github.com/emmansun/gmsm@v0.29.1/pkcs8/example_test.go (about) 1 package pkcs8_test 2 3 import ( 4 "encoding/hex" 5 "encoding/pem" 6 "fmt" 7 "math/big" 8 "os" 9 10 "github.com/emmansun/gmsm/pkcs" 11 "github.com/emmansun/gmsm/pkcs8" 12 "github.com/emmansun/gmsm/sm2" 13 "github.com/emmansun/gmsm/sm9" 14 "github.com/emmansun/gmsm/smx509" 15 "golang.org/x/crypto/cryptobyte" 16 ) 17 18 func ExampleMarshalPrivateKey_withoutPassword() { 19 // real private key should be from secret storage, or generate directly 20 privKey, _ := hex.DecodeString("6c5a0a0b2eed3cbec3e4f1252bfe0e28c504a1c6bf1999eebb0af9ef0f8e6c85") 21 d := new(big.Int).SetBytes(privKey) 22 testkey := new(sm2.PrivateKey) 23 testkey.Curve = sm2.P256() 24 testkey.D = d 25 testkey.PublicKey.X, testkey.PublicKey.Y = testkey.ScalarBaseMult(testkey.D.Bytes()) 26 27 // generate der bytes 28 der, err := pkcs8.MarshalPrivateKey(testkey, nil, nil) 29 if err != nil { 30 fmt.Fprintf(os.Stderr, "Error from MarshalPrivateKey: %s\n", err) 31 return 32 } 33 34 // encode der bytes to pem 35 block := &pem.Block{Bytes: der, Type: "PRIVATE KEY"} 36 pemContent := string(pem.EncodeToMemory(block)) 37 fmt.Printf("%v\n", pemContent) 38 } 39 40 func ExampleParsePrivateKey_withoutPassword() { 41 const privateKeyPem = ` 42 -----BEGIN PRIVATE KEY----- 43 MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQgbFoKCy7tPL7D5PEl 44 K/4OKMUEoca/GZnuuwr57w+ObIWhRANCAASDVuZCpA69GNKbo1MvvZ87vujwJ8P2 45 85pbovhwNp+ZiJgfXv5V0cXN9sDvKwcIR6FPf99CcqjfCcRC8wWK+Uuh 46 -----END PRIVATE KEY-----` 47 block, _ := pem.Decode([]byte(privateKeyPem)) 48 if block == nil { 49 fmt.Fprintf(os.Stderr, "Failed to parse PEM block\n") 50 return 51 } 52 pk, params, err := pkcs8.ParsePrivateKey(block.Bytes, nil) 53 if err != nil { 54 fmt.Fprintf(os.Stderr, "Error from ParsePrivateKey: %s\n", err) 55 return 56 } 57 if params == nil && pk != nil { 58 fmt.Println("ok") 59 } else { 60 fmt.Println("fail") 61 } 62 // Output: ok 63 } 64 65 func ExampleParsePKCS8PrivateKey_withoutPassword() { 66 const privateKeyPem = ` 67 -----BEGIN PRIVATE KEY----- 68 MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQgbFoKCy7tPL7D5PEl 69 K/4OKMUEoca/GZnuuwr57w+ObIWhRANCAASDVuZCpA69GNKbo1MvvZ87vujwJ8P2 70 85pbovhwNp+ZiJgfXv5V0cXN9sDvKwcIR6FPf99CcqjfCcRC8wWK+Uuh 71 -----END PRIVATE KEY-----` 72 block, _ := pem.Decode([]byte(privateKeyPem)) 73 if block == nil { 74 fmt.Fprintf(os.Stderr, "Failed to parse PEM block\n") 75 return 76 } 77 pk, err := pkcs8.ParsePKCS8PrivateKey(block.Bytes) 78 if err != nil { 79 fmt.Fprintf(os.Stderr, "Error from ParsePKCS8PrivateKey: %s\n", err) 80 return 81 } 82 if pk != nil { 83 fmt.Println("ok") 84 } else { 85 fmt.Println("fail") 86 } 87 // Output: ok 88 } 89 90 func ExampleParsePKCS8PrivateKeySM2_withoutPassword() { 91 const privateKeyPem = ` 92 -----BEGIN PRIVATE KEY----- 93 MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQgbFoKCy7tPL7D5PEl 94 K/4OKMUEoca/GZnuuwr57w+ObIWhRANCAASDVuZCpA69GNKbo1MvvZ87vujwJ8P2 95 85pbovhwNp+ZiJgfXv5V0cXN9sDvKwcIR6FPf99CcqjfCcRC8wWK+Uuh 96 -----END PRIVATE KEY-----` 97 block, _ := pem.Decode([]byte(privateKeyPem)) 98 if block == nil { 99 fmt.Fprintf(os.Stderr, "Failed to parse PEM block\n") 100 return 101 } 102 pk, err := pkcs8.ParsePKCS8PrivateKeySM2(block.Bytes) 103 if err != nil { 104 fmt.Fprintf(os.Stderr, "Error from ParsePKCS8PrivateKeySM2: %s\n", err) 105 return 106 } 107 if pk != nil { 108 fmt.Println("ok") 109 } else { 110 fmt.Println("fail") 111 } 112 // Output: ok 113 } 114 115 func ExampleMarshalPrivateKey() { 116 // real private key should be from secret storage, or generate directly 117 privKey, _ := hex.DecodeString("6c5a0a0b2eed3cbec3e4f1252bfe0e28c504a1c6bf1999eebb0af9ef0f8e6c85") 118 d := new(big.Int).SetBytes(privKey) 119 testkey := new(sm2.PrivateKey) 120 testkey.Curve = sm2.P256() 121 testkey.D = d 122 testkey.PublicKey.X, testkey.PublicKey.Y = testkey.ScalarBaseMult(testkey.D.Bytes()) 123 124 password := []byte("Password1") 125 opts := &pkcs8.Opts{ 126 Cipher: pkcs.SM4CBC, 127 KDFOpts: pkcs8.PBKDF2Opts{ 128 SaltSize: 16, IterationCount: 16, HMACHash: pkcs8.SM3, 129 }, 130 } 131 // generate der bytes 132 der, err := pkcs8.MarshalPrivateKey(testkey, password, opts) 133 if err != nil { 134 fmt.Fprintf(os.Stderr, "Error from MarshalPrivateKey: %s\n", err) 135 return 136 } 137 138 // encode der bytes to pem 139 block := &pem.Block{Bytes: der, Type: "ENCRYPTED PRIVATE KEY"} 140 pemContent := string(pem.EncodeToMemory(block)) 141 fmt.Printf("%v\n", pemContent) 142 } 143 144 func ExampleParsePrivateKey() { 145 const privateKeyPem = ` 146 -----BEGIN ENCRYPTED PRIVATE KEY----- 147 MIH2MGEGCSqGSIb3DQEFDTBUMDQGCSqGSIb3DQEFDDAnBBDa6ckWJNP3QBD7MIF8 148 4nVqAgEQAgEQMA0GCSqBHM9VAYMRAgUAMBwGCCqBHM9VAWgCBBDMUgr+5Y/XN2g9 149 mPGiISzGBIGQytwK98/ET4WrS0H7AsUri6FTqztrzAvgzFl3+s9AsaYtUlzE3EzE 150 x6RWxo8kpKO2yj0a/Jh9WZCD4XAcoZ9aMopiWlOdpXJr/iQlMGdirCYIoF37lHMc 151 jZHNffmk4ii7NxCfjrzpiFq4clYsNMXeSEnq1tuOEur4kYcjHYSIFc9bPG656a60 152 +SIJsJuPFi0f 153 -----END ENCRYPTED PRIVATE KEY-----` 154 password := []byte("Password1") 155 156 block, _ := pem.Decode([]byte(privateKeyPem)) 157 if block == nil { 158 fmt.Fprintf(os.Stderr, "Failed to parse PEM block\n") 159 return 160 } 161 pk, params, err := pkcs8.ParsePrivateKey(block.Bytes, password) 162 if err != nil { 163 fmt.Fprintf(os.Stderr, "Error from ParsePrivateKey: %s\n", err) 164 return 165 } 166 if params != nil && pk != nil { 167 fmt.Println("ok") 168 } else { 169 fmt.Println("fail") 170 } 171 // Output: ok 172 } 173 174 func ExampleParsePKCS8PrivateKey() { 175 const privateKeyPem = ` 176 -----BEGIN ENCRYPTED PRIVATE KEY----- 177 MIH2MGEGCSqGSIb3DQEFDTBUMDQGCSqGSIb3DQEFDDAnBBDa6ckWJNP3QBD7MIF8 178 4nVqAgEQAgEQMA0GCSqBHM9VAYMRAgUAMBwGCCqBHM9VAWgCBBDMUgr+5Y/XN2g9 179 mPGiISzGBIGQytwK98/ET4WrS0H7AsUri6FTqztrzAvgzFl3+s9AsaYtUlzE3EzE 180 x6RWxo8kpKO2yj0a/Jh9WZCD4XAcoZ9aMopiWlOdpXJr/iQlMGdirCYIoF37lHMc 181 jZHNffmk4ii7NxCfjrzpiFq4clYsNMXeSEnq1tuOEur4kYcjHYSIFc9bPG656a60 182 +SIJsJuPFi0f 183 -----END ENCRYPTED PRIVATE KEY-----` 184 password := []byte("Password1") 185 block, _ := pem.Decode([]byte(privateKeyPem)) 186 if block == nil { 187 fmt.Fprintf(os.Stderr, "Failed to parse PEM block\n") 188 return 189 } 190 pk, err := pkcs8.ParsePKCS8PrivateKey(block.Bytes, password) 191 if err != nil { 192 fmt.Fprintf(os.Stderr, "Error from ParsePKCS8PrivateKey: %s\n", err) 193 return 194 } 195 if pk != nil { 196 fmt.Println("ok") 197 } else { 198 fmt.Println("fail") 199 } 200 // Output: ok 201 } 202 203 func ExampleParsePKCS8PrivateKeySM2() { 204 const privateKeyPem = ` 205 -----BEGIN ENCRYPTED PRIVATE KEY----- 206 MIH2MGEGCSqGSIb3DQEFDTBUMDQGCSqGSIb3DQEFDDAnBBDa6ckWJNP3QBD7MIF8 207 4nVqAgEQAgEQMA0GCSqBHM9VAYMRAgUAMBwGCCqBHM9VAWgCBBDMUgr+5Y/XN2g9 208 mPGiISzGBIGQytwK98/ET4WrS0H7AsUri6FTqztrzAvgzFl3+s9AsaYtUlzE3EzE 209 x6RWxo8kpKO2yj0a/Jh9WZCD4XAcoZ9aMopiWlOdpXJr/iQlMGdirCYIoF37lHMc 210 jZHNffmk4ii7NxCfjrzpiFq4clYsNMXeSEnq1tuOEur4kYcjHYSIFc9bPG656a60 211 +SIJsJuPFi0f 212 -----END ENCRYPTED PRIVATE KEY-----` 213 password := []byte("Password1") 214 block, _ := pem.Decode([]byte(privateKeyPem)) 215 if block == nil { 216 fmt.Fprintf(os.Stderr, "Failed to parse PEM block\n") 217 return 218 } 219 pk, err := pkcs8.ParsePKCS8PrivateKeySM2(block.Bytes, password) 220 if err != nil { 221 fmt.Fprintf(os.Stderr, "Error from ParsePKCS8PrivateKeySM2: %s\n", err) 222 return 223 } 224 if pk != nil { 225 fmt.Println("ok") 226 } else { 227 fmt.Println("fail") 228 } 229 // Output: ok 230 } 231 232 func ExampleParsePKCS8PrivateKeySM2_removePassword() { 233 const privateKeyPem = ` 234 -----BEGIN ENCRYPTED PRIVATE KEY----- 235 MIH2MGEGCSqGSIb3DQEFDTBUMDQGCSqGSIb3DQEFDDAnBBDa6ckWJNP3QBD7MIF8 236 4nVqAgEQAgEQMA0GCSqBHM9VAYMRAgUAMBwGCCqBHM9VAWgCBBDMUgr+5Y/XN2g9 237 mPGiISzGBIGQytwK98/ET4WrS0H7AsUri6FTqztrzAvgzFl3+s9AsaYtUlzE3EzE 238 x6RWxo8kpKO2yj0a/Jh9WZCD4XAcoZ9aMopiWlOdpXJr/iQlMGdirCYIoF37lHMc 239 jZHNffmk4ii7NxCfjrzpiFq4clYsNMXeSEnq1tuOEur4kYcjHYSIFc9bPG656a60 240 +SIJsJuPFi0f 241 -----END ENCRYPTED PRIVATE KEY-----` 242 password := []byte("Password1") 243 block, _ := pem.Decode([]byte(privateKeyPem)) 244 if block == nil { 245 fmt.Fprintf(os.Stderr, "Failed to parse PEM block\n") 246 return 247 } 248 pk, err := pkcs8.ParsePKCS8PrivateKeySM2(block.Bytes, password) 249 if err != nil { 250 fmt.Fprintf(os.Stderr, "Error from ParsePKCS8PrivateKeySM2: %s\n", err) 251 return 252 } 253 der, err := smx509.MarshalPKCS8PrivateKey(pk) 254 if err != nil { 255 fmt.Fprintf(os.Stderr, "Error from MarshalPKCS8PrivateKey: %s\n", err) 256 return 257 } 258 block = &pem.Block{Bytes: der, Type: "PRIVATE KEY"} 259 pemContent := string(pem.EncodeToMemory(block)) 260 fmt.Printf("%v\n", pemContent) 261 // Output: -----BEGIN PRIVATE KEY----- 262 // MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQgbFoKCy7tPL7D5PEl 263 // K/4OKMUEoca/GZnuuwr57w+ObIWhRANCAASDVuZCpA69GNKbo1MvvZ87vujwJ8P2 264 // 85pbovhwNp+ZiJgfXv5V0cXN9sDvKwcIR6FPf99CcqjfCcRC8wWK+Uuh 265 // -----END PRIVATE KEY----- 266 } 267 268 func ExampleMarshalPrivateKey_withoutPasswordSM9MasterSignKey() { 269 // real private key should be from secret storage, or generate directly 270 kb, _ := hex.DecodeString("0130E78459D78545CB54C587E02CF480CE0B66340F319F348A1D5B1F2DC5F4") 271 var b cryptobyte.Builder 272 b.AddASN1BigInt(new(big.Int).SetBytes(kb)) 273 kb, _ = b.Bytes() 274 testkey := new(sm9.SignMasterPrivateKey) 275 err := testkey.UnmarshalASN1(kb) 276 if err != nil { 277 panic(err) 278 } 279 280 // generate der bytes 281 der, err := pkcs8.MarshalPrivateKey(testkey, nil, nil) 282 if err != nil { 283 fmt.Fprintf(os.Stderr, "Error from MarshalPrivateKey: %s\n", err) 284 return 285 } 286 287 // encode der bytes to pem 288 block := &pem.Block{Bytes: der, Type: "SM9 SIGN PRIVATE KEY"} 289 pemContent := string(pem.EncodeToMemory(block)) 290 fmt.Printf("%v\n", pemContent) 291 } 292 293 func ExampleParseSM9SignMasterPrivateKey_withoutPassword() { 294 const privateKeyPem = ` 295 -----BEGIN SM9 SIGN PRIVATE KEY----- 296 MIHGAgEAMBUGCCqBHM9VAYIuBgkqgRzPVQGCLgEEgakwgaYCHwEw54RZ14VFy1TF 297 h+As9IDOC2Y0DzGfNIodWx8txfQDgYIABJ9kCAswhPcz5Ir/S0G1ZQEc4HEcXjks 298 +wqxtnkblMQIKduhFhUtH3hs6EPtJKO1c0FNIXc4apLdjxTWVpbqXjJphQk4q+oB 299 ErVzKfRH46DLrT4v2xp38zXonhQI0O8cJUHgClPdpTLaGnzgJ7ekb3QQBuhfXN/w 300 cw51wF+04yFt 301 -----END SM9 SIGN PRIVATE KEY-----` 302 block, _ := pem.Decode([]byte(privateKeyPem)) 303 if block == nil { 304 fmt.Fprintf(os.Stderr, "Failed to parse PEM block\n") 305 return 306 } 307 pk, err := pkcs8.ParseSM9SignMasterPrivateKey(block.Bytes) 308 if err != nil { 309 fmt.Fprintf(os.Stderr, "Error from ParseSM9SignMasterPrivateKey: %s\n", err) 310 return 311 } 312 if pk != nil { 313 fmt.Println("ok") 314 } else { 315 fmt.Println("fail") 316 } 317 // Output: ok 318 }