Golang package that decrypts encrypted PEM files and blocks. Provides (optional) TTY prompt for input for password.
go get github.com/phayes/decryptpem
// Get private key, prompt for password and decrypt if necessary
pem, err := decryptpem.DecryptFileWithPrompt("/path/to/private_key.pem")
if err != nil {
log.Fatal(err)
}
privateKey, err := x509.ParsePKCS1PrivateKey(pem.Bytes());
if err != nil {
log.Fatal(err)
}
// It will also work with unencrypted plaintext PEM files
pem, err := decryptpem.DecryptFileWithPrompt("/path/to/plaintext_key.pem") // Will not prompt for pasword.
if err != nil {
log.Fatal(err)
}
privateKey, err := x509.ParsePKCS1PrivateKey(pem.Bytes());
if err != nil {
log.Fatal(err)
}There are two configuration variables provided:
// PasswordDelay sets the delay for any password tries and retries as a defence against brute force password guessing
// By default there is no delay
var decryptpem.PasswordDelay time.Duration
// MaxTries sets the maximum number of times a password may be tried before erroring out.
// A MaxTries of 1 means that there is only one try allowed (no retries)
// A MaxTries of 0 means infinite retries are allowed.
// When tries run out, an error of x509.IncorrectPasswordError will be returned.
var decryptpem.MaxTries int