starred/mkcert
1
0
Fork 0
mirror of https://github.com/FiloSottile/mkcert.git synced 2026-04-25 05:26:03 +03:00
Code Issues 165 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #127] ecdsa key support doesn't seem to be compatible with golang 1.11.5 x509 libs #75

New issue
Closed
opened 2026-02-25 22:32:32 +03:00 by kerem · 2 comments
kerem commented 2026-02-25 22:32:32 +03:00
Owner
Copy link

Originally created by @erikh on GitHub (Feb 4, 2019).
Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/127

I have the following code in a go program:

func (c *Cert) readKey(filename string) error {
  content, err := ioutil.ReadFile(filename)
  if err != nil {
    return err
  }

  block, _ := pem.Decode(content)

  c.privkey, err = x509.ParseECPrivateKey(block.Bytes) // this is where it's breaking
  if err != nil {
    return err
  }

  c.pubkey = *c.privkey.Public().(*ecdsa.PublicKey)

  return nil
}

mkcert commandline:

mkcert --install
mkcert --ecdsa --cert-file /tmp/localhost-server.pem --key-file /tmp/localhost-server.key localhost 127.0.0.1 ::1

Error message from the above code:

/tmp/localhost-server.key: x509: failed to parse EC private key: asn1: structure error: tags don't match (4 vs {class:0 tag:16 length:19 isCompound:true}) {optional:false explicit:false application:false private:false defaultValue:<nil> tag:<nil> stringType:0 timeType:0 set:false omitEmpty:false}  @5

I'm not a crypto guy but that code works with golang's generate_cert and even has a test suite designed around that tool. This code typically works with other keys; just not sure what this means and how I can fix it.

Maybe it's me and I'm sorry if I wasted your time, but figured it was worth trying anyway to see if it was the tool. I really like it so far! Desperately needed. Please keep it up.

Originally created by @erikh on GitHub (Feb 4, 2019). Original GitHub issue: https://github.com/FiloSottile/mkcert/issues/127 I have the following code in a go program: ```go func (c *Cert) readKey(filename string) error { content, err := ioutil.ReadFile(filename) if err != nil { return err } block, _ := pem.Decode(content) c.privkey, err = x509.ParseECPrivateKey(block.Bytes) // this is where it's breaking if err != nil { return err } c.pubkey = *c.privkey.Public().(*ecdsa.PublicKey) return nil } ``` mkcert commandline: ```bash mkcert --install mkcert --ecdsa --cert-file /tmp/localhost-server.pem --key-file /tmp/localhost-server.key localhost 127.0.0.1 ::1 ``` Error message from the above code: ``` /tmp/localhost-server.key: x509: failed to parse EC private key: asn1: structure error: tags don't match (4 vs {class:0 tag:16 length:19 isCompound:true}) {optional:false explicit:false application:false private:false defaultValue:<nil> tag:<nil> stringType:0 timeType:0 set:false omitEmpty:false} @5 ``` I'm not a crypto guy but that code works with golang's generate_cert and even has a test suite designed around that tool. This code typically works with other keys; just not sure what this means and how I can fix it. Maybe it's me and I'm sorry if I wasted your time, but figured it was worth trying anyway to see if it was the tool. I really like it so far! Desperately needed. Please keep it up.
kerem closed this issue 2026-02-25 22:32:32 +03:00
kerem commented 2026-02-25 22:32:32 +03:00
Author
Owner
Copy link

@erikh commented on GitHub (Feb 4, 2019):

figured it out; if I'm understanding right, you generate PKCS#8 formatted and those calls work on SEC1 format; I was able to adapt my code to manage both. Anyways, I'll leave this open if you want to deal with those too, but otherwise I got it worked out on my end.

<!-- gh-comment-id:460206215 --> @erikh commented on GitHub (Feb 4, 2019): figured it out; if I'm understanding right, you generate PKCS#8 formatted and those calls work on SEC1 format; I was able to adapt my code to manage both. Anyways, I'll leave this open if you want to deal with those too, but otherwise I got it worked out on my end.
kerem commented 2026-02-25 22:32:32 +03:00
Author
Owner
Copy link

@FiloSottile commented on GitHub (Feb 5, 2019):

Yeah, in Go you want to use x509.ParsePKCS8PrivateKey instead of x509.ParseECPrivateKey.

I opened golang/go#30094 to improve the error message in the standard library.

<!-- gh-comment-id:460761491 --> @FiloSottile commented on GitHub (Feb 5, 2019): Yeah, in Go you want to use `x509.ParsePKCS8PrivateKey` instead of `x509.ParseECPrivateKey`. I opened golang/go#30094 to improve the error message in the standard library.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
v1.4.4
v1.4.3
v1.4.2
v1.4.1
v1.4.0
v1.3.0
v1.2.0
v1.1.2
v1.1.1
v1.1.0
v1.0.1
v1.0.0
v0.9.1
v0.9.0
Labels
Clear labels   
TLS stack issue

   
Windows

   
bug

   
duplicate

   
duplicate

   
enhancement

   
help wanted

   
help wanted

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
question

   
root store

   
waiting for info
No labels
TLS stack issue
Windows
bug
duplicate
duplicate
enhancement
help wanted
help wanted
pull-request
question
question
root store
waiting for info
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/mkcert#75
No description provided.