golang加载双向认证加密的证书key文件

证书的key是可以加密保存的，我们需要进行解密加载

func MyLoadX509KeyPair(certFile, keyFile, password string) (tls.Certificate, error) {certPEMByte, err := ioutil.ReadFile(certFile)if err != nil {return tls.Certificate{}, err}keyPEMByte, err := ioutil.ReadFile(keyFile)if err != nil {glog.Errorf("read %s failed! err: %s", keyFile, err)return tls.Certificate{}, err}keyPEMBlock, rest := pem.Decode(keyPEMByte)if len(rest) > 0 {glog.Errorf("Decode key failed!")return tls.Certificate{}, errors.Errorf("Decode key failed!")}if x509.IsEncryptedPEMBlock(keyPEMBlock) {keyDePEMByte, err := x509.DecryptPEMBlock(keyPEMBlock, []byte(password))if err != nil {glog.Errorf("decrypt failed! %s", err)return tls.Certificate{}, err}// 解析出其中的RSA 私钥key, err := x509.ParsePKCS1PrivateKey(keyDePEMByte)if err != nil {glog.Errorf("ParsePKCS1PrivateKey failed! %s", err)return tls.Certificate{}, err}// 编码成新的PEM 结构keyNewPemByte := pem.EncodeToMemory(&pem.Block{Type:  "RSA PRIVATE KEY",Bytes: x509.MarshalPKCS1PrivateKey(key),},)return tls.X509KeyPair(certPEMByte, keyNewPemByte)} else {return tls.X509KeyPair(certPEMByte, keyPEMByte)}
}

证书key进行增加密码或者去掉密码的操作方式

1、检测ssl.key 密码是否正确

openssl rsa -text -noout -in server.key
命令输出:
Private-Key: (2048 bit)
modulus:
00:b0:fd:c2:81:60:3f:d2:dc:fe:2d:34:c6:46:1e:
08:72:c3:78:f3:4d:12:16:b9:39:3e:0b:d3:8b:e7:
...

2 . 给server.key 添加密码

openssl rsa -des -in server.key -out encrypt.key
输出:
writing RSA key
Enter PEM pass phrase:  密码
Verifying - Enter PEM pass phrase: 再次输入密码
encrypt.key  这个文件就是加密过的key

3. 去掉密码

encrypt.key        加密KEY
nopassword.key  无加密
#openssl rsa -in encrypt.key -out nopassword.key
writing RSA key
Enter PEM pass phrase:  密码
Verifying - Enter PEM pass phrase: 再次输入密码