Documentation ¶
Index ¶
- Constants
- Variables
- func AddKey(name string, key KeyFunc)
- func AllKey() map[string]KeyFunc
- func Decode(pfxData []byte, password string) (privateKey crypto.PrivateKey, certificate *x509.Certificate, err error)
- func DecodeChain(pfxData []byte, password string) (privateKey crypto.PrivateKey, certificate *x509.Certificate, ...)
- func DecodeSecret(pfxData []byte, password string) (secretKey []byte, err error)
- func DecodeTrustStore(pfxData []byte, password string) (certs []*x509.Certificate, err error)
- func Encode(rand io.Reader, privateKey crypto.PrivateKey, certificate *x509.Certificate, ...) (pfxData []byte, err error)
- func EncodeChain(rand io.Reader, privateKey crypto.PrivateKey, certificate *x509.Certificate, ...) (pfxData []byte, err error)
- func EncodeSecret(rand io.Reader, secretKey []byte, password string, opts ...Opts) (pfxData []byte, err error)
- func EncodeTrustStore(rand io.Reader, certs []*x509.Certificate, password string, opts ...Opts) (pfxData []byte, err error)
- func EncodeTrustStoreEntries(rand io.Reader, entries []TrustStoreEntry, password string, opts ...Opts) (pfxData []byte, err error)
- func GetStructName(s any) (name string)
- func MarshalPKCS8PrivateKey(privateKey crypto.PrivateKey) ([]byte, error)
- func MarshalPrivateKey(privateKey crypto.PrivateKey) ([]byte, error)
- func ParsePKCS8PrivateKey(pkData []byte) (privateKey crypto.PrivateKey, err error)
- func ToPEM(pfxData []byte, password string) ([]*pem.Block, error)
- type CRLBagData
- type CRLBagEntry
- type CertBagCheckData
- type CertBagEntry
- func (this *CertBagEntry) DecodeCertBag(asn1Data []byte) (cert []byte, err error)
- func (this *CertBagEntry) EncodeCertBag(cert []byte) (asn1Data []byte, err error)
- func (this *CertBagEntry) GetType() CertType
- func (this *CertBagEntry) MakeCertBag(certBytes []byte, attributes []PKCS12Attribute) (certBag *SafeBag, err error)
- func (this *CertBagEntry) WithType(typ CertType) *CertBagEntry
- type CertKDFOpts
- type CertSdsiBagData
- type CertType
- type CertX509BagData
- type Cipher
- type ContentInfo
- type DigestInfo
- type EncryptedContentInfo
- type EncryptedData
- type EnvelopedOpts
- type Hash
- type ISafeBagData
- type Key
- type KeyDSA
- type KeyEcdsa
- type KeyEdDSA
- type KeyFunc
- type KeyGost
- type KeyKDFOpts
- type KeyRsa
- type KeySM2
- type Keys
- type MacData
- type MacKDFOpts
- type MacKDFParameters
- type MacOpts
- type NotImplementedError
- type Opts
- type PBKDF2Opts
- type PBMAC1Hash
- type PBMAC1Opts
- type PKCS12
- func (this *PKCS12) AddCRL(crl *pkix.CertificateList) error
- func (this *PKCS12) AddCRLBytes(crl []byte)
- func (this *PKCS12) AddCaCert(ca *x509.Certificate)
- func (this *PKCS12) AddCaCertBytes(ca []byte)
- func (this *PKCS12) AddCaCerts(caCerts []*x509.Certificate)
- func (this *PKCS12) AddCaCertsBytes(caCerts [][]byte)
- func (this *PKCS12) AddCert(cert *x509.Certificate)
- func (this *PKCS12) AddCertBytes(cert []byte)
- func (this *PKCS12) AddPrivateKey(privateKey crypto.PrivateKey) error
- func (this *PKCS12) AddPrivateKeyBytes(privateKey []byte)
- func (this *PKCS12) AddSdsiCertBytes(cert []byte)
- func (this *PKCS12) AddSecretKey(secretKey []byte)
- func (this *PKCS12) AddTrustStore(cert *x509.Certificate)
- func (this *PKCS12) AddTrustStoreEntries(entries []TrustStoreData)
- func (this *PKCS12) AddTrustStoreEntry(cert *x509.Certificate, friendlyName string)
- func (this *PKCS12) AddTrustStoreEntryBytes(cert []byte, friendlyName string)
- func (this *PKCS12) AddTrustStores(certs []*x509.Certificate)
- func (this *PKCS12) GetCRL() (crl *pkix.CertificateList, attrs PKCS12Attributes, err error)
- func (this *PKCS12) GetCRLBytes() (crl []byte, attrs PKCS12Attributes, err error)
- func (this *PKCS12) GetCaCerts() (caCerts []*x509.Certificate, err error)
- func (this *PKCS12) GetCaCertsBytes() (caCerts [][]byte, err error)
- func (this *PKCS12) GetCert() (cert *x509.Certificate, attrs PKCS12Attributes, err error)
- func (this *PKCS12) GetCertBytes() (cert []byte, attrs PKCS12Attributes, err error)
- func (this *PKCS12) GetPrivateKey() (prikey crypto.PrivateKey, attrs PKCS12Attributes, err error)
- func (this *PKCS12) GetPrivateKeyBytes() (prikey []byte, attrs PKCS12Attributes, err error)
- func (this *PKCS12) GetSdsiCertBytes() (cert []byte, attrs PKCS12Attributes, err error)
- func (this *PKCS12) GetSecretKey() (secretKey []byte, attrs PKCS12Attributes, err error)
- func (this *PKCS12) GetTrustStoreEntries() (trustStores []trustStoreKeyData, err error)
- func (this *PKCS12) GetTrustStoreEntriesBytes() (trustStores []trustStoreKeyDataBytes, err error)
- func (this *PKCS12) GetTrustStores() (trustStores []*x509.Certificate, err error)
- func (this *PKCS12) GetTrustStoresBytes() (trustStores [][]byte, err error)
- func (this *PKCS12) GetUnknowsBytes() (unknowDatas []unknowDataBytes, err error)
- func (this *PKCS12) HasCRL() bool
- func (this *PKCS12) HasCaCert() bool
- func (this *PKCS12) HasCert() bool
- func (this *PKCS12) HasPrivateKey() bool
- func (this *PKCS12) HasSdsiCert() bool
- func (this *PKCS12) HasSecretKey() bool
- func (this *PKCS12) HasTrustStore() bool
- func (this *PKCS12) HasUnknow() bool
- func (this *PKCS12) Marshal(rand io.Reader, password string, opts ...Opts) (pfxData []byte, err error)
- func (this *PKCS12) Parse(pfxData []byte, password string) (*PKCS12, error)
- func (this *PKCS12) String() string
- func (this *PKCS12) ToOriginalPEM() ([]*pem.Block, error)
- func (this *PKCS12) ToPEM() ([]*pem.Block, error)
- func (this *PKCS12) WithEnvelopedOpts(opts EnvelopedOpts) *PKCS12
- func (this *PKCS12) WithLocalKeyId(id []byte) *PKCS12
- type PKCS12Attribute
- type PKCS12Attributes
- func (this PKCS12Attributes) Attributes() []PKCS12Attribute
- func (this PKCS12Attributes) GetAttr(name string) string
- func (this PKCS12Attributes) HasAttr(name string) bool
- func (this PKCS12Attributes) Names() []string
- func (this PKCS12Attributes) String() string
- func (this PKCS12Attributes) ToArray() map[string]string
- func (this PKCS12Attributes) Verify(data []byte) bool
- type PfxPdu
- type SafeBag
- type SafeBagData
- type ScryptOpts
- type TrustStoreData
- type TrustStoreEntry
- type TrustStoreKey
Examples ¶
Constants ¶
const ( CertificateType = "CERTIFICATE" CRLType = "X509 CRL" PrivateKeyType = "PRIVATE KEY" )
PEM block types
const DefaultPassword = "cryptobin"
DefaultPassword is the string "cryptobin", a commonly-used password for PKCS#12 files. Due to the weak encryption used by PKCS#12, it is RECOMMENDED that you use DefaultPassword when encoding PKCS#12 files, and protect the PKCS#12 files using other means.
const (
// PKCS12 系列
PKCS12Version = 3
)
Variables ¶
var ( AddCipher = pbes1.AddCipher GetCipher = pbes1.GetCipher )
别名
var ( CipherSHA1And3DES = pbes1.SHA1And3DES CipherSHA1And2DES = pbes1.SHA1And2DES CipherSHA1AndRC2_128 = pbes1.SHA1AndRC2_128 CipherSHA1AndRC2_40 = pbes1.SHA1AndRC2_40 CipherSHA1AndRC4_128 = pbes1.SHA1AndRC4_128 CipherSHA1AndRC4_40 = pbes1.SHA1AndRC4_40 MD5AndCAST5 = pbes1.MD5AndCAST5 SHAAndTwofish = pbes1.SHAAndTwofish )
加密方式
var ( // ErrDecryption represents a failure to decrypt the input. ErrDecryption = errors.New("pkcs12: decryption error, incorrect padding") // ErrIncorrectPassword is returned when an incorrect password is detected. // Usually, P12/PFX data is signed to be able to verify the password. ErrIncorrectPassword = errors.New("pkcs12: decryption password incorrect") )
var ( // marshal pkcs12 NewEncode = New // marshal pkcs12 NewPKCS12Encode = NewPKCS12 // LoadPKCS12 loads the key store from the bytes data. LoadPKCS12 = LoadFromBytes // LoadPKCS12FromBytes loads the key store from the bytes data. LoadPKCS12FromBytes = LoadFromBytes // LoadPKCS12FromReader loads the key store from the specified file. LoadPKCS12FromReader = LoadFromReader )
别名
var ( // 获取 Cipher 类型 GetPbes1CipherFromName = pbes1.GetCipherFromName // 检测 Cipher 类型 CheckPbes1CipherFromName = pbes1.CheckCipherFromName // 获取 Cipher 类型 GetPbes2CipherFromName = pbes2.GetCipherFromName // 获取 hash 类型 GetPbes2HashFromName = pbes2.GetHashFromName )
var ( // 默认 hash DefaultHash = SHA1 )
var DefaultOpts = LegacyRC2Opts
Default Opts
var ( // 默认 PBMAC1 hash DefaultPBMAC1Hash = PBMAC1_SHA1 )
var EnvelopedCipher = envelopedCipher{}
var LegacyDESOpts = Opts{ KeyCipher: pbes1.SHA1And3DES, CertCipher: CipherSHA1And3DES, MacKDFOpts: MacOpts{ SaltSize: 8, IterationCount: 1, HMACHash: SHA1, }, }
LegacyDES
var LegacyGmsmOpts = Opts{ KeyCipher: pbes2.SM4CBC, KeyKDFOpts: PBKDF2Opts{ SaltSize: 16, IterationCount: 1000, HMACHash: GetPbes2HashFromName("SM3"), }, CertCipher: pbes2.SM4CBC, CertKDFOpts: PBKDF2Opts{ SaltSize: 16, IterationCount: 1000, HMACHash: GetPbes2HashFromName("SM3"), }, MacKDFOpts: MacOpts{ SaltSize: 16, IterationCount: 1000, HMACHash: SM3, }, }
LegacyGmsm
var LegacyGostOpts = Opts{ KeyCipher: pbes2.GostCipher, KeyKDFOpts: PBKDF2Opts{ SaltSize: 32, IterationCount: 2000, HMACHash: GetPbes2HashFromName("GOST34112012512"), }, CertCipher: pbes2.GostCipher, CertKDFOpts: PBKDF2Opts{ SaltSize: 32, IterationCount: 2000, HMACHash: GetPbes2HashFromName("GOST34112012512"), }, MacKDFOpts: MacOpts{ SaltSize: 32, IterationCount: 2000, HMACHash: GOST34112012512, }, }
LegacyGost
var LegacyOpts = LegacyDESOpts
LegacyOpts
var LegacyPBMAC1Opts = Opts{ KeyCipher: pbes2.AES256CBC, KeyKDFOpts: PBKDF2Opts{ SaltSize: 8, IterationCount: 2048, }, CertCipher: pbes2.AES256CBC, CertKDFOpts: PBKDF2Opts{ SaltSize: 8, IterationCount: 2048, }, MacKDFOpts: PBMAC1Opts{ SaltSize: 8, IterationCount: 2048, KDFHash: PBMAC1_SHA256, HMACHash: PBMAC1_SHA256, // contains filtered or unexported fields }, }
LegacyPBMAC1
var LegacyRC2Opts = Opts{ KeyCipher: pbes1.SHA1And3DES, CertCipher: CipherSHA1AndRC2_40, MacKDFOpts: MacOpts{ SaltSize: 8, IterationCount: 1, HMACHash: SHA1, }, }
LegacyRC2
var Modern2023Opts = Opts{ KeyCipher: pbes2.AES256CBC, KeyKDFOpts: PBKDF2Opts{ SaltSize: 16, IterationCount: 2048, }, CertCipher: pbes2.AES256CBC, CertKDFOpts: PBKDF2Opts{ SaltSize: 16, IterationCount: 2048, }, MacKDFOpts: MacOpts{ SaltSize: 16, IterationCount: 2048, HMACHash: SHA256, }, }
Modern2023
var ModernOpts = Modern2023Opts
ModernOpts
var PasswordlessOpts = Opts{ KeyCipher: nil, CertCipher: nil, MacKDFOpts: nil, }
Passwordless
Functions ¶
func Decode ¶
func Decode(pfxData []byte, password string) ( privateKey crypto.PrivateKey, certificate *x509.Certificate, err error, )
Decode extracts a certificate and private key from pfxData, which must be a DER-encoded PKCS#12 file.
func DecodeChain ¶
func DecodeChain(pfxData []byte, password string) ( privateKey crypto.PrivateKey, certificate *x509.Certificate, caCerts []*x509.Certificate, err error, )
DecodeChain extracts a certificate, a CA certificate chain, and private key from pfxData, which must be a DER-encoded PKCS#12 file.
func DecodeSecret ¶
DecodeSecret extracts the Secret key from pfxData, which must be a DER-encoded
func DecodeTrustStore ¶
func DecodeTrustStore(pfxData []byte, password string) (certs []*x509.Certificate, err error)
DecodeTrustStore extracts the certificates from pfxData, which must be a DER-encoded
func Encode ¶
func Encode( rand io.Reader, privateKey crypto.PrivateKey, certificate *x509.Certificate, password string, opts ...Opts, ) (pfxData []byte, err error)
for go
func EncodeChain ¶
func EncodeChain( rand io.Reader, privateKey crypto.PrivateKey, certificate *x509.Certificate, caCerts []*x509.Certificate, password string, opts ...Opts, ) (pfxData []byte, err error)
EncodeChain produces pfxData containing one private key (privateKey), an end-entity certificate (certificate), and any number of CA certificates (caCerts).
func EncodeSecret ¶
func EncodeSecret(rand io.Reader, secretKey []byte, password string, opts ...Opts) (pfxData []byte, err error)
Encode Secret with der
func EncodeTrustStore ¶
func EncodeTrustStore( rand io.Reader, certs []*x509.Certificate, password string, opts ...Opts, ) (pfxData []byte, err error)
EncodeTrustStore produces pfxData containing any number of CA certificates (certs) to be trusted. The certificates will be marked with a special OID that allow it to be used as a Java TrustStore in Java 1.8 and newer.
func EncodeTrustStoreEntries ¶
func EncodeTrustStoreEntries( rand io.Reader, entries []TrustStoreEntry, password string, opts ...Opts, ) (pfxData []byte, err error)
EncodeTrustStoreEntries produces pfxData containing any number of CA certificates (entries) to be trusted. The certificates will be marked with a special OID that allow it to be used as a Java TrustStore in Java 1.8 and newer.
func MarshalPKCS8PrivateKey ¶
func MarshalPKCS8PrivateKey(privateKey crypto.PrivateKey) ([]byte, error)
从注册的 key 列表编码证书
func MarshalPrivateKey ¶
func MarshalPrivateKey(privateKey crypto.PrivateKey) ([]byte, error)
从注册的 key 列表编码证书
func ParsePKCS8PrivateKey ¶
func ParsePKCS8PrivateKey(pkData []byte) (privateKey crypto.PrivateKey, err error)
从注册的 key 列表解析证书
func ToPEM ¶
ToPEM converts all "safe bags" contained in pfxData to PEM blocks.
Example ¶
p12, _ := base64.StdEncoding.DecodeString(`MIIJzgIBAzCCCZQGCS ... CA+gwggPk==`) blocks, err := ToPEM(p12, "password") if err != nil { panic(err) } var pemData []byte for _, b := range blocks { pemData = append(pemData, pem.EncodeToMemory(b)...) } // then use PEM data for tls to construct tls certificate: cert, err := tls.X509KeyPair(pemData, pemData) if err != nil { panic(err) } config := &tls.Config{ Certificates: []tls.Certificate{cert}, } _ = config
Output:
Types ¶
type CRLBagData ¶ added in v1.0.2034
type CRLBagData struct { Id asn1.ObjectIdentifier Data []byte `asn1:"tag:0,explicit"` }
type CRLBagEntry ¶ added in v1.0.2034
type CRLBagEntry struct{}
func NewCRLBagEntry ¶ added in v1.0.2034
func NewCRLBagEntry() *CRLBagEntry
func (*CRLBagEntry) DecodeCertBag ¶ added in v1.0.2034
func (this *CRLBagEntry) DecodeCertBag(asn1Data []byte) (cert []byte, err error)
func (*CRLBagEntry) EncodeCertBag ¶ added in v1.0.2034
func (this *CRLBagEntry) EncodeCertBag(cert []byte) (asn1Data []byte, err error)
func (*CRLBagEntry) MakeCertBag ¶ added in v1.0.2034
func (this *CRLBagEntry) MakeCertBag(certBytes []byte, attributes []PKCS12Attribute) (certBag *SafeBag, err error)
type CertBagCheckData ¶ added in v1.0.2034
type CertBagCheckData struct { Id asn1.ObjectIdentifier Data asn1.RawValue }
type CertBagEntry ¶ added in v1.0.2034
type CertBagEntry struct {
Type CertType
}
func NewCertBagEntry ¶ added in v1.0.2034
func NewCertBagEntry() *CertBagEntry
func (*CertBagEntry) DecodeCertBag ¶ added in v1.0.2034
func (this *CertBagEntry) DecodeCertBag(asn1Data []byte) (cert []byte, err error)
func (*CertBagEntry) EncodeCertBag ¶ added in v1.0.2034
func (this *CertBagEntry) EncodeCertBag(cert []byte) (asn1Data []byte, err error)
func (*CertBagEntry) GetType ¶ added in v1.0.2034
func (this *CertBagEntry) GetType() CertType
func (*CertBagEntry) MakeCertBag ¶ added in v1.0.2034
func (this *CertBagEntry) MakeCertBag(certBytes []byte, attributes []PKCS12Attribute) (certBag *SafeBag, err error)
func (*CertBagEntry) WithType ¶ added in v1.0.2034
func (this *CertBagEntry) WithType(typ CertType) *CertBagEntry
type CertKDFOpts ¶ added in v1.0.2031
type CertSdsiBagData ¶ added in v1.0.2034
type CertSdsiBagData struct { Id asn1.ObjectIdentifier Data string `asn1:"ia5"` }
type CertX509BagData ¶ added in v1.0.2034
type CertX509BagData struct { Id asn1.ObjectIdentifier Data []byte `asn1:"tag:0,explicit"` }
type Cipher ¶
type Cipher interface { // oid OID() asn1.ObjectIdentifier // 值大小 KeySize() int // 是否有 KeyLength HasKeyLength() bool // 密码是否需要 Bmp 处理 NeedBmpPassword() bool // 加密, 返回: [加密后数据, 参数, error] Encrypt(rand io.Reader, key, plaintext []byte) ([]byte, []byte, error) // 解密 Decrypt(key, params, ciphertext []byte) ([]byte, error) }
加密接口
type ContentInfo ¶ added in v1.0.2032
type ContentInfo struct { ContentType asn1.ObjectIdentifier Content asn1.RawValue `asn1:"tag:0,explicit,optional"` }
type DigestInfo ¶ added in v1.0.2032
type DigestInfo struct { Algorithm pkix.AlgorithmIdentifier Digest []byte }
from PKCS#7:
type EncryptedContentInfo ¶ added in v1.0.2032
type EncryptedContentInfo struct { ContentType asn1.ObjectIdentifier ContentEncryptionAlgorithm pkix.AlgorithmIdentifier EncryptedContent []byte `asn1:"tag:0,optional"` }
func (EncryptedContentInfo) Algorithm ¶ added in v1.0.2032
func (this EncryptedContentInfo) Algorithm() pkix.AlgorithmIdentifier
func (EncryptedContentInfo) Data ¶ added in v1.0.2032
func (this EncryptedContentInfo) Data() []byte
type EncryptedData ¶ added in v1.0.2032
type EncryptedData struct { Version int EncryptedContentInfo EncryptedContentInfo }
type EnvelopedOpts ¶ added in v1.0.2034
type EnvelopedOpts struct { // 加密方式 Cipher enveloped.Cipher KeyEncrypt enveloped.KeyEncrypt // 加密参数 Recipients []*x509.Certificate // 解密参数 Cert *x509.Certificate PrivateKey crypto.PrivateKey }
Enveloped 加密配置
type ISafeBagData ¶ added in v1.0.2033
type ISafeBagData interface { // Attributes return the PKCS12AttrSet of the safe bag Attributes() map[string]string // Data Data() []byte // Attrs Attrs() PKCS12Attributes // FriendlyName return the value of `friendlyName` // attribute if exists, otherwise it will return empty string FriendlyName() string }
SafeBagData
type Key ¶
type Key interface { // 包装默认证书 MarshalPrivateKey(privateKey crypto.PrivateKey) (pkData []byte, err error) // 包装 PKCS8 证书 MarshalPKCS8PrivateKey(privateKey crypto.PrivateKey) (pkData []byte, err error) // 解析 PKCS8 证书 ParsePKCS8PrivateKey(pkData []byte) (crypto.PrivateKey, error) }
Key 接口
type KeyDSA ¶
type KeyDSA struct{}
DSA
func (KeyDSA) MarshalPKCS8PrivateKey ¶
func (this KeyDSA) MarshalPKCS8PrivateKey(privateKey crypto.PrivateKey) ([]byte, error)
包装
func (KeyDSA) MarshalPrivateKey ¶
func (this KeyDSA) MarshalPrivateKey(privateKey crypto.PrivateKey) ([]byte, error)
包装
func (KeyDSA) ParsePKCS8PrivateKey ¶
func (this KeyDSA) ParsePKCS8PrivateKey(pkData []byte) (crypto.PrivateKey, error)
解析
type KeyEcdsa ¶
type KeyEcdsa struct{}
Ecdsa
func (KeyEcdsa) MarshalPKCS8PrivateKey ¶
func (this KeyEcdsa) MarshalPKCS8PrivateKey(privateKey crypto.PrivateKey) ([]byte, error)
包装
func (KeyEcdsa) MarshalPrivateKey ¶
func (this KeyEcdsa) MarshalPrivateKey(privateKey crypto.PrivateKey) ([]byte, error)
包装
func (KeyEcdsa) ParsePKCS8PrivateKey ¶
func (this KeyEcdsa) ParsePKCS8PrivateKey(pkData []byte) (crypto.PrivateKey, error)
解析
type KeyEdDSA ¶
type KeyEdDSA struct{}
EdDSA
func (KeyEdDSA) MarshalPKCS8PrivateKey ¶
func (this KeyEdDSA) MarshalPKCS8PrivateKey(privateKey crypto.PrivateKey) ([]byte, error)
包装
func (KeyEdDSA) MarshalPrivateKey ¶
func (this KeyEdDSA) MarshalPrivateKey(privateKey crypto.PrivateKey) ([]byte, error)
包装
func (KeyEdDSA) ParsePKCS8PrivateKey ¶
func (this KeyEdDSA) ParsePKCS8PrivateKey(pkData []byte) (crypto.PrivateKey, error)
解析
type KeyGost ¶ added in v1.0.2050
type KeyGost struct{}
Gost
func (KeyGost) MarshalPKCS8PrivateKey ¶ added in v1.0.2050
func (this KeyGost) MarshalPKCS8PrivateKey(privateKey crypto.PrivateKey) ([]byte, error)
包装
func (KeyGost) MarshalPrivateKey ¶ added in v1.0.2050
func (this KeyGost) MarshalPrivateKey(privateKey crypto.PrivateKey) ([]byte, error)
包装
func (KeyGost) ParsePKCS8PrivateKey ¶ added in v1.0.2050
func (this KeyGost) ParsePKCS8PrivateKey(pkData []byte) (crypto.PrivateKey, error)
解析
type KeyRsa ¶
type KeyRsa struct{}
rsa
func (KeyRsa) MarshalPKCS8PrivateKey ¶
func (this KeyRsa) MarshalPKCS8PrivateKey(privateKey crypto.PrivateKey) ([]byte, error)
包装
func (KeyRsa) MarshalPrivateKey ¶
func (this KeyRsa) MarshalPrivateKey(privateKey crypto.PrivateKey) ([]byte, error)
包装
func (KeyRsa) ParsePKCS8PrivateKey ¶
func (this KeyRsa) ParsePKCS8PrivateKey(pkData []byte) (crypto.PrivateKey, error)
解析
type KeySM2 ¶
type KeySM2 struct{}
SM2
func (KeySM2) MarshalPKCS8PrivateKey ¶
func (this KeySM2) MarshalPKCS8PrivateKey(privateKey crypto.PrivateKey) ([]byte, error)
包装
func (KeySM2) MarshalPrivateKey ¶
func (this KeySM2) MarshalPrivateKey(privateKey crypto.PrivateKey) ([]byte, error)
包装
func (KeySM2) ParsePKCS8PrivateKey ¶
func (this KeySM2) ParsePKCS8PrivateKey(pkData []byte) (crypto.PrivateKey, error)
解析
type Keys ¶ added in v1.0.2032
type Keys struct {
// contains filtered or unexported fields
}
Key 数据
type MacData ¶ added in v1.0.2032
type MacData struct { Mac DigestInfo MacSalt []byte Iterations int `asn1:"optional,default:1"` }
type MacKDFOpts ¶ added in v1.0.2031
type MacKDFOpts interface { // 构造 Compute(message []byte, password []byte) (data MacKDFParameters, err error) }
KDF 设置接口
type MacKDFParameters ¶ added in v1.0.2031
数据接口
type NotImplementedError ¶
type NotImplementedError string
NotImplementedError indicates that the input is not currently supported.
func (NotImplementedError) Error ¶
func (e NotImplementedError) Error() string
type Opts ¶
type Opts struct { KeyCipher Cipher KeyKDFOpts KeyKDFOpts CertCipher Cipher CertKDFOpts CertKDFOpts MacKDFOpts MacKDFOpts }
配置
func (Opts) WithCertCipher ¶ added in v1.0.2031
func (Opts) WithCertKDFOpts ¶ added in v1.0.2031
func (this Opts) WithCertKDFOpts(opts CertKDFOpts) Opts
func (Opts) WithKeyCipher ¶ added in v1.0.2031
func (Opts) WithKeyKDFOpts ¶ added in v1.0.2031
func (this Opts) WithKeyKDFOpts(opts KeyKDFOpts) Opts
func (Opts) WithMacKDFOpts ¶ added in v1.0.2031
func (this Opts) WithMacKDFOpts(opts MacKDFOpts) Opts
type PBMAC1Hash ¶ added in v1.0.2079
type PBMAC1Hash uint
const ( PBMAC1_MD5 PBMAC1Hash = 1 + iota PBMAC1_SHA1 PBMAC1_SHA224 PBMAC1_SHA256 PBMAC1_SHA384 PBMAC1_SHA512 PBMAC1_SHA512_224 PBMAC1_SHA512_256 PBMAC1_SM3 PBMAC1_GOST34112012256 PBMAC1_GOST34112012512 )
type PBMAC1Opts ¶ added in v1.0.2079
type PBMAC1Opts struct { SaltSize int IterationCount int KDFHash PBMAC1Hash HMACHash PBMAC1Hash // contains filtered or unexported fields }
PBMAC1 配置
func (PBMAC1Opts) Compute ¶ added in v1.0.2079
func (this PBMAC1Opts) Compute(message []byte, password []byte) (data MacKDFParameters, err error)
type PKCS12 ¶ added in v1.0.2033
type PKCS12 struct {
// contains filtered or unexported fields
}
PKCS12 结构
func LoadFromBytes ¶ added in v1.0.2075
LoadFromBytes loads the key store from the bytes data.
func LoadFromReader ¶ added in v1.0.2075
LoadFromReader loads the key store from the specified file.
func (*PKCS12) AddCRL ¶ added in v1.0.2034
func (this *PKCS12) AddCRL(crl *pkix.CertificateList) error
func (*PKCS12) AddCRLBytes ¶ added in v1.0.2034
func (*PKCS12) AddCaCert ¶ added in v1.0.2033
func (this *PKCS12) AddCaCert(ca *x509.Certificate)
func (*PKCS12) AddCaCertBytes ¶ added in v1.0.2033
func (*PKCS12) AddCaCerts ¶ added in v1.0.2033
func (this *PKCS12) AddCaCerts(caCerts []*x509.Certificate)
func (*PKCS12) AddCaCertsBytes ¶ added in v1.0.2033
func (*PKCS12) AddCert ¶ added in v1.0.2033
func (this *PKCS12) AddCert(cert *x509.Certificate)
func (*PKCS12) AddCertBytes ¶ added in v1.0.2033
func (*PKCS12) AddPrivateKey ¶ added in v1.0.2033
func (this *PKCS12) AddPrivateKey(privateKey crypto.PrivateKey) error
func (*PKCS12) AddPrivateKeyBytes ¶ added in v1.0.2033
func (*PKCS12) AddSdsiCertBytes ¶ added in v1.0.2034
func (*PKCS12) AddSecretKey ¶ added in v1.0.2033
func (*PKCS12) AddTrustStore ¶ added in v1.0.2033
func (this *PKCS12) AddTrustStore(cert *x509.Certificate)
func (*PKCS12) AddTrustStoreEntries ¶ added in v1.0.2033
func (this *PKCS12) AddTrustStoreEntries(entries []TrustStoreData)
func (*PKCS12) AddTrustStoreEntry ¶ added in v1.0.2033
func (this *PKCS12) AddTrustStoreEntry(cert *x509.Certificate, friendlyName string)
func (*PKCS12) AddTrustStoreEntryBytes ¶ added in v1.0.2033
func (*PKCS12) AddTrustStores ¶ added in v1.0.2033
func (this *PKCS12) AddTrustStores(certs []*x509.Certificate)
func (*PKCS12) GetCRL ¶ added in v1.0.2034
func (this *PKCS12) GetCRL() (crl *pkix.CertificateList, attrs PKCS12Attributes, err error)
func (*PKCS12) GetCRLBytes ¶ added in v1.0.2034
func (this *PKCS12) GetCRLBytes() (crl []byte, attrs PKCS12Attributes, err error)
func (*PKCS12) GetCaCerts ¶ added in v1.0.2033
func (this *PKCS12) GetCaCerts() (caCerts []*x509.Certificate, err error)
func (*PKCS12) GetCaCertsBytes ¶ added in v1.0.2033
func (*PKCS12) GetCert ¶ added in v1.0.2033
func (this *PKCS12) GetCert() (cert *x509.Certificate, attrs PKCS12Attributes, err error)
func (*PKCS12) GetCertBytes ¶ added in v1.0.2033
func (this *PKCS12) GetCertBytes() (cert []byte, attrs PKCS12Attributes, err error)
func (*PKCS12) GetPrivateKey ¶ added in v1.0.2033
func (this *PKCS12) GetPrivateKey() (prikey crypto.PrivateKey, attrs PKCS12Attributes, err error)
func (*PKCS12) GetPrivateKeyBytes ¶ added in v1.0.2033
func (this *PKCS12) GetPrivateKeyBytes() (prikey []byte, attrs PKCS12Attributes, err error)
func (*PKCS12) GetSdsiCertBytes ¶ added in v1.0.2034
func (this *PKCS12) GetSdsiCertBytes() (cert []byte, attrs PKCS12Attributes, err error)
func (*PKCS12) GetSecretKey ¶ added in v1.0.2033
func (this *PKCS12) GetSecretKey() (secretKey []byte, attrs PKCS12Attributes, err error)
func (*PKCS12) GetTrustStoreEntries ¶ added in v1.0.2033
func (*PKCS12) GetTrustStoreEntriesBytes ¶ added in v1.0.2033
func (*PKCS12) GetTrustStores ¶ added in v1.0.2033
func (this *PKCS12) GetTrustStores() (trustStores []*x509.Certificate, err error)
func (*PKCS12) GetTrustStoresBytes ¶ added in v1.0.2033
func (*PKCS12) GetUnknowsBytes ¶ added in v1.0.2034
func (*PKCS12) HasPrivateKey ¶ added in v1.0.2033
func (*PKCS12) HasSdsiCert ¶ added in v1.0.2034
func (*PKCS12) HasSecretKey ¶ added in v1.0.2033
func (*PKCS12) HasTrustStore ¶ added in v1.0.2033
func (*PKCS12) ToOriginalPEM ¶ added in v1.0.2033
生成原始数据的PEM证书
func (*PKCS12) WithEnvelopedOpts ¶ added in v1.0.2034
func (this *PKCS12) WithEnvelopedOpts(opts EnvelopedOpts) *PKCS12
func (*PKCS12) WithLocalKeyId ¶ added in v1.0.2034
type PKCS12Attribute ¶ added in v1.0.2032
type PKCS12Attribute struct { Id asn1.ObjectIdentifier Value asn1.RawValue `asn1:"set"` }
type PKCS12Attributes ¶ added in v1.0.2033
type PKCS12Attributes struct {
// contains filtered or unexported fields
}
额外数据
func NewPKCS12Attributes ¶ added in v1.0.2033
func NewPKCS12Attributes(attrs []PKCS12Attribute) PKCS12Attributes
func NewPKCS12AttributesEmpty ¶ added in v1.0.2033
func NewPKCS12AttributesEmpty() PKCS12Attributes
func (PKCS12Attributes) Attributes ¶ added in v1.0.2033
func (this PKCS12Attributes) Attributes() []PKCS12Attribute
数据
func (PKCS12Attributes) GetAttr ¶ added in v1.0.2034
func (this PKCS12Attributes) GetAttr(name string) string
获取
func (PKCS12Attributes) HasAttr ¶ added in v1.0.2034
func (this PKCS12Attributes) HasAttr(name string) bool
判断
func (PKCS12Attributes) Names ¶ added in v1.0.2039
func (this PKCS12Attributes) Names() []string
键值列表
func (PKCS12Attributes) String ¶ added in v1.0.2033
func (this PKCS12Attributes) String() string
返回字符
func (PKCS12Attributes) ToArray ¶ added in v1.0.2033
func (this PKCS12Attributes) ToArray() map[string]string
返回数据
func (PKCS12Attributes) Verify ¶ added in v1.0.2033
func (this PKCS12Attributes) Verify(data []byte) bool
验证签名数据
type PfxPdu ¶ added in v1.0.2032
type PfxPdu struct { Version int AuthSafe ContentInfo MacData MacData `asn1:"optional"` }
type SafeBag ¶ added in v1.0.2032
type SafeBag struct { Id asn1.ObjectIdentifier Value asn1.RawValue `asn1:"tag:0,explicit"` Attributes []PKCS12Attribute `asn1:"set,optional"` }
type SafeBagData ¶ added in v1.0.2033
type SafeBagData struct {
// contains filtered or unexported fields
}
func NewSafeBagData ¶ added in v1.0.2033
func NewSafeBagData(data []byte, attrs PKCS12Attributes) SafeBagData
func NewSafeBagDataWithAttrs ¶ added in v1.0.2033
func NewSafeBagDataWithAttrs(data []byte, attrs []PKCS12Attribute) SafeBagData
func (SafeBagData) Attributes ¶ added in v1.0.2033
func (this SafeBagData) Attributes() map[string]string
func (SafeBagData) Attrs ¶ added in v1.0.2033
func (this SafeBagData) Attrs() PKCS12Attributes
func (SafeBagData) Data ¶ added in v1.0.2033
func (this SafeBagData) Data() []byte
func (SafeBagData) FriendlyName ¶ added in v1.0.2033
func (this SafeBagData) FriendlyName() string
type TrustStoreData ¶ added in v1.0.2033
TrustStoreData represents an entry in a Java TrustStore.
func NewTrustStoreData ¶ added in v1.0.2033
func NewTrustStoreData(cert *x509.Certificate, friendlyName string) TrustStoreData
type TrustStoreEntry ¶
type TrustStoreEntry struct { Cert *x509.Certificate FriendlyName string }
TrustStoreEntry represents an entry in a Java TrustStore.
type TrustStoreKey ¶ added in v1.0.2031
type TrustStoreKey interface { // Attributes return the PKCS12AttrSet of the safe bag // https://tools.ietf.org/html/rfc7292#section-4.2 Attributes() map[string]string // Cert Cert() *x509.Certificate // FriendlyName return the value of `friendlyName` // attribute if exists, otherwise it will return empty string FriendlyName() string }
func DecodeTrustStoreEntries ¶ added in v1.0.2031
func DecodeTrustStoreEntries(pfxData []byte, password string) (trustStoreKeys []TrustStoreKey, err error)
DecodeTrustStoreEntries extracts the certificates from pfxData, which must be a DER-encoded