Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Converting rsa.PublicKey to ssh.PublicKey

Tags:

I have an rsa.PublicKey which consists of a modulus and a public exponenet in a struct. I want to verify an ssh.Signature which is signed with that key, and I figure if I have an ssh.PublicKey I can call the Verify method on that interface. However, I can't find any classes that implement ssh.PublicKey and support converting from rsa.PublicKey. Do I need to write a proprietary method to do this, or is there some class I'm not finding, or a better way to go about solving my problem?

For context, I got the rsa.PublicKey from an x509.Certificate which came from a yubikey attesting a key in one of its PIV slots.

like image 730
Jakob Weisblat Avatar asked Jul 26 '16 02:07

Jakob Weisblat

1 Answers

The NewPublicKey function from the crypto/ssh package http://godoc.org/golang.org/x/crypto/ssh#NewPublicKey can take an *rsa.PublicKey as parameter and returns an instance of the PublicKey interface that includes a Verify method (Verify(data []byte, sig *Signature) error) - http://godoc.org/golang.org/x/crypto/ssh#PublicKey.

The program below illustrates it - we create a new *rsa.PrivateKey and sign a message with it, then convert *rsa.PublicKey to ssh.PublicKey using NewPublicKey function and verify the signature; also check that the signature verification fails if the original data is modified. The error checking is elided for brevity.

package main

import (
    "crypto/rand"
    "crypto/rsa"
    "fmt"
    "log"

    "golang.org/x/crypto/ssh"
)

func main() {
    data := []byte("Hello, world!")

    // create a new key as *rsa.PrivateKey
    priv, _ := rsa.GenerateKey(rand.Reader, 512)
    signer, _ := ssh.NewSignerFromKey(priv)
    sig, _ := signer.Sign(rand.Reader, data)

    // extract the ssh.PublicKey from *rsa.PublicKey to verify the signature
    pub, _ := ssh.NewPublicKey(&priv.PublicKey)
    if err := pub.Verify(data, sig); err != nil {
        log.Fatalf("publicKey.Verify failed: %v", err)
    }
    fmt.Printf("Signature OK\n")
    // modify the data and make sure we get a failure
    data[0]++
    if err := pub.Verify(data, sig); err == nil {
        log.Printf("publicKey.Verify passed on bad data/signature, expect failure")
    }
}

Output:

Signature OK
like image 54
dmitris Avatar answered Oct 11 '22 13:10

dmitris
Sign in to Comment

Related questions

MySQL group by with rollup, coalesce/ifnull, and date functions
Concatenating column values with distinct gets strange result [duplicate]
Angular2, why functions are called each time I move the mouse
SVC (support vector classification) with categorical (string) data as labels
D3 v4 - d3.zoom() prevents binding some events except on the Window
React + React Native starter kit
What should be a secret key (or an authentication key) that passed to `NewCookieStore()` in `gorilla/sessions`?
Django - create a class instance in AppConfig.ready() only once
How to remove spacing between rows in RecyclerView using GridLayoutManager
Detect Character Set/Script of Arbitrary String
Can you override what == does in Javascript? [duplicate]
how to change "Build Host" in rpm

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!