Skip to content

Instantly share code, notes, and snippets.

@sdorra
Created April 17, 2016 19:31
Star You must be signed in to star a gist
Save sdorra/1c95de8cb80da31610d2ad767cd6f251 to your computer and use it in GitHub Desktop.
Golang RSA Key Generation
/*
* Genarate rsa keys.
*/
package main
import (
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"encoding/asn1"
"encoding/gob"
"encoding/pem"
"fmt"
"os"
)
func main() {
reader := rand.Reader
bitSize := 2048
key, err := rsa.GenerateKey(reader, bitSize)
checkError(err)
publicKey := key.PublicKey
saveGobKey("private.key", key)
savePEMKey("private.pem", key)
saveGobKey("public.key", publicKey)
savePublicPEMKey("public.pem", publicKey)
}
func saveGobKey(fileName string, key interface{}) {
outFile, err := os.Create(fileName)
checkError(err)
defer outFile.Close()
encoder := gob.NewEncoder(outFile)
err = encoder.Encode(key)
checkError(err)
}
func savePEMKey(fileName string, key *rsa.PrivateKey) {
outFile, err := os.Create(fileName)
checkError(err)
defer outFile.Close()
var privateKey = &pem.Block{
Type: "PRIVATE KEY",
Bytes: x509.MarshalPKCS1PrivateKey(key),
}
err = pem.Encode(outFile, privateKey)
checkError(err)
}
func savePublicPEMKey(fileName string, pubkey rsa.PublicKey) {
asn1Bytes, err := asn1.Marshal(pubkey)
checkError(err)
var pemkey = &pem.Block{
Type: "PUBLIC KEY",
Bytes: asn1Bytes,
}
pemfile, err := os.Create(fileName)
checkError(err)
defer pemfile.Close()
err = pem.Encode(pemfile, pemkey)
checkError(err)
}
func checkError(err error) {
if err != nil {
fmt.Println("Fatal error ", err.Error())
os.Exit(1)
}
}
@xeoncross
Copy link

You can also replace asn1Bytes, err := asn1.Marshal(pubkey) with asn1Bytes, err := x509.MarshalPKIXPublicKey(&pubkey) if you want DER-encoded PKIX format.

@irshadhasmat
Copy link

A fantastic example. Very precise...

Thanks.

@helmutkemper
Copy link

In fact, for the code to work properly, the change suggested by Xeoncross must be made.

Thank you all

@JitinGuglani
Copy link

if any one knows how to save in .der format ?

@johnwesley
Copy link

Very well done, thank you. The only thing I would add are permissions on the private key file for ssh.

@oscarzhou
Copy link

Awesome example. Thanks

@ugokoli
Copy link

ugokoli commented May 17, 2019

Nice, but fails when using the generated public key to verify jwt token with https://github.com/dgrijalva/jwt-go. @xeoncross comment fixes the error.

@muratsplat
Copy link

@sdorra Why does the code example generate same private and public key while the code is executing one more time ?

@xeoncross
Copy link

xeoncross commented Jun 14, 2019

@muratsplat If you run it on play.golang.org it will always produce the same result. If you don't check the errors you might find that O_CREATE fails on the second run because the file already exists.

@muratsplat
Copy link

Sorry I forgot the test result is cached on the test. That reason make to show same result. You are right.

@muratsplat
Copy link

@xeoncross thanks for feedback..

@zzbennett
Copy link

Amazing! This and the comments saved me a bunch of time implementing this, especially @ugokoli's comment about jwt-go

@soxfmr
Copy link

soxfmr commented Jan 18, 2021

For PKCS#1 Formatting, the lable should be starts with RSA PRIVATE KEY instead of PRIVATE KEY. Nice code snippets 😃

var privateKey = &pem.Block{
    Type:  "RSA PRIVATE KEY",
    Bytes: x509.MarshalPKCS1PrivateKey(key),
}

@d1nch8g
Copy link

d1nch8g commented May 6, 2021

yo man, after a single look at your code i felt like it's really beatiful and ... i love u bruh thx for that implementation!

@GaureeshAnvekar
Copy link

You can also replace asn1Bytes, err := asn1.Marshal(pubkey) with asn1Bytes, err := x509.MarshalPKIXPublicKey(&pubkey) if you want DER-encoded PKIX format.

Thanks a lot

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment