Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/tls: Sometimes fails to parse private key #17279

Closed
Foosvald opened this issue Sep 29, 2016 · 7 comments
Closed

crypto/tls: Sometimes fails to parse private key #17279

Foosvald opened this issue Sep 29, 2016 · 7 comments

Comments

@Foosvald
Copy link

@Foosvald Foosvald commented Sep 29, 2016

What version of Go are you using (go version)?

go version go1.7 darwin/amd64

What did you do?

I'm trying to load X.509 key pairs using tls.LoadX509KeyPair. The key pairs have been generated using node-forge, and are generated using the same options each time. In most cases tls.LoadX509KeyPair works and loads the key pair, but for some of the key pairs it cannot parse the private key. All of the generated keys are parsed correctly by openssl though.

$ openssl rsa -in broken.key -check -noout
RSA key ok

This is the program I run:

package main

import (
    "crypto/tls"
    "log"
)

func main() {
    _, err := tls.LoadX509KeyPair("broken.pem", "broken.key")
    if(err != nil) {
        log.Fatal(err)
    }
    log.Print("Go loaded key successfully")
}

I've also attached both the key pair that is not working, and a key pair that is working (and is correctly opened by tls.LoadX509KeyPair) which has been generated using the same options.
keys.zip

What did you expect to see?

2016/09/29 14:31:49 Go loaded key successfully

What did you see instead?

2016/09/29 14:32:19 tls: failed to parse private key
exit status 1
@Foosvald Foosvald changed the title crypto/tls Sometimes fails to parse private key crypto/tls: Sometimes fails to parse private key Sep 29, 2016
@ebfe

This comment has been minimized.

Copy link
Contributor

@ebfe ebfe commented Sep 29, 2016

x509.ParsePKCS1PrivateKey fails with asn1: structure error: integer not minimally-encoded for broken.key

@Foosvald

This comment has been minimized.

Copy link
Author

@Foosvald Foosvald commented Sep 29, 2016

So is this a problem with node-forge? Or Go? OpenSSL says that they key is valid...

@quentinmit

This comment has been minimized.

Copy link
Contributor

@quentinmit quentinmit commented Oct 3, 2016

/cc @agl

I think from recent issues that this is WAI and the key is incorrectly generated. But I'll let Adam confirm.

@quentinmit quentinmit added this to the Unplanned milestone Oct 3, 2016
@Foosvald

This comment has been minimized.

Copy link
Author

@Foosvald Foosvald commented Oct 24, 2016

This was an issue in Node-forge, which has now been resolved. So I'm closing this issue.

@Foosvald Foosvald closed this Oct 24, 2016
@jeroiraz

This comment has been minimized.

Copy link

@jeroiraz jeroiraz commented Sep 27, 2017

Found the same issue, just using openssl and go 1.9, besides openssl validating the key the http server failed to parse it. Tried again with a key generated in the same way and worked. Seems the issue is still present

@izaaklauer

This comment has been minimized.

Copy link

@izaaklauer izaaklauer commented Nov 22, 2017

I'm also still seeing this issue with go 1.9. Openssl reports RSA key ok, x509.ParsePKCS1PrivateKey returns asn1: structure error: integer not minimally-encoded.

@bradfitz

This comment has been minimized.

Copy link
Contributor

@bradfitz bradfitz commented Nov 22, 2017

@jeroiraz, @izaaklauer, you're either using an old version of Node-forge before it was fixed (digitalbazaar/forge@4dfc87c) or you're commenting on the wrong bug.

In any case, this bug is closed and no longer tracked.

If you're having an issue, file a new bug with complete details.

@golang golang locked and limited conversation to collaborators Nov 22, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
7 participants
You can’t perform that action at this time.