I have a cert file and a key file where the key file is encrypted with a password. I am trying to decrypt the key file programmatically before loading the key pair.
// Key file and cert file path
cf := filepath.Join(certPath, certFile)
kf := filepath.Join(certPath, keyFile)
//Read & decode the encrypted key file with the pass to make tls work
keyIn, err := ioutil.ReadFile(kf)
if err != nil {
log.Error("Read key error", err)
return nil, err
}
// Decode and decrypt our PEM block
decodedPEM, _ := pem.Decode([]byte(keyIn))
decrypedPemBlock, err := x509.DecryptPEMBlock(decodedPEM, []byte("somepassword"))
if err != nil {
log.Error("decrypt key error", err)
return nil, err
}
// Load our decrypted key pair
crt, err := tls.LoadX509KeyPair(cf, string(decrypedPemBlock))
if err != nil {
log.Error("load key pair error", err)
return nil, err
}
The original certs and key were generated using the following openssl parameters
openssl req -new -newkey rsa:2048 -x509 -keyout $CA_CERT.key -out $CA_CERT -days $validity -passin "pass:$password" -passout "pass:$password" -subj "/C=$C/ST=$ST/L=$L/O=$O/CN=$CN/emailAddress=$EMAIL"
The variables are substituted accordingly with $password being "somepassword"
I have tried decrypting the key using openssl rsa from the command line and it works fine with the the password above.
However in Go I get an error in tls.LoadX509KeyPair saying invalid argument.
time="2018-01-17T18:57:40Z" level=error msg="load key pair error: open
My best guess is that the key encoding might be messed up and I was wondering if anything is wrong with my code.
Update: Added error message and it seems like tls.LoadX509KeyPair can't understand the format as comments have pointed out below.