-
-
Save ergoz/c579afd319b857ae30c17fc387ad6fb8 to your computer and use it in GitHub Desktop.
golang RSA utility, include encrypt/decrypt/signature
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| //author: http://github.com/wongoo | |
| //date: 20190717 | |
| package rsautil | |
| import ( | |
| "bytes" | |
| "crypto" | |
| "crypto/rand" | |
| "crypto/rsa" | |
| "crypto/sha1" | |
| "crypto/x509" | |
| "encoding/base64" | |
| "errors" | |
| ) | |
| const ( | |
| rsaKeySize = 2048 | |
| ) | |
| func hash(data []byte) []byte { | |
| s := sha1.Sum(data) | |
| return s[:] | |
| } | |
| func GenerateKey() (*rsa.PrivateKey, *rsa.PublicKey, error) { | |
| pri, err := rsa.GenerateKey(rand.Reader, rsaKeySize) | |
| if err != nil { | |
| return nil, nil, err | |
| } | |
| return pri, &pri.PublicKey, nil | |
| } | |
| func GenerateKeyBytes() (privateBytes, publicBytes []byte, err error) { | |
| pri, pub, err := GenerateKey() | |
| if err != nil { | |
| return nil, nil, err | |
| } | |
| priBytes, err := x509.MarshalPKCS8PrivateKey(pri) | |
| if err != nil { | |
| return nil, nil, err | |
| } | |
| pubBytes := x509.MarshalPKCS1PublicKey(pub) | |
| return priBytes, pubBytes, nil | |
| } | |
| func GenerateKey64() (pri64, pub64 string, err error) { | |
| pri, pub, err := GenerateKeyBytes() | |
| if err != nil { | |
| return "", "", nil | |
| } | |
| return base64.StdEncoding.EncodeToString(pri), | |
| base64.StdEncoding.EncodeToString(pub), | |
| nil | |
| } | |
| func PublicKeyFrom(key []byte) (*rsa.PublicKey, error) { | |
| pubInterface, err := x509.ParsePKIXPublicKey(key) | |
| if err != nil { | |
| return nil, err | |
| } | |
| pub, ok := pubInterface.(*rsa.PublicKey) | |
| if !ok { | |
| return nil, errors.New("invalid public key") | |
| } | |
| return pub, nil | |
| } | |
| func PublicKeyFrom64(key string) (*rsa.PublicKey, error) { | |
| b, err := base64.StdEncoding.DecodeString(key) | |
| if err != nil { | |
| return nil, err | |
| } | |
| return PublicKeyFrom(b) | |
| } | |
| func PrivateKeyFrom(key []byte) (*rsa.PrivateKey, error) { | |
| pri, err := x509.ParsePKCS8PrivateKey(key) | |
| if err != nil { | |
| return nil, err | |
| } | |
| p, ok := pri.(*rsa.PrivateKey) | |
| if !ok { | |
| return nil, errors.New("invalid private key") | |
| } | |
| return p, nil | |
| } | |
| func PrivateKeyFrom64(key string) (*rsa.PrivateKey, error) { | |
| b, err := base64.StdEncoding.DecodeString(key) | |
| if err != nil { | |
| return nil, err | |
| } | |
| return PrivateKeyFrom(b) | |
| } | |
| func PublicEncrypt(key *rsa.PublicKey, data []byte) ([]byte, error) { | |
| return rsa.EncryptPKCS1v15(rand.Reader, key, data) | |
| } | |
| func PublicSign(key *rsa.PublicKey, data []byte) ([]byte, error) { | |
| return PublicEncrypt(key, hash(data)) | |
| } | |
| func PublicVerify(key *rsa.PublicKey, sign, data []byte) error { | |
| return rsa.VerifyPKCS1v15(key, crypto.SHA1, hash(data), sign) | |
| } | |
| func PrivateDecrypt(key *rsa.PrivateKey, data []byte) ([]byte, error) { | |
| return rsa.DecryptPKCS1v15(rand.Reader, key, data) | |
| } | |
| func PrivateSign(key *rsa.PrivateKey, data []byte) ([]byte, error) { | |
| return rsa.SignPKCS1v15(rand.Reader, key, crypto.SHA1, hash(data)) | |
| } | |
| func PrivateVerify(key *rsa.PrivateKey, sign, data []byte) error { | |
| h, err := PrivateDecrypt(key, sign) | |
| if err != nil { | |
| return err | |
| } | |
| if !bytes.Equal(h, hash(data)) { | |
| return rsa.ErrVerification | |
| } | |
| return nil | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment