Documentation ¶
Overview ¶
Package go-pkcs12 implements some of PKCS#12.
This implementation is distilled from https://tools.ietf.org/html/rfc7292 and referenced documents. It is intended for decoding P12/PFX-stored certificates and keys for use with the crypto/tls package.
Package rc2 implements the RC2 cipher ¶
https://www.ietf.org/rfc/rfc2268.txt http://people.csail.mit.edu/rivest/pubs/KRRR98.pdf
This code is licensed under the MIT license.
Index ¶
- Constants
- Variables
- func Decode(pfxData []byte, password string) (privateKey interface{}, certificate *x509.Certificate, err error)
- func DecodeAll(pfxData []byte, password string) (privateKey interface{}, certificate []*sm2.Certificate, err error)
- func Encode(privateKey interface{}, certificate *sm2.Certificate, ...) (pfxData []byte, err error)
- func MarshalECPrivateKey(key *sm2.PrivateKey) ([]byte, error)
- func MarshalPrivateKey(key *sm2.PrivateKey, oid asn1.ObjectIdentifier) ([]byte, error)
- func New(key []byte, t1 int) (cipher.Block, error)
- func ParsePKCS8PrivateKey(der []byte) (key interface{}, err error)
- func SM2P12Decrypt(fileName string, pwd string) (*sm2.Certificate, *sm2.PrivateKey, error)
- func SM2P12Encrypt(certificate *sm2.Certificate, pwd string, priv *sm2.PrivateKey, ...) error
- func ToPEM(pfxData []byte, password string) ([]*pem.Block, error)
- type NotImplementedError
Constants ¶
const BlockSize = 8
The rc2 block size in bytes
Variables ¶
var ( // ErrDecryption represents a failure to decrypt the input. ErrDecryption = errors.New("go-pkcs12: decryption error, incorrect padding") // ErrIncorrectPassword is returned when an incorrect password is detected. // Usually, P12/PFX data is signed to be able to verify the password. ErrIncorrectPassword = errors.New("go-pkcs12: decryption password incorrect") )
Functions ¶
func Decode ¶
func Decode(pfxData []byte, password string) (privateKey interface{}, certificate *x509.Certificate, err error)
Decode extracts a certificate and private key from pfxData. This function assumes that there is only one certificate and only one private key in the pfxData.
func DecodeAll ¶
func DecodeAll(pfxData []byte, password string) (privateKey interface{}, certificate []*sm2.Certificate, err error)
DecodeAll extracts all certificates and a private key from pfxData.
func Encode ¶
func Encode(privateKey interface{}, certificate *sm2.Certificate, caCerts []*x509.Certificate, password string) (pfxData []byte, err error)
Encode produces pfxData containing one private key, an end-entity certificate, and any number of CA certificates. It emulates the behavior of OpenSSL's PKCS12_create: it creates two SafeContents: one that's encrypted with RC2 and contains the certificates, and another that is unencrypted and contains the private key shrouded with 3DES. The private key bag and the end-entity certificate bag have the LocalKeyId attribute set to the SHA-1 fingerprint of the end-entity certificate.
func MarshalECPrivateKey ¶
func MarshalECPrivateKey(key *sm2.PrivateKey) ([]byte, error)
func MarshalPrivateKey ¶
func MarshalPrivateKey(key *sm2.PrivateKey, oid asn1.ObjectIdentifier) ([]byte, error)
func ParsePKCS8PrivateKey ¶
func SM2P12Decrypt ¶
func SM2P12Decrypt(fileName string, pwd string) (*sm2.Certificate, *sm2.PrivateKey, error)
func SM2P12Encrypt ¶
func SM2P12Encrypt(certificate *sm2.Certificate, pwd string, priv *sm2.PrivateKey, fileName string) error
Types ¶
type NotImplementedError ¶
type NotImplementedError string
NotImplementedError indicates that the input is not currently supported.
func (NotImplementedError) Error ¶
func (e NotImplementedError) Error() string