How to write out ecdsa keys using golang crypto?

Issue

I have some Go code to generate an ECDSA key and write it to a file:

priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
ecder, err := x509.MarshalECPrivateKey(priv)
keypem, err := os.OpenFile("ec-key.pem", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
pem.Encode(keypem, &pem.Block{Type: "EC PRIVATE KEY", Bytes: ecder})

This works and generates a “BEGIN EC PRIVATE KEY” block. But when you write the key out in openssl you also get a “BEGIN EC PARAMETERS” block specifying the curve used. Is there a way to write out the EC PARAMETERS to the pem file in Go?

Solution

One ugly way I found so far to do it:

For named curves, openssl writes out the ASN.1 OID into the EC PARAMETERS block. So I looked up the OID for the P256 curve from http://www.ietf.org/rfc/rfc5480.txt and added:

secp256r1, err := asn1.Marshal(asn1.ObjectIdentifier{1, 2, 840, 10045, 3, 1, 7})
pem.Encode(keypem, &pem.Block{Type: "EC PARAMETERS", Bytes: secp256r1})

This works for my current use case but I don’t know if it’s possible to do this generically..

Answered By – Aaron

Answer Checked By – Pedro (GoLangFix Volunteer)

Leave a Reply

Your email address will not be published.