Reputation: 41
Use Go to encrypt message with ssh-rsa public key which then can be decrypted using openssl rsautl -decrypt
I have been trying to solve this for days. In Go code I am looking to take a ssh-rsa public key like:
ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGnnY4LuLq7Bs7VnFk2Vs6hNTmZLkUBRRhXNFyKZOCvmhKcM7BSHkGS7+phpIzj6mTOsJEBZKHQgac46COOT3ukO/farnnDz78KIq24U/+TZmyAyNNdzOVizK5aAApvpYTQpuSlIDDltLXQkPokedE/5vCIPiwVZW0TfqT/Rdy2XXwKewDQ05xvJhX3+nymZkyJX3GJ+pTfsDkKR+suSLDN3nupThPiWK5A1ZG9bbUkxHbsAXiTKS+qwADIWOtJvfNtPX54JjCo3Gh3/Fy0Ovxn3QSQlCF/IZNbSgm6R6adjaU4kXEF6zsLq+BjDKLtEA3A0tAIBj0T+DuuxpcV3aX
and message like: hello-world and encrypt that message with that key.
The private key is then going to be used to decrypt the key with openssl rsautl -decrypt -inkey privateKeyFile -in encryptedMsgFile
Upvotes: 4
Views: 1577
Answers (1)
Reputation: 49241
Encryption with SSH keys is described in detail in the post Encrypting Data With SSH Keys and Golang, in particular the import of the OpenSSH public key, for which the ssh package is applied. For encryption (with PKCS#1 v1.5 padding) the rsa package is used.
The following sample code illustrates this. Since the OpenSSL statement reads the ciphertext from a file, it makes most sense for the ciphertext to be stored in a binary file. For simplicity, however, in this example the cipher text is output hex encoded:
package main
import (
"crypto/rand"
"crypto/rsa"
"encoding/hex"
"fmt"
"golang.org/x/crypto/ssh"
)
func main() {
// Key import
publicKey := "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8NGcNWf6cUno2lpny36js9ynXCQ6kuJ14yIViuPwty0ZkfhpPdw3zVKWmKV0zS1/QyO6a5d85I9ywvEXHiZr4+fE4JRPxdEIQVGMz7OThs0XgluE4zZrw55ywMt/b6elPC2TkshUHQfDYQuIh1ZBqFOnvUIh8yyGc1L4sLACGY75tpvSE29RZQRmaZaV5YpzIM0SbpFirOqWsjKd3kLMjPqPr9+ISpqOP2tTfOfw9IW8gvRUYa2oRUEyE7Ju4QrwSWmKj9JK9KTeAzRiy5rsSW6issDaxQIYg2BNT8YLrNVm+FWpOVRud6KwohOpk8/YeM0EKEO3vAfGJH6tYT9Zv whatever"
parsed, _, _, _, err := ssh.ParseAuthorizedKey([]byte(publicKey))
if err != nil {
panic(err)
}
parsedCryptoKey := parsed.(ssh.CryptoPublicKey)
pubCrypto := parsedCryptoKey.CryptoPublicKey()
pub := pubCrypto.(*rsa.PublicKey)
// Encryption
msg := "The quick brown fox jumps over the lazy dog"
encryptedBytes, err := rsa.EncryptPKCS1v15(
rand.Reader,
pub,
[]byte(msg),
)
if err != nil {
panic(err)
}
fmt.Println(hex.EncodeToString(encryptedBytes))
}
A possible hex encoded ciphertext is:
7610da88661fc80b145f3bdd415cb71e73b1ad5100f7b5a9d9c5d27d9e3645d626dd784ccc5cc6c1e44aeec04b0e64072bfe1b58e88feec4b5e6ca63a14c5a23dad1370a303f2f775f4e6f349bab52a3f5883a51ac1f53247a4e05fb9989fc999878ac8f3821da0a079272738145dda7a340b7e4d44d922e563558972444b6f7400a4affffe2a6ee42d400cff51bf3eecc8cd1ffc9ea8c8d04ff6ef0e566d105a4841bcece7b16e2068a321e0c7b4cb964593fcf59795f0a14ec1ac95b941eaa452912bca2e1431992672dcdcc1ea42ff956ef7d21f126a1650c4a306817b4e094ee8c50a01dcc04a7be25e0c01b2ba678be3561774ae859353b5cc98a3b9b11
Note that this encryption is not deterministic, i.e. when you execute the code, you will get a different ciphertext.
Decryption is possible with the posted OpenSSL statement:
openssl rsautl -decrypt -inkey privateKeyFile -in encryptedMsgFile
taking into account:
encryptedMsgFilecontains the binary data of the ciphertext, i.e. the hex decoding of7610da...(if the ciphertext is stored directly as a binary file as mentioned above,encryptedMsgFilewould correspond to this file).privateKeyFilecontains the PEM encoded private PKCS#1 or PKCS#8 key. If your key is in OpenSSH's proprietary format (-----BEGIN OPENSSH PRIVATE KEY-----...), it must be converted to e.g. PKCS#8 format, e.g. withssh_keygen:ssh-keygen -p -N "" -m pkcs8 -f data.keyNote that
data.keycontains the OpenSSH key and is overwritten with the PKCS#8 key. For the posted example,privateKeyFileis:-----BEGIN PRIVATE KEY----- MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC8NGcNWf6cUno2 lpny36js9ynXCQ6kuJ14yIViuPwty0ZkfhpPdw3zVKWmKV0zS1/QyO6a5d85I9yw vEXHiZr4+fE4JRPxdEIQVGMz7OThs0XgluE4zZrw55ywMt/b6elPC2TkshUHQfDY QuIh1ZBqFOnvUIh8yyGc1L4sLACGY75tpvSE29RZQRmaZaV5YpzIM0SbpFirOqWs jKd3kLMjPqPr9+ISpqOP2tTfOfw9IW8gvRUYa2oRUEyE7Ju4QrwSWmKj9JK9KTeA zRiy5rsSW6issDaxQIYg2BNT8YLrNVm+FWpOVRud6KwohOpk8/YeM0EKEO3vAfGJ H6tYT9ZvAgMBAAECggEBAKP++alNuSpYSDxXAPD86cMLIL9LGiJ46Gb+PBSpYr04 uy8IHz8NW++j2/AtbRQsYuKYpCn/koLE+CJc/GUCSDMaAJLO5FDq4EJAdm0hyNPP Fl28u6Z2qsOu3v8+ZYjIi8+f+xu4/c/kKs0Xgtq+sOdvL+WkBDrR+okhbFErSo3O z4SXkSTbRzKuFuZQA8HPi5kkDloEKhvZr3M0UyxUm6OtQTgW9mz3u+eabtBWVHEk 3CY6AVi+FpKX1wj1j3gYCl5kjAxJALVuPXg/MhuiHBJODWWtsl4qnlrUqVn/qYwW G7GQb9dYjJK+WCjwG0VqoH2egEphaF4BrWMr6DLtseECgYEA5geNRjqKjmfxOlqm mA5BV08tey9C59Ef11aYmrx+ngkKDdHNvY2JOkpEA3huoa0sT4rRylmmYNBUVxnM UVqU8ppwRCfa58KTccopQO3BvSub74GvpwOX9MSn0CzW3brrFPfs72Lo3TAG4png ENufcF1PGqTDFXhQsQC8ZPJmWbECgYEA0XQBcF8tuEN1UHzPwnG35YPayRPusrxd 3PD2BmOcp8B4DHS1KU2vJwu0nisi7S8eUbGxpRjwg3c5clQWFxWHuc//aRRb2QGl TR1XvtnU6qjGAnH7jcF+tsRlWx6Qc35InGodzgS8SzemNzXEOVmI7U4r7LmQe9Q1 SX6dKzp/Gh8CgYB0bzwmYTmDLb/gDsSm0Qhn/k8CPID8QFGCuXWTVXgt3Ft3dUxT 91GP7MmSjCJLuhFkzdq1Nz3NYYZfdFKEl3ovdtb+2MGocEgb3/2TvQVFEM7ko9ta iaogHm7nI9s67wNRYNFQttsyIr5JcyQExHZm9QQ2c1HAC1+kyL+TxVLjcQKBgQC7 g0+Geq9Dt6DfXd3iBkzMfS7xtZaNDXY6xr57GdK1m+ndvN4zDAkyu5gHwjaSgQxz ttGDLMCl8abMY9si73ODNmNCf6d6r659Szey9PFY45/hsIm0bvYyScEzwjkwLG51 Gct1FWg9LqTv6IKzlSSwzrskQzzGn0TVdzTd7pC7oQKBgQDGTj2gvzn4gwFcAQI6 Zs4zbnXWwuQ0zt9y2Nzvs3Qwv8F2uryPnzv8DdbvdZ9dqnZCa8BvEALqfuOpKi4P 5wpd3+Tw6eCwtNZwNZ+TJXLxXelmQBehM52RUb9wM+QzRBhIJayEuveNzJ9Irc14 IDI76VfujESxC/qjZHFXkfdS3A== -----END PRIVATE KEY-----
Upvotes: 1
Related Questions
- How to decrypt an encrypted message with RSA private key
- GoLang: ssh client config for given public RSA key
- Command to send public key to remote host
- How to encrypt and decrypt data with Openssl RSA public private key pair in Golang?
- Encrypt message with RSA private key (as in OpenSSL's RSA_private_encrypt)
- How to use an encrypted private key with golang ssh
- How to send a rsa.PublicKey over a tcp connection in go?
- Ruby RSA public key encryption to Golang
- private/public key ssh-keygen -t rsa
- How to encrypt and decrypt plain text with a RSA keys in Go?