error: ", err)
os.Exit(3)
}
marshal, err := x509.MarshalECPrivateKey(priv)
if err != nil {
crash_with_help(2, fmt.Sprintf("Problems marshalling the private key: %s", err))
}
block := &pem.Block{Type: TypeLabelECDSA, Bytes: marshal}
pem.Encode(flags.output_stream, block)
}
// parse the flags to create a private key
func parse_create_flags() CreateFlags {
flags := CreateFlags{}
fs := flag.NewFlagSet("create-private", flag.ExitOnError)
fs.StringVar(&flags.CryptType, "type", "ecdsa", "which type to use to encrypt key (rsa, ecdsa)")
fs.IntVar(&flags.CryptLength, "length", 521, fmt.Sprintf(
"%i - %i for rsa; %v for ecdsa", RsaLowerLength, RsaUpperLength, EcdsaLength,))
fs.StringVar(&flags.Output, "output", "STDOUT", "filename to store the private key")
fs.Parse(os.Args[2:])
return flags
}
// load the private key stored at `path`
func load_private_key(path string) crypto.Signer {
if path == "" {
crash_with_help(2, "No path to private key supplied!")
}
file, err := os.Open(path)
if err != nil {
crash_with_help(3, fmt.Sprintf("Error when opening private key: %s", err))
}
defer file.Close()
data, err := ioutil.ReadAll(file)
if err != nil {
crash_with_help(3, fmt.Sprintf("Error when reading private key: %s", err))
}
block, _ := pem.Decode(data)
if block.Type == TypeLabelRSA {
return load_private_key_rsa(block)
} else if block.Type == TypeLabelECDSA {
return load_private_key_ecdsa(block)
} else {
crash_with_help(2, "No valid private key file! Only RSA and ECDSA keys are allowed!")
return nil
}
}
// parse rsa private key
func load_private_key_rsa(block *pem.Block) crypto.Signer {
key, err := x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil {
crash_with_help(3, fmt.Sprintf("Error parsing private key: %s", err))
}
return key
}
// parse ecdsa private key
func load_private_key_ecdsa(block *pem.Block) crypto.Signer {
key, err := x509.ParseECPrivateKey(block.Bytes)
if err != nil {
crash_with_help(3, fmt.Sprintf("Error parsing private key: %s", err))
}
return key
}
|
