'Use Go to encrypt message with ssh-rsa public key which then can be decrypted using openssl rsautl -decrypt

I have been trying to solve this for days. In Go code I am looking to take a ssh-rsa public key like:

ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGnnY4LuLq7Bs7VnFk2Vs6hNTmZLkUBRRhXNFyKZOCvmhKcM7BSHkGS7+phpIzj6mTOsJEBZKHQgac46COOT3ukO/farnnDz78KIq24U/+TZmyAyNNdzOVizK5aAApvpYTQpuSlIDDltLXQkPokedE/5vCIPiwVZW0TfqT/Rdy2XXwKewDQ05xvJhX3+nymZkyJX3GJ+pTfsDkKR+suSLDN3nupThPiWK5A1ZG9bbUkxHbsAXiTKS+qwADIWOtJvfNtPX54JjCo3Gh3/Fy0Ovxn3QSQlCF/IZNbSgm6R6adjaU4kXEF6zsLq+BjDKLtEA3A0tAIBj0T+DuuxpcV3aX

and message like: hello-world and encrypt that message with that key.

The private key is then going to be used to decrypt the key with openssl rsautl -decrypt -inkey privateKeyFile -in encryptedMsgFile

goencryptionsshopensslrsa


Solution 1:[1]

Encryption with SSH keys is described in detail in the post Encrypting Data With SSH Keys and Golang, in particular the import of the OpenSSH public key, for which the ssh package is applied. For encryption (with PKCS#1 v1.5 padding) the rsa package is used.

The following sample code illustrates this. Since the OpenSSL statement reads the ciphertext from a file, it makes most sense for the ciphertext to be stored in a binary file. For simplicity, however, in this example the cipher text is output hex encoded:

package main

import (
    "crypto/rand"
    "crypto/rsa"
    "encoding/hex"
    "fmt"

    "golang.org/x/crypto/ssh"
)

func main() {

    // Key import
    publicKey := "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC8NGcNWf6cUno2lpny36js9ynXCQ6kuJ14yIViuPwty0ZkfhpPdw3zVKWmKV0zS1/QyO6a5d85I9ywvEXHiZr4+fE4JRPxdEIQVGMz7OThs0XgluE4zZrw55ywMt/b6elPC2TkshUHQfDYQuIh1ZBqFOnvUIh8yyGc1L4sLACGY75tpvSE29RZQRmaZaV5YpzIM0SbpFirOqWsjKd3kLMjPqPr9+ISpqOP2tTfOfw9IW8gvRUYa2oRUEyE7Ju4QrwSWmKj9JK9KTeAzRiy5rsSW6issDaxQIYg2BNT8YLrNVm+FWpOVRud6KwohOpk8/YeM0EKEO3vAfGJH6tYT9Zv whatever"
    parsed, _, _, _, err := ssh.ParseAuthorizedKey([]byte(publicKey))
    if err != nil {
        panic(err)
    }
    parsedCryptoKey := parsed.(ssh.CryptoPublicKey)
    pubCrypto := parsedCryptoKey.CryptoPublicKey()
    pub := pubCrypto.(*rsa.PublicKey)

    // Encryption
    msg := "The quick brown fox jumps over the lazy dog"
    encryptedBytes, err := rsa.EncryptPKCS1v15(
        rand.Reader,
        pub,
        []byte(msg),
    )
    if err != nil {
        panic(err)
    }
    fmt.Println(hex.EncodeToString(encryptedBytes))
}

A possible hex encoded ciphertext is:

7610da88661fc80b145f3bdd415cb71e73b1ad5100f7b5a9d9c5d27d9e3645d626dd784ccc5cc6c1e44aeec04b0e64072bfe1b58e88feec4b5e6ca63a14c5a23dad1370a303f2f775f4e6f349bab52a3f5883a51ac1f53247a4e05fb9989fc999878ac8f3821da0a079272738145dda7a340b7e4d44d922e563558972444b6f7400a4affffe2a6ee42d400cff51bf3eecc8cd1ffc9ea8c8d04ff6ef0e566d105a4841bcece7b16e2068a321e0c7b4cb964593fcf59795f0a14ec1ac95b941eaa452912bca2e1431992672dcdcc1ea42ff956ef7d21f126a1650c4a306817b4e094ee8c50a01dcc04a7be25e0c01b2ba678be3561774ae859353b5cc98a3b9b11

Note that this encryption is not deterministic, i.e. when you execute the code, you will get a different ciphertext.

Decryption is possible with the posted OpenSSL statement:

openssl rsautl -decrypt -inkey privateKeyFile -in encryptedMsgFile

taking into account:

  • encryptedMsgFile contains the binary data of the ciphertext, i.e. the hex decoding of 7610da... (if the ciphertext is stored directly as a binary file as mentioned above, encryptedMsgFile would correspond to this file).

  • privateKeyFile contains the PEM encoded private PKCS#1 or PKCS#8 key. If your key is in OpenSSH's proprietary format (-----BEGIN OPENSSH PRIVATE KEY-----...), it must be converted to e.g. PKCS#8 format, e.g. with ssh_keygen:

    ssh-keygen -p -N "" -m pkcs8 -f data.key

    Note that data.key contains the OpenSSH key and is overwritten with the PKCS#8 key. For the posted example, privateKeyFile is:

    -----BEGIN PRIVATE KEY-----
MIIEvwIBADANBgkqhkiG9w0BAQEFAASCBKkwggSlAgEAAoIBAQC8NGcNWf6cUno2
lpny36js9ynXCQ6kuJ14yIViuPwty0ZkfhpPdw3zVKWmKV0zS1/QyO6a5d85I9yw
vEXHiZr4+fE4JRPxdEIQVGMz7OThs0XgluE4zZrw55ywMt/b6elPC2TkshUHQfDY
QuIh1ZBqFOnvUIh8yyGc1L4sLACGY75tpvSE29RZQRmaZaV5YpzIM0SbpFirOqWs
jKd3kLMjPqPr9+ISpqOP2tTfOfw9IW8gvRUYa2oRUEyE7Ju4QrwSWmKj9JK9KTeA
zRiy5rsSW6issDaxQIYg2BNT8YLrNVm+FWpOVRud6KwohOpk8/YeM0EKEO3vAfGJ
H6tYT9ZvAgMBAAECggEBAKP++alNuSpYSDxXAPD86cMLIL9LGiJ46Gb+PBSpYr04
uy8IHz8NW++j2/AtbRQsYuKYpCn/koLE+CJc/GUCSDMaAJLO5FDq4EJAdm0hyNPP
Fl28u6Z2qsOu3v8+ZYjIi8+f+xu4/c/kKs0Xgtq+sOdvL+WkBDrR+okhbFErSo3O
z4SXkSTbRzKuFuZQA8HPi5kkDloEKhvZr3M0UyxUm6OtQTgW9mz3u+eabtBWVHEk
3CY6AVi+FpKX1wj1j3gYCl5kjAxJALVuPXg/MhuiHBJODWWtsl4qnlrUqVn/qYwW
G7GQb9dYjJK+WCjwG0VqoH2egEphaF4BrWMr6DLtseECgYEA5geNRjqKjmfxOlqm
mA5BV08tey9C59Ef11aYmrx+ngkKDdHNvY2JOkpEA3huoa0sT4rRylmmYNBUVxnM
UVqU8ppwRCfa58KTccopQO3BvSub74GvpwOX9MSn0CzW3brrFPfs72Lo3TAG4png
ENufcF1PGqTDFXhQsQC8ZPJmWbECgYEA0XQBcF8tuEN1UHzPwnG35YPayRPusrxd
3PD2BmOcp8B4DHS1KU2vJwu0nisi7S8eUbGxpRjwg3c5clQWFxWHuc//aRRb2QGl
TR1XvtnU6qjGAnH7jcF+tsRlWx6Qc35InGodzgS8SzemNzXEOVmI7U4r7LmQe9Q1
SX6dKzp/Gh8CgYB0bzwmYTmDLb/gDsSm0Qhn/k8CPID8QFGCuXWTVXgt3Ft3dUxT
91GP7MmSjCJLuhFkzdq1Nz3NYYZfdFKEl3ovdtb+2MGocEgb3/2TvQVFEM7ko9ta
iaogHm7nI9s67wNRYNFQttsyIr5JcyQExHZm9QQ2c1HAC1+kyL+TxVLjcQKBgQC7
g0+Geq9Dt6DfXd3iBkzMfS7xtZaNDXY6xr57GdK1m+ndvN4zDAkyu5gHwjaSgQxz
ttGDLMCl8abMY9si73ODNmNCf6d6r659Szey9PFY45/hsIm0bvYyScEzwjkwLG51
Gct1FWg9LqTv6IKzlSSwzrskQzzGn0TVdzTd7pC7oQKBgQDGTj2gvzn4gwFcAQI6
Zs4zbnXWwuQ0zt9y2Nzvs3Qwv8F2uryPnzv8DdbvdZ9dqnZCa8BvEALqfuOpKi4P
5wpd3+Tw6eCwtNZwNZ+TJXLxXelmQBehM52RUb9wM+QzRBhIJayEuveNzJ9Irc14
IDI76VfujESxC/qjZHFXkfdS3A==
-----END PRIVATE KEY-----

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Topaco

Related Questions

How to make html file encrypted?

Difference result by using sign and verify for signature

Invalid argument(s): Input buffer too short AND Invalid or corrupted pad block

Extract metadata info and Validate digital signature from PDF file using Python

How to convert hexadecimal string to an array of UInt8 bytes in Swift?

file is encrypted or is not a database: , while compiling: select count(*) from sqlite_master;

Getting Started with crypto++ decryption with AES

Create compatible Java "RSA" signature using a PKCS#8 encoded private key

Is there any difference, if I init AES cipher, with and without IvParameterSpec

Flutter - How to decrypt a RSA private key encrypted string if we have RSA public key with us?

Asp.net core, "asn1 encoding routines:asn1_d2i_read_bio:not enough data" error for certificate

How to securely store a user password in java for reuse throughout application

How to store password field in oracle 11g database in encrypted form?

How to store password field in oracle 11g database in encrypted form?

CryptoJS - Decrypt an encrypted file