1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
|
package main
import (
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"encoding/pem"
"errors"
"math/big"
"os"
"slices"
)
func GenerateDefaultKey() (*rsa.PrivateKey, error) {
// NOTE(fusion): Generate key from known P, Q, and E. There isn't a helper
// function from the standard library so we need to build the private key
// ourselves.
const (
P = "1201758001370723323398753778257470257713354828752713123415294815" +
"0506251412291888866940292054989907714155267326586216043845592229" +
"084368540020196135619327879"
Q = "1189892136861686835188050824611210139447876026576932541274639840" +
"5473436969889506919017477758618276066588858607419440134394668095" +
"105156501566867770737187273"
E = "65537"
)
p, ok := new(big.Int).SetString(P, 10)
if !ok || !p.ProbablyPrime(4) {
return nil, errors.New("invalid default P prime")
}
q, ok := new(big.Int).SetString(Q, 10)
if !ok || !q.ProbablyPrime(4) {
return nil, errors.New("invalid default Q prime")
}
e, ok := new(big.Int).SetString(E, 10)
if !ok || !e.IsInt64() || !e.ProbablyPrime(4) {
return nil, errors.New("invalid default E prime")
}
pMinus1 := new(big.Int).Sub(p, big.NewInt(1))
qMinus1 := new(big.Int).Sub(q, big.NewInt(1))
gcd := new(big.Int).GCD(nil, nil, pMinus1, qMinus1)
phi := new(big.Int).Mul(pMinus1, qMinus1)
lambda := new(big.Int).Div(phi, gcd)
d := new(big.Int).ModInverse(e, lambda)
n := new(big.Int).Mul(p, q)
privateKey := rsa.PrivateKey{
PublicKey: rsa.PublicKey{
N: n,
E: int(e.Int64()),
},
D: d,
Primes: []*big.Int{p, q},
}
return &privateKey, nil
}
func GenerateKey() (*rsa.PrivateKey, error) {
return rsa.GenerateKey(rand.Reader, 1024)
}
func main() {
var (
privateKey *rsa.PrivateKey
err error
)
if len(os.Args) > 1 && slices.Contains(os.Args[1:], "-default") {
privateKey, err = GenerateDefaultKey()
} else {
privateKey, err = GenerateKey()
}
if err != nil {
panic("failed to generate key: " + err.Error())
}
// NOTE(fusion): `Validate()` will only perform minor sanity checks. To actually
// check that the output key is valid use `openssl rsa -in KEY.PEM -check`.
err = privateKey.Validate()
if err != nil {
panic("invalid private key: " + err.Error())
}
// NOTE(fusion): Dump private key into stdout.
block := pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: x509.MarshalPKCS1PrivateKey(privateKey),
}
pem.Encode(os.Stdout, &block)
}
|