Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/x509: failed to parse ECDSA256 PEM generated by Apple Developer Website #33560

Closed
EddaAkikusa opened this issue Aug 9, 2019 · 3 comments
Closed

Comments

@EddaAkikusa
Copy link

@EddaAkikusa EddaAkikusa commented Aug 9, 2019

What version of Go are you using (go version)?

1.12.7

Does this issue reproduce with the latest release?

Yes

What operating system and processor architecture are you using (go env)?

go env Output
GOOS="darwin"
GOARCH="amd64"

What did you do?

I'm trying to build a Apple Push Notification Service server with github.com/dgrijalva/jwt-go, which can generate token to communicate with Apple's server.
I downloaded the ECDSA256 private key(.pem file) from Apple Developer Website and tried to form the token using built-in parser.
I've regenerated the private key more than two times and it always occur.

This key is already revoked so I think it's safe to attach here

-----BEGIN PRIVATE KEY-----
MIGTAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBHkwdwIBAQQgK4vwsbmI8Zv5L3Vi
3A6jLxpPhT1foluxAzVrF8HUz0+gCgYIKoZIzj0DAQehRANCAASiiOmidKO8QG/1
uxIzl8g8yqYDCmImljypqZxutYg1YaMJuBpgfFCJdtp+SdYhq8J8avOMwDwep8KC
lfN6cID4
-----END PRIVATE KEY-----

What did you expect to see?

No error should be presented.

What did you see instead?

It presented such error messages.

2019/08/09 14:56:14 x509: failed to parse EC private key: asn1: structure error: tags don't match (4 vs {class:0 tag:16 length:19 isCompound:true}) {optional:false explicit:false application:false private:false defaultValue:<nil> tag:<nil> stringType:0 timeType:0 set:false omitEmpty:false}  @5
@odeke-em
Copy link
Member

@odeke-em odeke-em commented Aug 10, 2019

Thank you for reporting this issue @Frozen-Tofu and welcome to the Go project!

I have made for you a runnable playground link https://play.golang.org/p/KYMQBqBqlz0
or inlined below

package main

import (
	"crypto/x509"
	"fmt"
	"log"
)

func main() {
	blob := []byte(`
-----BEGIN PRIVATE KEY-----
MIGTAgEAMBMGByqGSM49AgEGCCqGSM49AwEHBHkwdwIBAQQgK4vwsbmI8Zv5L3Vi
3A6jLxpPhT1foluxAzVrF8HUz0+gCgYIKoZIzj0DAQehRANCAASiiOmidKO8QG/1
uxIzl8g8yqYDCmImljypqZxutYg1YaMJuBpgfFCJdtp+SdYhq8J8avOMwDwep8KC
lfN6cID4
-----END PRIVATE KEY-----
`)
	privKey, err := x509.ParseECPrivateKey(blob)
	if err != nil {
		log.Fatalf("Failed to parse private key: %v", err)
	}
	fmt.Printf("%#v\n", privKey)
}

in the future, please attach a reproducible code sample not just the private key :)

We are currently in code freeze before we release Go1.13 but I shall kindly ping some cryptography experts @agl @FiloSottile to take a look.

@odeke-em odeke-em changed the title Failed to parse ECDSA256 PEM generated by Apple Developer Website crypto/x509: failed to parse ECDSA256 PEM generated by Apple Developer Website Aug 10, 2019
@odeke-em odeke-em added this to the Go1.14 milestone Aug 10, 2019
@agl
Copy link
Contributor

@agl agl commented Aug 10, 2019

That private key is PEM encoded, so you need to unwrap that first. Also, it's a PKCS#8 rather than raw ECC private key, so the correct parsing function is ParsePKCS8PrivateKey. (The “PRIVATE KEY” means PKCS#8—I'm afraid the PKCS standards are just awkward like that.)

See https://play.golang.org/p/AlXERsa1Evr

@agl agl closed this Aug 10, 2019
@EddaAkikusa
Copy link
Author

@EddaAkikusa EddaAkikusa commented Aug 11, 2019

Okay thank you

@golang golang locked and limited conversation to collaborators Aug 10, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
4 participants
You can’t perform that action at this time.