Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

crypto/x509: unable to parse PKCS1 RSA private key from Microsoft Terminal Services Signing Key #38181

bamiaux opened this issue Mar 31, 2020 · 2 comments


Copy link

@bamiaux bamiaux commented Mar 31, 2020

What version of Go are you using (go version)?

$ go version
go version go1.14 windows/amd64

Does this issue reproduce with the latest release?


What operating system and processor architecture are you using (go env)?

go env Output
$ go env
set GOARCH=amd64
set GOOS=windows

What did you do?

I converted an RSA private key to PEM and tried to load it with crypto/x509.
I manually verified the PEM is valid with Python.

What did you expect to see?

To be able to parse the PEM & get the RSA private key contained inside

What did you see instead?

An error: "asn1: structure error: integer too large"

Probably related to #3161

Copy link

@bamiaux bamiaux commented Mar 31, 2020

Relevant check is here

// checkPub sanity checks the public key before we use it.
// We require pub.E to fit into a 32-bit integer so that we
// do not have different behavior depending on whether
// int is 32 or 64 bits. See also
func checkPub(pub *PublicKey) error {
	if pub.N == nil {
		return errPublicModulus
	if pub.E < 2 {
		return errPublicExponentSmall
	if pub.E > 1<<31-1 {
		return errPublicExponentLarge
	return nil

Here, the fixed public exponent still fit 32-bits (uint32 instead of int32), so changing

pub.E > 1<<31 - 1
pub.E > 1<<32 - 1

may be enough to make it work, but I have no idea of the implications of doing this, especially considering

Copy link

@FiloSottile FiloSottile commented Mar 31, 2020

rsa.PublicKey.E unfortunately is an int, not uint, so on 32-bit machines it will only hold values lower than 1<<31, and we want to be consistent across architectures. Such exponents are rare and unnecessary.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.