AB
DimeHenman
public keyprivate key
RSA
RSAElgamalRabinD-HECCRSARSARSA
RSARSARSA
ASN.1
ASN.1Abstract Syntax Notation OneASN.1Basic Encoding RulesBERCanonical Encoding RulesCERDistinguished Encoding RulesDERPacked Encoding RulesPERXMLXML Encoding RulesXER
X.509
X.509X.509TLS/SSLX.509X.509ASN.1ASN.1 DER
golangRSA
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
package main
import (
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"encoding/pem"
"fmt"
"os"
)
func generatePrinAndPubKeys(size int) {
pri, err := rsa.GenerateKey(rand.Reader, size)
if err != nil {
panic(fmt.Sprintf("generate rsa keys fail: %s", err))
}
derTx := x509.MarshalPKCS1PrivateKey(pri)
block := pem.Block{Type: "RSA PRIVATE KEY", Bytes: derTx}
file, err := os.Create("private.pem")
if err != nil {
panic(fmt.Sprintf("create file fail: %s", err))
}
defer file.Close()
if err := pem.Encode(file, &block); err != nil {
panic(fmt.Sprintf("private key input file fail: %s", err))
}
derstream, err := x509.MarshalPKIXPublicKey(&pri.PublicKey)
if err != nil {
panic(fmt.Sprintf("marshal public key fail: %s", err))
}
block = pem.Block{Type: "RSA PUBLIC KEY", Bytes: derstream}
pubFile, err := os.Create("public.pem")
if err != nil {
panic(fmt.Sprintf("create file fail: %s", err))
}
defer pubFile.Close()
if err := pem.Encode(pubFile, &block); err != nil {
panic(fmt.Sprintf("private key input file fail: %s", err))
}
}
func main() {
generatePrinAndPubKeys(1024)
}
golangRSA
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
package main
import (
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"encoding/base64"
"encoding/pem"
"fmt"
"io/ioutil"
)
func publicKeyEncrypt(plainText []byte, keyFile string) []byte {
content, err := ioutil.ReadFile(keyFile)
if err != nil {
panic(fmt.Sprintf("read public key file fail: %s", err))
}
block, _ := pem.Decode(content)
pubInterface, err := x509.ParsePKIXPublicKey(block.Bytes)
if err != nil {
panic(fmt.Sprintf("parse public key fail: %s", err))
}
pubKey := pubInterface.(*rsa.PublicKey)
cipherTxt, err := rsa.EncryptPKCS1v15(rand.Reader, pubKey, plainText)
if err != nil {
panic(fmt.Sprintf("encrypt plain fail: %s", err))
}
return cipherTxt
}
func privateKeyDecrypt(cipherTxt []byte, keyFile string) []byte {
content, err := ioutil.ReadFile(keyFile)
if err != nil {
panic(fmt.Sprintf("read private key file fail: %s", err))
}
block, _ := pem.Decode(content)
priKey, err := x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil {
panic(fmt.Sprintf("parse private key fail: %s", err))
}
plainTxt, err := rsa.DecryptPKCS1v15(rand.Reader, priKey, cipherTxt)
if err != nil {
panic(fmt.Sprintf("decrypt cipher fail: %s", err))
}
return plainTxt
}
func main() {
txt := "this is testing text"
cipher := publicKeyEncrypt([]byte(txt), "public.pem")
fmt.Printf("%v\n", base64.StdEncoding.EncodeToString(cipher))
fmt.Printf("%s\n", string(privateKeyDecrypt(cipher, "private.pem")))
}
golangRSA
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
package main
import (
"crypto"
"crypto/rand"
"crypto/rsa"
"crypto/sha256"
"crypto/x509"
"encoding/pem"
"fmt"
"io/ioutil"
)
func signByRsa(priFile string, plaintext []byte) []byte {
content, err := ioutil.ReadFile(priFile)
if err != nil {
panic(fmt.Sprintf("read private key file fail: %s", err))
}
derTxt, _ := pem.Decode(content)
priKey, err := x509.ParsePKCS1PrivateKey(derTxt.Bytes)
if err != nil {
panic(fmt.Sprintf("parse private key fail: %s", err))
}
h := sha256.New()
h.Write(plaintext)
hashed, err := rsa.SignPKCS1v15(rand.Reader, priKey, crypto.SHA256, h.Sum(nil))
if err != nil {
panic(fmt.Sprintf("sign plaintext fail: %s", err))
}
return hashed
}
func verifyByRsa(pubFile string, plaintext, sign []byte) bool {
content, err := ioutil.ReadFile(pubFile)
if err != nil {
panic(fmt.Sprintf("read public key file fail: %s", err))
}
derTxt, _ := pem.Decode(content)
pubInterface, err := x509.ParsePKIXPublicKey(derTxt.Bytes)
if err != nil {
panic(fmt.Sprintf("parse public key fail: %s", err))
}
pubKey := pubInterface.(*rsa.PublicKey)
h := sha256.New()
h.Write(plaintext)
if err := rsa.VerifyPKCS1v15(pubKey, crypto.SHA256, h.Sum(nil), sign); err != nil {
return false
}
return true
}
func main() {
txt := []byte("this is testing text")
sign := signByRsa("private.pem", txt)
fmt.Printf("sign verify result: %v\n", verifyByRsa("public.pem", txt, sign))
}
golang
椭圆曲线非对称加密算法
Elliptic Curve CryptographyECCGolangECCRSA
GolangECCECCgo-ethereumECC
GolangECC
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
package main
import (
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"crypto/x509"
"encoding/pem"
"fmt"
"os"
)
func generatePriAndPubKeys(curve elliptic.Curve) {
priKey, err := ecdsa.GenerateKey(curve, rand.Reader)
if err != nil {
panic(fmt.Sprintf("generate private key fail: %s", err))
}
derTxt, err := x509.MarshalECPrivateKey(priKey)
if err != nil {
panic(fmt.Sprintf("marshal private key fail: %s", err))
}
block := pem.Block{Type: "ECC PRIVATE KEY", Bytes: derTxt}
file, err := os.Create("ecc_private.pem")
if err != nil {
panic(fmt.Sprintf("create private key file fail: %s", err))
}
defer file.Close()
if err := pem.Encode(file, &block); err != nil {
panic(fmt.Sprintf("write private key fail: %s", err))
}
pubDerTxt, err := x509.MarshalPKIXPublicKey(&priKey.PublicKey)
if err != nil {
panic(fmt.Sprintf("marshal public key fail: %s", err))
}
pubBlock := pem.Block{Type: "ECC PRIVATE KEY", Bytes: pubDerTxt}
pubFile, err := os.Create("ecc_public.pem")
if err != nil {
panic(fmt.Sprintf("create private key file fail: %s", err))
}
defer pubFile.Close()
if err := pem.Encode(pubFile, &pubBlock); err != nil {
panic(fmt.Sprintf("write private key fail: %s", err))
}
}
func main() {
generatePriAndPubKeys(elliptic.P256())
}
golangECC
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
package main
import (
"crypto/ecdsa"
"crypto/rand"
"crypto/sha256"
"crypto/x509"
"encoding/pem"
"fmt"
"io/ioutil"
"math/big"
)
func signByEcc(priFile string, plaintext []byte) (rTxt, sTxt []byte) {
content, err := ioutil.ReadFile(priFile)
if err != nil {
panic(fmt.Sprintf("read private key file fail: %s", err))
}
block, _ := pem.Decode(content)
priKey, err := x509.ParseECPrivateKey(block.Bytes)
if err != nil {
panic(fmt.Sprintf("parse private key fail: %s", err))
}
h := sha256.New()
h.Write(plaintext)
r, s, err := ecdsa.Sign(rand.Reader, priKey, h.Sum(nil))
if err != nil {
panic(fmt.Sprintf("sign fail: %s", err))
}
rTxt, _ = r.MarshalText()
sTxt, _ = s.MarshalText()
return rTxt, sTxt
}
func verifyByEcc(pubFile string, plaintext, rTxt, sTxt []byte) bool {
content, err := ioutil.ReadFile(pubFile)
if err != nil {
panic(fmt.Sprintf("read public key file fail: %s", err))
}
block, _ := pem.Decode(content)
pubInterface, err := x509.ParsePKIXPublicKey(block.Bytes)
if err != nil {
panic(fmt.Sprintf("parse public key fail: %s", err))
}
pubKey := pubInterface.(*ecdsa.PublicKey)
r, s := new(big.Int), new(big.Int)
if err := r.UnmarshalText(rTxt); err != nil {
panic(fmt.Sprintf("unmarshal r fail: %s", err))
}
if err := s.UnmarshalText(sTxt); err != nil {
panic(fmt.Sprintf("unmarshal s fail: %s", err))
}
h := sha256.New()
h.Write(plaintext)
return ecdsa.Verify(pubKey, h.Sum(nil), r, s)
}
func main() {
txt := []byte("this is testing text")
r, s := signByEcc("ecc_private.pem", txt)
fmt.Printf("sign verify result: %v\n", verifyByEcc("ecc_public.pem", txt, r, s))
}
参考和引用
