FIXIT: Generate a better error for incorrectly generated private key

packager/util/util.go

@@ -52,7 +52,8 @@ func ParsePrivateKey(keyPem []byte) (crypto.PrivateKey, error) {
 		var pemBlock *pem.Block
 		pemBlock, keyPem = pem.Decode(keyPem)
 		if pemBlock == nil {
-			return nil, errors.New("invalid PEM block in private key file")
+			return nil, errors.New("invalid PEM block in private key file, make sure to use the right key type. See: https://github.com/WICG/webpackage/tree/master/go/signedexchange#creating-our-first-signed-exchange")
+
 		}
 
 		var err error

packager/util/util_test.go

@@ -3,6 +3,9 @@ package util_test
 import (
 	"crypto/ecdsa"
 	"crypto/elliptic"
+	"crypto/rand"
+	"crypto/rsa"
+	"crypto/x509"
 	"testing"
 	"time"
 
@@ -56,6 +59,15 @@ func TestParsePrivateKey(t *testing.T) {
 	assert.Equal(t, elliptic.P256(), pkgt.B3Key.(*ecdsa.PrivateKey).PublicKey.Curve)
 }
 
+func TestParsePrivateKeyWithInvalidType(t *testing.T) {
+	privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
+	require.NoError(t, err, "Could not generate test key")
+
+	key, err := util.ParsePrivateKey(x509.MarshalPKCS1PrivateKey(privateKey))
+	assert.Nil(t, key)
+	assert.EqualError(t, err, "invalid PEM block in private key file, make sure to use the right key type. See: https://github.com/WICG/webpackage/tree/master/go/signedexchange#creating-our-first-signed-exchange")
+}
+
 func TestCanSignHttpExchangesExtension(t *testing.T) {
 	// Leaf node has the extension.
 	assert.Nil(t, util.CanSignHttpExchanges(pkgt.B3Certs[0]))