README
¶
Keystore
A go (golang) implementation of Java KeyStore encoder/decoder
Take into account that JKS assumes that private keys are PKCS8 encoded.
Example
package main
import (
"github.com/pavel-v-chernykh/keystore-go"
"log"
"os"
"reflect"
)
func readKeyStore(filename string, password []byte) keystore.KeyStore {
f, err := os.Open(filename)
defer f.Close()
if err != nil {
log.Fatal(err)
}
keyStore, err := keystore.Decode(f, password)
if err != nil {
log.Fatal(err)
}
return keyStore
}
func writeKeyStore(keyStore keystore.KeyStore, filename string, password []byte) {
o, err := os.Create(filename)
defer o.Close()
if err != nil {
log.Fatal(err)
}
err = keystore.Encode(o, keyStore, password)
if err != nil {
log.Fatal(err)
}
}
func zeroing(s []byte) {
for i := 0; i < len(s); i++ {
s[i] = 0
}
}
func main() {
password := []byte{'p', 'a', 's', 's', 'w', 'o', 'r', 'd'}
defer zeroing(password)
ks1 := readKeyStore("keystore.jks", password)
writeKeyStore(ks1, "keystore2.jks", password)
ks2 := readKeyStore("keystore2.jks", password)
log.Printf("Is equal: %v\n", reflect.DeepEqual(ks1, ks2))
}
For more examples explore examples dir
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ErrEncodedSequenceTooLong = errors.New("keystore: encoded sequence too long")
ErrEncodedSequenceTooLong indicates that size of string or bytes trying to encode too big
var ErrIncorrectEntryType = errors.New("keystore: incorrect entry type")
ErrIncorrectEntryType indicates incorrect entry type addressing
var ErrIncorrectMagic = errors.New("keystore: invalid keystore format")
ErrIncorrectMagic indicates incorrect file magic
var ErrIncorrectPrivateKey = errors.New("keystore: invalid private key format")
ErrIncorrectPrivateKey indicates incorrect private key entry content
var ErrIncorrectTag = errors.New("keystore: invalid keystore format")
ErrIncorrectTag indicates incorrect keystore entry tag
var ErrIncorrectVersion = errors.New("keystore: invalid keystore format")
ErrIncorrectVersion indicates incorrect keystore version format
var ErrInvalidDigest = errors.New("keystore: invalid digest")
ErrInvalidDigest indicates that keystore was tampered or password was incorrect
var ErrIo = errors.New("keystore: invalid keystore format")
ErrIo indicates i/o error
var ErrUnrecoverablePrivateKey = errors.New("keystore: unrecoverable private key")
ErrUnrecoverablePrivateKey indicates unrecoverable private key content (often means wrong password usage)
var ErrUnsupportedPrivateKeyAlgorithm = errors.New("keystore: unsupported private key algorithm")
ErrUnsupportedPrivateKeyAlgorithm indicates unsupported private key algorithm
Functions ¶
func Encode ¶
Encode encrypts and signs keystore using password and writes its representation into w It is strongly recommended to fill password slice with zero after usage
func EncodeWithRand ¶
Encode encrypts and signs keystore using password and writes its representation into w Random bytes are read from rand, which must be a cryptographically secure source of randomness It is strongly recommended to fill password slice with zero after usage
Types ¶
type Certificate ¶
Certificate describes type of certificate
type KeyStore ¶
type KeyStore map[string]interface{}
KeyStore is a mapping of alias to pointer to PrivateKeyEntry or TrustedCertificateEntry
type PrivateKeyEntry ¶
type PrivateKeyEntry struct {
Entry
PrivKey []byte
CertChain []Certificate
}
PrivateKeyEntry is an entry for private keys and associated certificates
type TrustedCertificateEntry ¶
type TrustedCertificateEntry struct {
Entry
Certificate Certificate
}
TrustedCertificateEntry is an entry for certificates only
Source Files