Difference between revisions of "Gopki"

package pki

import (
    "crypto"
    "crypto/rand"
    "crypto/rsa"
    "crypto/sha256"
    "crypto/x509"
    "encoding/pem"
    "errors"
)

// GenerateKeyPair generates a new RSA public/private key pair.
func GenerateKeyPair() (*rsa.PrivateKey, *rsa.PublicKey, error) {
    privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
    if err != nil {
        return nil, nil, err
    }
    publicKey := &privateKey.PublicKey
    return privateKey, publicKey, nil
}

// MarshalPrivateKeyPEM marshals an RSA private key to PEM format.
func MarshalPrivateKeyPEM(privateKey *rsa.PrivateKey) ([]byte, error) {
    privateKeyBytes := x509.MarshalPKCS1PrivateKey(privateKey)
    privateKeyPEM := pem.EncodeToMemory(&pem.Block{
        Type:  "RSA PRIVATE KEY",
        Bytes: privateKeyBytes,
    })
    return privateKeyPEM, nil
}

// UnmarshalPrivateKeyPEM unmarshals an RSA private key from PEM format.
func UnmarshalPrivateKeyPEM(privateKeyPEM []byte) (*rsa.PrivateKey, error) {
    block, _ := pem.Decode(privateKeyPEM)
    if block == nil || block.Type != "RSA PRIVATE KEY" {
        return nil, errors.New("failed to decode PEM block containing RSA private key")
    }
    privateKey, err := x509.ParsePKCS1PrivateKey(block.Bytes)
    if err != nil {
        return nil, err
    }
    return privateKey, nil
}

// Sign signs a message using an RSA private key.
func Sign(privateKey *rsa.PrivateKey, message []byte) ([]byte, error) {
    hashed := sha256.Sum256(message)
    signature, err := rsa.SignPKCS1v15(rand.Reader, privateKey, crypto.SHA256, hashed[:])
    if err != nil {
        return nil, err
    }
    return signature, nil
}

// Verify verifies a signature against a message using an RSA public key.
func Verify(publicKey *rsa.PublicKey, message []byte, signature []byte) error {
    hashed := sha256.Sum256(message)
    err := rsa.VerifyPKCS1v15(publicKey, crypto.SHA256, hashed[:], signature)
    if err != nil {
        return err
    }
    return nil
}