keystore

package module
v2.1.0+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 13, 2018 License: MIT Imports: 10 Imported by: 0

README

Keystore

A go (golang) implementation of Java KeyStore encoder/decoder

Take into account that JKS assumes that private keys are PKCS8 encoded.

Example
package main

import (
	"github.com/pavel-v-chernykh/keystore-go"
	"log"
	"os"
	"reflect"
)

func readKeyStore(filename string, password []byte) keystore.KeyStore {
	f, err := os.Open(filename)
	defer f.Close()
	if err != nil {
		log.Fatal(err)
	}
	keyStore, err := keystore.Decode(f, password)
	if err != nil {
		log.Fatal(err)
	}
	return keyStore
}

func writeKeyStore(keyStore keystore.KeyStore, filename string, password []byte) {
	o, err := os.Create(filename)
	defer o.Close()
	if err != nil {
		log.Fatal(err)
	}
	err = keystore.Encode(o, keyStore, password)
	if err != nil {
		log.Fatal(err)
	}
}

func zeroing(s []byte) {
	for i := 0; i < len(s); i++ {
		s[i] = 0
	}
}

func main() {
	password := []byte{'p', 'a', 's', 's', 'w', 'o', 'r', 'd'}
	defer zeroing(password)
	ks1 := readKeyStore("keystore.jks", password)

	writeKeyStore(ks1, "keystore2.jks", password)

	ks2 := readKeyStore("keystore2.jks", password)

	log.Printf("Is equal: %v\n", reflect.DeepEqual(ks1, ks2))
}

For more examples explore examples dir

Documentation

Index

Constants

This section is empty.

Variables

View Source
var ErrEncodedSequenceTooLong = errors.New("keystore: encoded sequence too long")

ErrEncodedSequenceTooLong indicates that size of string or bytes trying to encode too big

View Source
var ErrIncorrectEntryType = errors.New("keystore: incorrect entry type")

ErrIncorrectEntryType indicates incorrect entry type addressing

View Source
var ErrIncorrectMagic = errors.New("keystore: invalid keystore format")

ErrIncorrectMagic indicates incorrect file magic

View Source
var ErrIncorrectPrivateKey = errors.New("keystore: invalid private key format")

ErrIncorrectPrivateKey indicates incorrect private key entry content

View Source
var ErrIncorrectTag = errors.New("keystore: invalid keystore format")

ErrIncorrectTag indicates incorrect keystore entry tag

View Source
var ErrIncorrectVersion = errors.New("keystore: invalid keystore format")

ErrIncorrectVersion indicates incorrect keystore version format

View Source
var ErrInvalidDigest = errors.New("keystore: invalid digest")

ErrInvalidDigest indicates that keystore was tampered or password was incorrect

View Source
var ErrIo = errors.New("keystore: invalid keystore format")

ErrIo indicates i/o error

View Source
var ErrUnrecoverablePrivateKey = errors.New("keystore: unrecoverable private key")

ErrUnrecoverablePrivateKey indicates unrecoverable private key content (often means wrong password usage)

View Source
var ErrUnsupportedPrivateKeyAlgorithm = errors.New("keystore: unsupported private key algorithm")

ErrUnsupportedPrivateKeyAlgorithm indicates unsupported private key algorithm

Functions

func Encode

func Encode(w io.Writer, ks KeyStore, password []byte) error

Encode encrypts and signs keystore using password and writes its representation into w It is strongly recommended to fill password slice with zero after usage

func EncodeWithRand

func EncodeWithRand(rand io.Reader, w io.Writer, ks KeyStore, password []byte) error

Encode encrypts and signs keystore using password and writes its representation into w Random bytes are read from rand, which must be a cryptographically secure source of randomness It is strongly recommended to fill password slice with zero after usage

Types

type Certificate

type Certificate struct {
	Type    string
	Content []byte
}

Certificate describes type of certificate

type Entry

type Entry struct {
	CreationDate time.Time
}

Entry is a basis of entries types supported by keystore

type KeyStore

type KeyStore map[string]interface{}

KeyStore is a mapping of alias to pointer to PrivateKeyEntry or TrustedCertificateEntry

func Decode

func Decode(r io.Reader, password []byte) (KeyStore, error)

Decode reads keystore representation from r then decrypts and check signature using password It is strongly recommended to fill password slice with zero after usage

type PrivateKeyEntry

type PrivateKeyEntry struct {
	Entry
	PrivKey   []byte
	CertChain []Certificate
}

PrivateKeyEntry is an entry for private keys and associated certificates

type TrustedCertificateEntry

type TrustedCertificateEntry struct {
	Entry
	Certificate Certificate
}

TrustedCertificateEntry is an entry for certificates only

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL