From dcb94c112f3134eb66acbe52e712011de2a539f1 Mon Sep 17 00:00:00 2001 From: Sun Yimin Date: Thu, 27 Jun 2024 11:17:31 +0800 Subject: [PATCH] pkcs8: add example code for encrypted to plaintext --- pkcs8/example_test.go | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) diff --git a/pkcs8/example_test.go b/pkcs8/example_test.go index fd7c66f..2531892 100644 --- a/pkcs8/example_test.go +++ b/pkcs8/example_test.go @@ -11,6 +11,7 @@ import ( "github.com/emmansun/gmsm/pkcs8" "github.com/emmansun/gmsm/sm2" "github.com/emmansun/gmsm/sm9" + "github.com/emmansun/gmsm/smx509" "golang.org/x/crypto/cryptobyte" ) @@ -228,6 +229,42 @@ jZHNffmk4ii7NxCfjrzpiFq4clYsNMXeSEnq1tuOEur4kYcjHYSIFc9bPG656a60 // Output: ok } +func ExampleParsePKCS8PrivateKeySM2_removePassword() { + const privateKeyPem = ` +-----BEGIN ENCRYPTED PRIVATE KEY----- +MIH2MGEGCSqGSIb3DQEFDTBUMDQGCSqGSIb3DQEFDDAnBBDa6ckWJNP3QBD7MIF8 +4nVqAgEQAgEQMA0GCSqBHM9VAYMRAgUAMBwGCCqBHM9VAWgCBBDMUgr+5Y/XN2g9 +mPGiISzGBIGQytwK98/ET4WrS0H7AsUri6FTqztrzAvgzFl3+s9AsaYtUlzE3EzE +x6RWxo8kpKO2yj0a/Jh9WZCD4XAcoZ9aMopiWlOdpXJr/iQlMGdirCYIoF37lHMc +jZHNffmk4ii7NxCfjrzpiFq4clYsNMXeSEnq1tuOEur4kYcjHYSIFc9bPG656a60 ++SIJsJuPFi0f +-----END ENCRYPTED PRIVATE KEY-----` + password := []byte("Password1") + block, _ := pem.Decode([]byte(privateKeyPem)) + if block == nil { + fmt.Fprintf(os.Stderr, "Failed to parse PEM block\n") + return + } + pk, err := pkcs8.ParsePKCS8PrivateKeySM2(block.Bytes, password) + if err != nil { + fmt.Fprintf(os.Stderr, "Error from ParsePKCS8PrivateKeySM2: %s\n", err) + return + } + der, err := smx509.MarshalPKCS8PrivateKey(pk) + if err != nil { + fmt.Fprintf(os.Stderr, "Error from MarshalPKCS8PrivateKey: %s\n", err) + return + } + block = &pem.Block{Bytes: der, Type: "PRIVATE KEY"} + pemContent := string(pem.EncodeToMemory(block)) + fmt.Printf("%v\n", pemContent) + // Output: -----BEGIN PRIVATE KEY----- +// MIGHAgEAMBMGByqGSM49AgEGCCqBHM9VAYItBG0wawIBAQQgbFoKCy7tPL7D5PEl +// K/4OKMUEoca/GZnuuwr57w+ObIWhRANCAASDVuZCpA69GNKbo1MvvZ87vujwJ8P2 +// 85pbovhwNp+ZiJgfXv5V0cXN9sDvKwcIR6FPf99CcqjfCcRC8wWK+Uuh +// -----END PRIVATE KEY----- +} + func ExampleMarshalPrivateKey_withoutPasswordSM9MasterSignKey() { // real private key should be from secret storage, or generate directly kb, _ := hex.DecodeString("0130E78459D78545CB54C587E02CF480CE0B66340F319F348A1D5B1F2DC5F4")