Skip to content
Snippets Groups Projects
Normal view Permalink
pkcs8_compat.go 627 B
Newer Older
  • Learn to ignore specific revisions
    • ale's avatar
    Add package to manage user encryption keys
    ale committed
    1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 
    // +build !go1.10

package userenckey

import (
	"bytes"
	"crypto/ecdsa"
	"crypto/x509"
	"encoding/pem"
	"os/exec"
)

// Encode a private key to PEM-encoded PKCS8.
//
// In Go versions prior to 1.10, we must shell out to openssl to
// convert the private key to PKCS8 format.
func encodePrivateKeyToPEM(priv *ecdsa.PrivateKey) ([]byte, error) {
	der, err := x509.MarshalECPrivateKey(priv)
	if err != nil {
		return nil, err
	}
	pkcs1 := pem.EncodeToMemory(&pem.Block{Type: "EC PRIVATE KEY", Bytes: der})

	/* #nosec */
	cmd := exec.Command("/usr/bin/openssl", "pkey")
	cmd.Stdin = bytes.NewReader(pkcs1)
	return cmd.Output()
}