extract rsa-encrypted public-key from tls-certificate (pem-format)

[andro.y...@gmail.com]

Hi,

What I have:

- tls-certificate (x.509 format, pem encoded)

- within the tls-certificate -> public-key (rsa encrypted)

- corresponding private-key (pem encoded, rsa encrypted)

What I want:

- validate pem encoded private-keys // (something like 'openssl rsa -in client.key -check' )

- validate key-pair (if private-key is matching certificate) // (something like is key matching certificate running -> 'openssl x509 -noout -modulus -in client.cert | openssl md5' == 'openssl rsa -noout -modulus -in PRIVATEKEY.key | openssl md5')

What I tried:

func CheckKeyPair(clientcert, key string) error {

   block, _ := pem.Decode([]byte(clientcert))          // decode pem encoded tls certificate

   cert,_ := x509.ParseCertificate(block.Bytes)      // parse certificate (get type x509.*Certificate)

   fmt.Println(reflect.TypeOf(cert.PublicKey))          // print parsed public-key from certificate (get type *rsa.PublicKey)

  

return nil

}

I fill this function with an the tls-certificate (type string) and private-key (type string).

I've already started several experiments. That's why I haven't posted my mischief yet. 

I thought I would use this function, to validate the key-pair. -> tls.X509KeyPair (https://golang.org/pkg/crypto/tls/#X509KeyPair)

Does anyone know how to move on?

Best,

A

[Maciej Gałkowski]

Hi, 

I believe you want something like this: https://play.golang.org/p/IL8f5AqpeQ3

This example is quick and dirty, but it should be a good starting point for you. I am assuming that both public & private keys are RSA keys, for EC keys the process is similar. 

Also, if you decide to copy past the code, please handle the errors properly!

Golang have quite good crypto library fortunately.

Regards,

Maciej