Golang RSA encrypt and decrypt example
source link: https://gist.github.com/miguelmota/3ea9286bd1d3c2a985b67cac4ba2130a
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
do u know why golang not provide public key decrypt
and private key encrypt
?
@wongoo According to public and private key cryptography, public key is available to everyone and can be accessed by other users also. But the private key is specific to that particular user, which is used for decryption of data/keys which was encrypted using the users public key.
Eg: RSA, Blowfish, etc.
wongoo commented on Jul 24, 2019 •
@susarlanikhilesh I use :
public_key_encrypt(sha1(business_data + app_id + app_secret))
aspublic signature
in app clientprivate_key_decrypt(sign) == sha1(business_data + app_id + app_secret)
to verify the public signature in server, to make sure the request is from the exact app
app_secret
is known for both server&client, is this solution ok?
@wongoo there is insufficient data for me to understand.
EncryptWithPublicKey(data, publickey)
DecryptWithPrivateKey(data, privatekey)
These functions does not include the integrity check.
Can you please elobrate your question above?
@susarlanikhilesh the common way of signature solution is sign by private key
and verify by public key
. But I want sign by public key
and verify by private key
. Through the public key is visible to every one , but appid/appsecret is private, so I think it's security too.
https://gist.github.com/miguelmota/3ea9286bd1d3c2a985b67cac4ba2130a#gistcomment-2979018
@wongoo I'm looking for the exact same use case. any luck?
do u know why golang not provide public key decrypt and private key encrypt ?
The end result of creating an RSA key is to produce the tuple of numbers (n,d,e)
. The private key is (n,d)
, and the public key is (n,e)
. Even though e
is called "encrypt", and d
is called "decrypt"; that is just a shorthand. More accurately...
(n,e)
- public operations ... Verify, Encrypt, because neither of these things require a secret.(n,d)
- private operations ... Sign, Decrypt, because both of these require a secret.- Sign is the inverse of Verify
- Decrypt is the inverse of Verify
And be really careful to note that e
isn't just "public". It's a small, well-known constant! This is not obvious when you read algebra that explains what RSA does. But somebody needs to tell you what n
is to use it with e
. Once you have the *big.Int
values of (n,d,e)
, it really is as simple as:
ciphertext = mod_n(plaintext^e)
plaintext = mod_n(ciphertext^d)
msghash = Hash(message)
signature = mod_n(msghash^d)
msghash = mod_n(signature^e)
It is just a matter of whether you apply e or d first. You can't RSA encrypt anything large, so you usually only encrypt keys, or sign hashes. The values being signed or encrypted need to be smaller than n, because in the end they are taken mod_n.
If I put the private and public key string into a flat file and read from there, I always get unable to parse private key: asn1: syntax error: data truncated
while calling BytesToPrivateKey
- x509.ParsePKCS1PrivateKey()
. However, if I just keep them in a variable, it works file. Any reason why would this happen?
pubBytes, err := ioutil.ReadFile("./certs/public.key") // This is fine with Encryption
enc := pkg.Encrypt(msg, pkg.ConvertBytesToPublicKey(pubBytes))
priBytes, err := ioutil.ReadFile("./certs/private.key") // This fails for Dencryption
dec := pkg.Decrypt(enc, pkg.ConvertBytesToPrivateKey(priBytes))
Haven't tested it - (about to) but this site shows import and export of keys
Haven't tested it - (about to) but this site shows import and export of keys
Nice one!
Do note that: x509.IsEncryptedPEMBlock
and x509.DecryptPEMBlock
has both been flagged as insecured by design
.
If you have any secure alternative, I'm in!
Great work!
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK