Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

crypto/tls: Sometimes fails to parse private key #17279

Closed
Foosvald opened this issue Sep 29, 2016 · 7 comments
Closed

crypto/tls: Sometimes fails to parse private key #17279

Foosvald opened this issue Sep 29, 2016 · 7 comments
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Milestone
Unplanned

Comments

@Foosvald
Copy link

Foosvald commented Sep 29, 2016
edited

What version of Go are you using (go version)?

go version go1.7 darwin/amd64

What did you do?

I'm trying to load X.509 key pairs using tls.LoadX509KeyPair. The key pairs have been generated using node-forge, and are generated using the same options each time. In most cases tls.LoadX509KeyPair works and loads the key pair, but for some of the key pairs it cannot parse the private key. All of the generated keys are parsed correctly by openssl though.

$ openssl rsa -in broken.key -check -noout
RSA key ok

This is the program I run:

package main

import (
    "crypto/tls"
    "log"
)

func main() {
    _, err := tls.LoadX509KeyPair("broken.pem", "broken.key")
    if(err != nil) {
        log.Fatal(err)
    }
    log.Print("Go loaded key successfully")
}

I've also attached both the key pair that is not working, and a key pair that is working (and is correctly opened by tls.LoadX509KeyPair) which has been generated using the same options.
keys.zip

What did you expect to see?

2016/09/29 14:31:49 Go loaded key successfully

What did you see instead?

2016/09/29 14:32:19 tls: failed to parse private key
exit status 1
@Foosvald Foosvald changed the title crypto/tls Sometimes fails to parse private key crypto/tls: Sometimes fails to parse private key Sep 29, 2016
@ebfe
Copy link
Contributor

ebfe commented Sep 29, 2016

x509.ParsePKCS1PrivateKey fails with asn1: structure error: integer not minimally-encoded for broken.key

@Foosvald
Copy link
Author

So is this a problem with node-forge? Or Go? OpenSSL says that they key is valid...

@Foosvald Foosvald mentioned this issue Sep 30, 2016
Closed
@quentinmit
Copy link
Contributor

/cc @agl

I think from recent issues that this is WAI and the key is incorrectly generated. But I'll let Adam confirm.

@quentinmit quentinmit added the NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one. label Oct 3, 2016
@quentinmit quentinmit added this to the Unplanned milestone Oct 3, 2016
@Foosvald
Copy link
Author

This was an issue in Node-forge, which has now been resolved. So I'm closing this issue.

@jeroiraz
Copy link

Found the same issue, just using openssl and go 1.9, besides openssl validating the key the http server failed to parse it. Tried again with a key generated in the same way and worked. Seems the issue is still present

@izaaklauer
Copy link

I'm also still seeing this issue with go 1.9. Openssl reports RSA key ok, x509.ParsePKCS1PrivateKey returns asn1: structure error: integer not minimally-encoded.

@bradfitz
Copy link
Contributor

@jeroiraz, @izaaklauer, you're either using an old version of Node-forge before it was fixed (digitalbazaar/forge@4dfc87c) or you're commenting on the wrong bug.

In any case, this bug is closed and no longer tracked.

If you're having an issue, file a new bug with complete details.

@golang golang locked and limited conversation to collaborators Nov 22, 2018
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge NeedsInvestigation Someone must examine and confirm this is a valid issue and not a duplicate of an existing one.
Projects
None yet
Milestone
Unplanned
Development

No branches or pull requests
7 participants
@bradfitz @quentinmit @Foosvald @ebfe @jeroiraz @izaaklauer @gopherbot