1 // Copyright 2011 The Go Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style
3 // license that can be found in the LICENSE file.
14 // pkcs8 reflects an ASN.1, PKCS#8 PrivateKey. See
15 // ftp://ftp.rsasecurity.com/pub/pkcs/pkcs-8/pkcs-8v1_2.asn
19 Algo pkix
.AlgorithmIdentifier
21 // optional attributes omitted.
24 // ParsePKCS8PrivateKey parses an unencrypted, PKCS#8 private key. See
25 // http://www.rsa.com/rsalabs/node.asp?id=2130 and RFC5208.
26 func ParsePKCS8PrivateKey(der
[]byte) (key
interface{}, err error
) {
28 if _
, err
:= asn1
.Unmarshal(der
, &privKey
); err
!= nil {
32 case privKey
.Algo
.Algorithm
.Equal(oidPublicKeyRSA
):
33 key
, err
= ParsePKCS1PrivateKey(privKey
.PrivateKey
)
35 return nil, errors
.New("x509: failed to parse RSA private key embedded in PKCS#8: " + err
.Error())
39 case privKey
.Algo
.Algorithm
.Equal(oidPublicKeyECDSA
):
40 bytes
:= privKey
.Algo
.Parameters
.FullBytes
41 namedCurveOID
:= new(asn1
.ObjectIdentifier
)
42 if _
, err
:= asn1
.Unmarshal(bytes
, namedCurveOID
); err
!= nil {
45 key
, err
= parseECPrivateKey(namedCurveOID
, privKey
.PrivateKey
)
47 return nil, errors
.New("x509: failed to parse EC private key embedded in PKCS#8: " + err
.Error())
52 return nil, fmt
.Errorf("x509: PKCS#8 wrapping contained private key with unknown algorithm: %v", privKey
.Algo
.Algorithm
)