Why Go
- Case Studies
  
  Common problems companies solve with Go
- Use Cases
  
  Stories about how and why companies use Go
- Security Policy
  
  How Go can help keep you secure by default
Learn
Docs
- Effective Go
  
  Tips for writing clear, performant, and idiomatic Go code
- Go User Manual
  
  A complete introduction to building software with Go
- Standard library
  
  Reference documentation for Go's standard library
- Release Notes
  
  Learn what's new in each Go release
Packages
Community
- Recorded Talks
  
  Videos from prior events
- Meetups
  
  Meet other local Go developers
- Conferences
  
  Learn and network with Go developers from around the world
- Go blog
  
  The Go project's official blog.
- Go project
  
  Get help and stay informed from Go
- Get connected

x509

package

Go to main page

Versions in this module

v1

v1.0.0

Nov 6, 2020

Changes in this version

+ const EncryptionAlgorithmAES128GCM

+ const EncryptionAlgorithmDESCBC

+ var ContentEncryptionAlgorithm = EncryptionAlgorithmDESCBC

+ var ErrNotEncryptedContent = errors.New("pkcs7: content data is a decryptable data type")

+ var ErrPKCS7UnsupportedAlgorithm = errors.New(...)

+ var ErrUnsupportedAlgorithm = errors.New("x509: cannot verify signature: algorithm unimplemented")

+ var ErrUnsupportedContentType = errors.New("pkcs7: cannot parse data: unimplemented content type")

+ var ErrUnsupportedEncryptionAlgorithm = errors.New("pkcs7: cannot encrypt content: only DES-CBC and AES-128-GCM supported")

+ func CreateCertificate(rand io.Reader, template, parent *Certificate, pub, priv interface{}) (cert []byte, err error)

+ func CreateCertificateRequest(rand io.Reader, template *CertificateRequest, priv interface{}) (csr []byte, err error)

+ func CreateCertificateRequestToMem2(template *CertificateRequest, privKey *sm2.PrivateKey) ([]byte, error)

+ func CreateCertificateRequestToPem(FileName string, template *CertificateRequest, privKey *sm2.PrivateKey) error

+ func CreateCertificateToMem(template, parent *Certificate, pubKey *sm2.PublicKey, privKey *sm2.PrivateKey) ([]byte, error)

+ func CreateCertificateToPem(FileName string, template, parent *Certificate, pubKey *sm2.PublicKey, ...) error

+ func DegenerateCertificate(cert []byte) ([]byte, error)

+ func MarshalECPrivateKey(key interface{}) ([]byte, error)

+ func MarshalPKCS1PrivateKey(key *rsa.PrivateKey) []byte

+ func MarshalPKIXPublicKey(pub interface{}) ([]byte, error)

+ func MarshalSm2EcryptedPrivateKey(PrivKey *sm2.PrivateKey, pwd []byte) ([]byte, error)

+ func MarshalSm2PrivateKey(key *sm2.PrivateKey, pwd []byte) ([]byte, error)

+ func MarshalSm2PublicKey(key *sm2.PublicKey) ([]byte, error)

+ func MarshalSm2UnecryptedPrivateKey(key *sm2.PrivateKey) ([]byte, error)

+ func PKCS7Encrypt(content []byte, recipients []*Certificate) ([]byte, error)

+ func ParseCRL(crlBytes []byte) (*pkix.CertificateList, error)

+ func ParseDERCRL(derBytes []byte) (*pkix.CertificateList, error)

+ func ParsePKCS1PrivateKey(der []byte) (*rsa.PrivateKey, error)

+ func ParsePKCS8EcryptedPrivateKey(der, pwd []byte) (*sm2.PrivateKey, error)

+ func ParsePKCS8PrivateKey(der, pwd []byte) (*sm2.PrivateKey, error)

+ func ParsePKCS8PrivateKey2(der []byte) (key interface{}, err error)

+ func ParsePKCS8UnecryptedPrivateKey(der []byte) (*sm2.PrivateKey, error)

+ func ParsePKIXPublicKey(derBytes []byte) (pub interface{}, err error)

+ func ParseSm2PrivateKey(der []byte) (*sm2.PrivateKey, error)

+ func ParseSm2PublicKey(der []byte) (*sm2.PublicKey, error)

+ func ReadPrivateKeyFromPem(privateKeyPem []byte, pwd []byte) (*sm2.PrivateKey, error)

+ func ReadPublicKeyFromPem(FileName string) (*sm2.PublicKey, error)

+ func RegisterHash(h Hash, f func() hash.Hash)

+ func WritePrivateKeytoPem(key *sm2.PrivateKey, pwd []byte) ([]byte, error)

+ func WritePublicKeytoPem(FileName string, key *sm2.PublicKey) error

+ type Attribute struct

+ Type asn1.ObjectIdentifier

+ Value interface{}

+ type CertPool struct

+ func NewCertPool() *CertPool

+ func SystemCertPool() (*CertPool, error)

+ func (s *CertPool) AddCert(cert *Certificate)

+ func (s *CertPool) AppendCertsFromPEM(pemCerts []byte) (ok bool)

+ func (s *CertPool) Subjects() [][]byte

+ type Certificate struct

+ AuthorityKeyId []byte

+ BasicConstraintsValid bool

+ CRLDistributionPoints []string

+ DNSNames []string

+ EmailAddresses []string

+ ExcludedDNSDomains []string

+ ExtKeyUsage []ExtKeyUsage

+ Extensions []pkix.Extension

+ ExtraExtensions []pkix.Extension

+ IPAddresses []net.IP

+ IsCA bool

+ Issuer pkix.Name

+ IssuingCertificateURL []string

+ KeyUsage KeyUsage

+ MaxPathLen int

+ MaxPathLenZero bool

+ NotAfter time.Time

+ NotBefore time.Time

+ OCSPServer []string

+ PermittedDNSDomains []string

+ PermittedDNSDomainsCritical bool

+ PolicyIdentifiers []asn1.ObjectIdentifier

+ PublicKey interface{}

+ PublicKeyAlgorithm PublicKeyAlgorithm

+ Raw []byte

+ RawIssuer []byte

+ RawSubject []byte

+ RawSubjectPublicKeyInfo []byte

+ RawTBSCertificate []byte

+ SerialNumber *big.Int

+ Signature []byte

+ SignatureAlgorithm SignatureAlgorithm

+ Subject pkix.Name

+ SubjectKeyId []byte

+ UnhandledCriticalExtensions []asn1.ObjectIdentifier

+ UnknownExtKeyUsage []asn1.ObjectIdentifier

+ Version int

+ func ParseCertificate(asn1Data []byte) (*Certificate, error)

+ func ParseCertificates(asn1Data []byte) ([]*Certificate, error)

+ func ReadCertificateFromMem(data []byte) (*Certificate, error)

+ func ReadCertificateFromPem(FileName string) (*Certificate, error)

+ func (c *Certificate) CheckCRLSignature(crl *pkix.CertificateList) error

+ func (c *Certificate) CheckSignature(algo SignatureAlgorithm, signed, signature []byte) error

+ func (c *Certificate) CheckSignatureFrom(parent *Certificate) error

+ func (c *Certificate) CreateCRL(rand io.Reader, priv interface{}, revokedCerts []pkix.RevokedCertificate, ...) (crlBytes []byte, err error)

+ func (c *Certificate) Equal(other *Certificate) bool

+ func (c *Certificate) Verify(opts VerifyOptions) (chains [][]*Certificate, err error)

+ func (c *Certificate) VerifyHostname(h string) error

+ type CertificateInvalidError struct

+ Cert *Certificate

+ Reason InvalidReason

+ func (e CertificateInvalidError) Error() string

+ type CertificateRequest struct

+ Attributes []pkix.AttributeTypeAndValueSET

+ DNSNames []string

+ EmailAddresses []string

+ Extensions []pkix.Extension

+ ExtraExtensions []pkix.Extension

+ IPAddresses []net.IP

+ PublicKey interface{}

+ PublicKeyAlgorithm PublicKeyAlgorithm

+ Raw []byte

+ RawSubject []byte

+ RawSubjectPublicKeyInfo []byte

+ RawTBSCertificateRequest []byte

+ Signature []byte

+ SignatureAlgorithm SignatureAlgorithm

+ Subject pkix.Name

+ Version int

+ func ParseCertificateRequest(asn1Data []byte) (*CertificateRequest, error)

+ func ReadCertificateRequestFromPem(FileName string) (*CertificateRequest, error)

+ func (c *CertificateRequest) CheckSignature() error

+ type ConstraintViolationError struct

+ func (ConstraintViolationError) Error() string

+ type EncryptedPrivateKeyInfo struct

+ EncryptedData []byte

+ EncryptionAlgorithm Pbes2Algorithms

+ type ExtKeyUsage int

+ const ExtKeyUsageAny

+ const ExtKeyUsageClientAuth

+ const ExtKeyUsageCodeSigning

+ const ExtKeyUsageEmailProtection

+ const ExtKeyUsageIPSECEndSystem

+ const ExtKeyUsageIPSECTunnel

+ const ExtKeyUsageIPSECUser

+ const ExtKeyUsageMicrosoftServerGatedCrypto

+ const ExtKeyUsageNetscapeServerGatedCrypto

+ const ExtKeyUsageOCSPSigning

+ const ExtKeyUsageServerAuth

+ const ExtKeyUsageTimeStamping

+ type Hash uint

+ const MD4

+ const MD5

+ const MD5SHA1

+ const RIPEMD160

+ const SHA1

+ const SHA224

+ const SHA256

+ const SHA384

+ const SHA3_224

+ const SHA3_256

+ const SHA3_384

+ const SHA3_512

+ const SHA512

+ const SHA512_224

+ const SHA512_256

+ const SM3

+ func (h Hash) Available() bool

+ func (h Hash) HashFunc() crypto.Hash

+ func (h Hash) New() hash.Hash

+ func (h Hash) Size() int

+ type HostnameError struct

+ Certificate *Certificate

+ Host string

+ func (h HostnameError) Error() string

+ type InsecureAlgorithmError SignatureAlgorithm

+ func (e InsecureAlgorithmError) Error() string

+ type InvalidReason int

+ const CANotAuthorizedForThisName

+ const Expired

+ const IncompatibleUsage

+ const NameMismatch

+ const NotAuthorizedToSign

+ const TooManyIntermediates

+ type KeyUsage int

+ const KeyUsageCRLSign

+ const KeyUsageCertSign

+ const KeyUsageContentCommitment

+ const KeyUsageDataEncipherment

+ const KeyUsageDecipherOnly

+ const KeyUsageDigitalSignature

+ const KeyUsageEncipherOnly

+ const KeyUsageKeyAgreement

+ const KeyUsageKeyEncipherment

+ type MessageDigestMismatchError struct

+ ActualDigest []byte

+ ExpectedDigest []byte

+ func (err *MessageDigestMismatchError) Error() string

+ type PKCS7 struct

+ CRLs []pkix.CertificateList

+ Certificates []*Certificate

+ Content []byte

+ Signers []signerInfo

+ func ParsePKCS7(data []byte) (p7 *PKCS7, err error)

+ func (p7 *PKCS7) Decrypt(cert *Certificate, pk crypto.PrivateKey) ([]byte, error)

+ func (p7 *PKCS7) GetOnlySigner() *Certificate

+ func (p7 *PKCS7) UnmarshalSignedAttribute(attributeType asn1.ObjectIdentifier, out interface{}) error

+ func (p7 *PKCS7) Verify() (err error)

+ type Pbes2Algorithms struct

+ IdPBES2 asn1.ObjectIdentifier

+ Pbes2Params Pbes2Params

+ type Pbes2Encs struct

+ EncryAlgo asn1.ObjectIdentifier

+ IV []byte

+ type Pbes2KDfs struct

+ IdPBKDF2 asn1.ObjectIdentifier

+ Pkdf2Params Pkdf2Params

+ type Pbes2Params struct

+ EncryptionScheme Pbes2Encs

+ KeyDerivationFunc Pbes2KDfs

+ type Pkdf2Params struct

+ IterationCount int

+ Prf pkix.AlgorithmIdentifier

+ Salt []byte

+ type PrivateKeyInfo struct

+ PrivateKey []byte

+ PrivateKeyAlgorithm []asn1.ObjectIdentifier

+ Version int

+ type PublicKeyAlgorithm int

+ const DSA

+ const ECDSA

+ const RSA

+ const SM2

+ const UnknownPublicKeyAlgorithm

+ func (algo PublicKeyAlgorithm) String() string

+ type SignatureAlgorithm int

+ const DSAWithSHA1

+ const DSAWithSHA256

+ const ECDSAWithSHA1

+ const ECDSAWithSHA256

+ const ECDSAWithSHA384

+ const ECDSAWithSHA512

+ const MD2WithRSA

+ const MD5WithRSA

+ const SHA1WithRSA

+ const SHA256WithRSA

+ const SHA256WithRSAPSS

+ const SHA384WithRSA

+ const SHA384WithRSAPSS

+ const SHA512WithRSA

+ const SHA512WithRSAPSS

+ const SM2WithSHA1

+ const SM2WithSHA256

+ const SM2WithSM3

+ const UnknownSignatureAlgorithm

+ func (algo SignatureAlgorithm) String() string

+ type SignedData struct

+ func NewSignedData(data []byte) (*SignedData, error)

+ func (sd *SignedData) AddCertificate(cert *Certificate)

+ func (sd *SignedData) AddSigner(cert *Certificate, pkey crypto.PrivateKey, config SignerInfoConfig) error

+ func (sd *SignedData) Detach()

+ func (sd *SignedData) Finish() ([]byte, error)

+ type SignerInfoConfig struct

+ ExtraSignedAttributes []Attribute

+ type SystemRootsError struct

+ Err error

+ func (se SystemRootsError) Error() string

+ type UnhandledCriticalExtension struct

+ func (h UnhandledCriticalExtension) Error() string

+ type UnknownAuthorityError struct

+ Cert *Certificate

+ func (e UnknownAuthorityError) Error() string

+ type VerifyOptions struct

+ CurrentTime time.Time

+ DNSName string

+ Intermediates *CertPool

+ KeyUsages []ExtKeyUsage

+ Roots *CertPool