Golang private Key "encrypt" public key "decrypt"

Source: Internet
Author: User
Tags crypt

This is a creation in Article, where the information may have evolved or changed.

Prior to work mainly using C + + with the bank/third-party payment docking, but C + + can not meet the customer "the day to the agreement tomorrow real-time upload" development speed and the company some special circumstances, so decided to use go to try to achieve. The basic framework has been implemented in accordance with the original C + + non-blocking framework, the internal encryption method is also used to re-implement the go again, but a digital certificate encryption way really pit dad, at the same time this problem, also saw the name of OpenSSL confusion.

Description of this encryption method is that the sender uses the private key for RSA encryption, and the receiving party decrypts the RSA using the public key. See such a description of the encryption, the feeling and their understanding is a bit different, do not know that they do not understand the depth of this, their own understanding is (previously used encryption method): The public key is public, the private key is saved, with the private key to the data signature , Validate The signature with the public key. Feel the wind is not the same, check the OpenSSL, indeed there are such functions:
rsa_private_encryptandRsa_public_decrypt, refer to the documentation. With OpenSSL it is easy to implement such an encryption decryption. But with the pure Go language implementation, it is impossible to use CGO to invoke the C function, check the go document, there is a similar function (crypt/rsa):
func decryptpkcs1v15 (Rand io. Reader, Priv *privatekey, ciphertext []byte] ([]byte, error)andfunc encryptpkcs1v15 (Rand io. Reader, Pub *publickey, msg []byte] ([]byte, error). But look closely, this is using the public key for encryption , using the private key for decryption , and the description is exactly the opposite. In addition to these two functions involving public private key cryptography, it seems that there are no other similar functions found in go.

In Google (Science online lanttern), can search the answer seems not much, finally found in StackOverflow results: Encrypt message with the RSA private key (as in OpenSSL ' s Rsa_ Private_encrypt. A buddy hand-done, its code on the Goplaygound. Look at the code, if it is not familiar with the data structure inside go, and the RSA mechanism is very clear, it is difficult to write normal code. Does go have no ready code to complete this function? Later, someone said, this is what bullshit encryption, is a RSA signature, usecrypt/rsainside,func SignPKCS1v15(rand io.Reader, priv *PrivateKey, hash crypto.Hash, hashed []byte) ([]byte, error)realize. The test results are really the same. Later, looking back at the reference documentation in OpenSSL,these functions handle RSA signatures at alow level. This is the signature ah, since it is the signature, why name encrypt/ Decrypt? Is it because of the naming problem, widely spread as the private key "encrypt" the public key "decrypt"?

Go don't know if you can't stand the confusing argument that the private key "encrypts" the public key "decrypt," and does not provide similar functions like other languages? As for the public key "decryption", the online search is not satisfied with the answer, but since the private key "Encryption" is the RSA signature, then the public key "decryption" should be to verify the signature. Since the internet can not find a satisfactory answer, then only modify the function of Gofunc VerifyPKCS1v15(pub *PublicKey, hash crypto.Hash, hashed []byte, sig []byte) error. It is proved that the idea is feasible. Data encrypted with OpenSSL can be decrypted, encrypted data can be decrypted by OpenSSL at the same time.

Related code: Https://github.com/buf1024/golib/tree/master/crypt only simple exportPrivateEncryptandPublicDecrypttwo functions.

Finally, OpenSSL does have some very confusing naming patterns, while other languages/libraries compromise this chaotic situation, then the chaos seems to become universal. If not very familiar, then to a no longer compromise this confusion, then it is easy to make themselves confused ah.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.