How do you decode an encrypted PKCS8 key?

gabrie...@gmail.com

unread,

Oct 7, 2015, 8:36:10 AM10/7/15

to golang-nuts

Hi,

I thought you would be able to decrypted a key by doing

block, _ := pem.Decode(key)

key := x509.DecryptPEMBlock(block, password)

However, if the key is PKCS8, I get a x509: no DEK-Info header in block error. However, from my understanding in PKCS8. The DEK-Info isn't there. How do I decrypt the key then?

Thanks

Skip Tavakkolian

unread,

Oct 7, 2015, 2:08:04 PM10/7/15

to gabrie...@gmail.com, golang-nuts

this might be helpful:

https://gowalker.org/github.com/youmark/pkcs8

https://github.com/youmark/pkcs8/blob/master/pkcs8.go#L103

--
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts...@googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Gabriel Vincent Kho

unread,

Oct 7, 2015, 2:59:23 PM10/7/15

to golang-nuts, gabrie...@gmail.com

Looking at that source code. It seems to only handle if it was encrypted in AES-256-CBC mode. However, the openssl default is pbeWITHMD5ndDES-CBC. It seems like this library can't handle that. Am I wrong?

James Bardin

unread,

Oct 7, 2015, 4:17:19 PM10/7/15

to golang-nuts, gabrie...@gmail.com

On Wednesday, October 7, 2015 at 2:59:23 PM UTC-4, Gabriel Vincent Kho wrote:

On Tue, Oct 6, 2015 at 4:12 PM, <gabrie...@gmail.com> wrote:
Hi,

I thought you would be able to decrypted a key by doing

block, _ := pem.Decode(key)
key := x509.DecryptPEMBlock(block, password)

However, if the key is PKCS8, I get a x509: no DEK-Info header in block error. However, from my understanding in PKCS8. The DEK-Info isn't there. How do I decrypt the key then?

The x509 package doesn't currently support this https://golang.org/issue/8860

For now it's probably easiest to just convert the key to a traditional format first.

Reply all

Reply to author

Forward