0

已经花费了几个小时来弄清楚为什么我无法使用

cert, err := tls.X509KeyPair(blockCrt.Bytes, blockPEM)

我做过的一些研究历史

如果我使用“x509.DecryptPEMBlock”,我会遇到类似的错误

x509:块中没有 DEK-Info 标头

所以,我改变了它,并结合使用了以下代码 x509.DecrpyPEMBlock 和https://github.com/youmark/pkcs8

package main

import (
    "crypto/tls"
    "crypto/x509"
    "encoding/pem"
    "errors"
    "fmt"
)

func main() {

    New()

}

func New() error {
    certPem := []byte(`
-----BEGIN CERTIFICATE-----

... -----结束证书----- `)

    keyPem := []byte(`
-----BEGIN ENCRYPTED PRIVATE KEY-----

... -----结束加密私钥----- `)

    // DECODE CRT PEM block
    blockCrt, _ := pem.Decode([]byte(certPem))

    // DECODE KEY PEM block
    blockKey, _ := pem.Decode([]byte(keyPem))

    // CHECK ENCRYPTION ON CRT/KEY PEM block
    isKeyEncryptedPem := x509.IsEncryptedPEMBlock(blockKey)
    isCrtyEncryptedPem := x509.IsEncryptedPEMBlock(blockCrt)

    if blockKey == nil || blockCrt == nil {
        fmt.Println("Error: Failed to decode PEM block")
        return errors.New("Error: Failed to decode PEM block")
    }

    // DECRYPT KEY PEM BLOCK WITH PASSPHRASE

    // Using private key
    // decryptPKCS8, err := pkcs8.ParsePKCS8PrivateKey(blockKey.Bytes, []byte(PassPhrase))
    // blockPKCS8, err := x509.MarshalPKCS8PrivateKey(decryptPKCS8)

    // keyPEM := pem.EncodeToMemory(blockPKCS8)

    // Using rsa
    // decryptPKCS8, err := pkcs8.ParsePKCS8PrivateKeyRSA(blockKey.Bytes, []byte(PassPhrase))
    // blockPEM := x509.MarshalPKCS1PrivateKey(decryptPKCS8)

    // blockPEM, err := x509.DecryptPEMBlock(keyPEM, []byte(PassPhrase))
    blockPEM, err := x509.DecryptPEMBlock(blockKey, []byte("password"))

    // decrypedPemBlock, err := x509.DecryptPEMBlock(decryptPKCS8, []byte(PassPhrase))
    // derFmt, err := pkcs8.MarshalPrivateKey(decryptPKCS8, []byte(PassPhrase))

    // fmt.Println("=== decryptPKCS8:", decryptPKCS8)
    fmt.Println("=== isKeyEncryptedPem: ", isKeyEncryptedPem)
    fmt.Println("=== isCrtyEncryptedPem: ", isCrtyEncryptedPem)
    fmt.Println("=== blockCrt: ", blockCrt)
    fmt.Println("=== blockKey: ", blockKey)
    fmt.Println("=== blockPEM: ", blockPEM)

    if err != nil {
        fmt.Println("Error: Decrypt Key Error - ", err)
        return err
    }

    // cert, err := tls.X509KeyPair(certPem, decrypedPemBlock)
    // cert, err := tls.X509KeyPair(certPem, decrypedPemBlock)
    cert, err := tls.X509KeyPair(blockCrt.Bytes, blockPEM)
    // cert, err := tls.X509KeyPair(blockCrt.Bytes, keyPEM)
    // cert, err := tls.X509KeyPair(blockCrt.Bytes, blockKey.Bytes)

    fmt.Println("=== cert: ", cert)

    if err != nil {
        fmt.Println("Error: ", err)
        return err
    }

    return nil
}

但是,我仍然一直碰壁,想问是否有人知道我是否遗漏了什么?

4

0 回答 0