Versions in this module Expand all Collapse all v1 v1.0.1 Oct 23, 2017 Changes in this version + var ErrUnsupportedAlgorithm = errors.New("x509: cannot verify signature: algorithm unimplemented") + func CreateCertificate(rand io.Reader, template, parent *Certificate, pub, priv interface{}) (cert []byte, err error) + func CreateCertificateRequest(rand io.Reader, template *CertificateRequest, priv interface{}) (csr []byte, err error) + func CreateCertificateRequestToMem(template *CertificateRequest, privKey *PrivateKey) ([]byte, error) + func CreateCertificateRequestToPem(FileName string, template *CertificateRequest, privKey *PrivateKey) (bool, error) + func CreateCertificateToMem(template, parent *Certificate, pubKey *PublicKey, privKey *PrivateKey) ([]byte, error) + func CreateCertificateToPem(FileName string, template, parent *Certificate, pubKey *PublicKey, ...) (bool, error) + func MarshalPKCS1PrivateKey(key *rsa.PrivateKey) []byte + func MarshalPKIXPublicKey(pub interface{}) ([]byte, error) + func MarshalSm2EcryptedPrivateKey(PrivKey *PrivateKey, pwd []byte) ([]byte, error) + func MarshalSm2PrivateKey(key *PrivateKey, pwd []byte) ([]byte, error) + func MarshalSm2PublicKey(key *PublicKey) ([]byte, error) + func MarshalSm2UnecryptedPrivateKey(key *PrivateKey) ([]byte, error) + func P256Sm2() elliptic.Curve + func ParseCRL(crlBytes []byte) (*pkix.CertificateList, error) + func ParseDERCRL(derBytes []byte) (*pkix.CertificateList, error) + func ParsePKCS1PrivateKey(der []byte) (*rsa.PrivateKey, error) + func ParsePKIXPublicKey(derBytes []byte) (pub interface{}, err error) + func RegisterHash(h Hash, f func() hash.Hash) + func Sign(priv *PrivateKey, hash []byte) (r, s *big.Int, err error) + func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool + func WritePrivateKeytoMem(key *PrivateKey, pwd []byte) ([]byte, error) + func WritePrivateKeytoPem(FileName string, key *PrivateKey, pwd []byte) (bool, error) + func WritePublicKeytoMem(key *PublicKey, _ []byte) ([]byte, error) + func WritePublicKeytoPem(FileName string, key *PublicKey, _ []byte) (bool, error) + type CertPool struct + func NewCertPool() *CertPool + func SystemCertPool() (*CertPool, error) + func (s *CertPool) AddCert(cert *Certificate) + func (s *CertPool) AppendCertsFromPEM(pemCerts []byte) (ok bool) + func (s *CertPool) Subjects() [][]byte + type Certificate struct + AuthorityKeyId []byte + BasicConstraintsValid bool + CRLDistributionPoints []string + DNSNames []string + EmailAddresses []string + ExtKeyUsage []ExtKeyUsage + Extensions []pkix.Extension + ExtraExtensions []pkix.Extension + IPAddresses []net.IP + IsCA bool + Issuer pkix.Name + IssuingCertificateURL []string + KeyUsage KeyUsage + MaxPathLen int + MaxPathLenZero bool + NotAfter time.Time + NotBefore time.Time + OCSPServer []string + PermittedDNSDomains []string + PermittedDNSDomainsCritical bool + PolicyIdentifiers []asn1.ObjectIdentifier + PublicKey interface{} + PublicKeyAlgorithm PublicKeyAlgorithm + Raw []byte + RawIssuer []byte + RawSubject []byte + RawSubjectPublicKeyInfo []byte + RawTBSCertificate []byte + SerialNumber *big.Int + Signature []byte + SignatureAlgorithm SignatureAlgorithm + Subject pkix.Name + SubjectKeyId []byte + UnhandledCriticalExtensions []asn1.ObjectIdentifier + UnknownExtKeyUsage []asn1.ObjectIdentifier + Version int + func ParseCertificate(asn1Data []byte) (*Certificate, error) + func ParseCertificates(asn1Data []byte) ([]*Certificate, error) + func ReadCertificateFromMem(data []byte) (*Certificate, error) + func ReadCertificateFromPem(FileName string) (*Certificate, error) + func (c *Certificate) CheckCRLSignature(crl *pkix.CertificateList) error + func (c *Certificate) CheckSignature(algo SignatureAlgorithm, signed, signature []byte) error + func (c *Certificate) CheckSignatureFrom(parent *Certificate) error + func (c *Certificate) CreateCRL(rand io.Reader, priv interface{}, revokedCerts []pkix.RevokedCertificate, ...) (crlBytes []byte, err error) + func (c *Certificate) Equal(other *Certificate) bool + func (c *Certificate) Verify(opts VerifyOptions) (chains [][]*Certificate, err error) + func (c *Certificate) VerifyHostname(h string) error + type CertificateInvalidError struct + Cert *Certificate + Reason InvalidReason + func (e CertificateInvalidError) Error() string + type CertificateRequest struct + Attributes []pkix.AttributeTypeAndValueSET + DNSNames []string + EmailAddresses []string + Extensions []pkix.Extension + ExtraExtensions []pkix.Extension + IPAddresses []net.IP + PublicKey interface{} + PublicKeyAlgorithm PublicKeyAlgorithm + Raw []byte + RawSubject []byte + RawSubjectPublicKeyInfo []byte + RawTBSCertificateRequest []byte + Signature []byte + SignatureAlgorithm SignatureAlgorithm + Subject pkix.Name + Version int + func ParseCertificateRequest(asn1Data []byte) (*CertificateRequest, error) + func ReadCertificateRequestFromMem(data []byte) (*CertificateRequest, error) + func ReadCertificateRequestFromPem(FileName string) (*CertificateRequest, error) + func (c *CertificateRequest) CheckSignature() error + type ConstraintViolationError struct + func (ConstraintViolationError) Error() string + type EncryptedPrivateKeyInfo struct + EncryptedData []byte + EncryptionAlgorithm Pbes2Algorithms + type ExtKeyUsage int + const ExtKeyUsageAny + const ExtKeyUsageClientAuth + const ExtKeyUsageCodeSigning + const ExtKeyUsageEmailProtection + const ExtKeyUsageIPSECEndSystem + const ExtKeyUsageIPSECTunnel + const ExtKeyUsageIPSECUser + const ExtKeyUsageMicrosoftServerGatedCrypto + const ExtKeyUsageNetscapeServerGatedCrypto + const ExtKeyUsageOCSPSigning + const ExtKeyUsageServerAuth + const ExtKeyUsageTimeStamping + type Hash uint + const MD4 + const MD5 + const MD5SHA1 + const RIPEMD160 + const SHA1 + const SHA224 + const SHA256 + const SHA384 + const SHA3_224 + const SHA3_256 + const SHA3_384 + const SHA3_512 + const SHA512 + const SHA512_224 + const SHA512_256 + const SM3 + func (h Hash) Available() bool + func (h Hash) HashFunc() crypto.Hash + func (h Hash) New() hash.Hash + func (h Hash) Size() int + type HostnameError struct + Certificate *Certificate + Host string + func (h HostnameError) Error() string + type InsecureAlgorithmError SignatureAlgorithm + func (e InsecureAlgorithmError) Error() string + type InvalidReason int + const CANotAuthorizedForThisName + const Expired + const IncompatibleUsage + const NameMismatch + const NotAuthorizedToSign + const TooManyIntermediates + type KeyUsage int + const KeyUsageCRLSign + const KeyUsageCertSign + const KeyUsageContentCommitment + const KeyUsageDataEncipherment + const KeyUsageDecipherOnly + const KeyUsageDigitalSignature + const KeyUsageEncipherOnly + const KeyUsageKeyAgreement + const KeyUsageKeyEncipherment + type Pbes2Algorithms struct + IdPBES2 asn1.ObjectIdentifier + Pbes2Params Pbes2Params + type Pbes2Encs struct + EncryAlgo asn1.ObjectIdentifier + IV []byte + type Pbes2KDfs struct + IdPBKDF2 asn1.ObjectIdentifier + Pkdf2Params Pkdf2Params + type Pbes2Params struct + EncryptionScheme Pbes2Encs + KeyDerivationFunc Pbes2KDfs + type Pkdf2Params struct + IterationCount int + Prf pkix.AlgorithmIdentifier + Salt []byte + type PrivateKey struct + D *big.Int + func GenerateKey() (*PrivateKey, error) + func ParsePKCS8EcryptedPrivateKey(der, pwd []byte) (*PrivateKey, error) + func ParsePKCS8PrivateKey(der, pwd []byte) (*PrivateKey, error) + func ParsePKCS8UnecryptedPrivateKey(der []byte) (*PrivateKey, error) + func ParseSm2PrivateKey(der []byte) (*PrivateKey, error) + func ReadPrivateKeyFromMem(data []byte, pwd []byte) (*PrivateKey, error) + func ReadPrivateKeyFromPem(FileName string, pwd []byte) (*PrivateKey, error) + func (priv *PrivateKey) Public() crypto.PublicKey + func (priv *PrivateKey) Sign(rand io.Reader, msg []byte, opts crypto.SignerOpts) ([]byte, error) + type PrivateKeyInfo struct + PrivateKey []byte + PrivateKeyAlgorithm []asn1.ObjectIdentifier + Version int + type PublicKey struct + X *big.Int + Y *big.Int + func ParseSm2PublicKey(der []byte) (*PublicKey, error) + func ReadPublicKeyFromMem(data []byte, _ []byte) (*PublicKey, error) + func ReadPublicKeyFromPem(FileName string, pwd []byte) (*PublicKey, error) + func (pub *PublicKey) Verify(msg []byte, sign []byte) bool + type PublicKeyAlgorithm int + const DSA + const ECDSA + const RSA + const UnknownPublicKeyAlgorithm + type SignatureAlgorithm int + const DSAWithSHA1 + const DSAWithSHA256 + const ECDSAWithSHA1 + const ECDSAWithSHA256 + const ECDSAWithSHA384 + const ECDSAWithSHA512 + const MD2WithRSA + const MD5WithRSA + const SHA1WithRSA + const SHA256WithRSA + const SHA256WithRSAPSS + const SHA384WithRSA + const SHA384WithRSAPSS + const SHA512WithRSA + const SHA512WithRSAPSS + const SM2WithSHA1 + const SM2WithSHA256 + const SM2WithSM3 + const UnknownSignatureAlgorithm + func (algo SignatureAlgorithm) String() string + type SystemRootsError struct + Err error + func (se SystemRootsError) Error() string + type UnhandledCriticalExtension struct + func (h UnhandledCriticalExtension) Error() string + type UnknownAuthorityError struct + Cert *Certificate + func (e UnknownAuthorityError) Error() string + type VerifyOptions struct + CurrentTime time.Time + DNSName string + Intermediates *CertPool + KeyUsages []ExtKeyUsage + Roots *CertPool