Documentation
¶
Index ¶
- func EncryptKey(key crypto.PrivateKey, passphrase string) ([]byte, error)
- func NewRSARootAndChildCerts() (Pair, Pair, error)
- func NewRootAndChildCerts() (Pair, Pair, error)
- type Option
- type Pair
- func GenerateChildCert(name string, ips []net.IP, caPrivKey crypto.PrivateKey, ...) (*tls.Certificate, Pair, error)
- func GenerateGenericChildCert(name string, ips []net.IP, priv crypto.PrivateKey, pub crypto.PublicKey, ...) (*tls.Certificate, Pair, error)
- func GenerateRSAChildCert(name string, ips []net.IP, caPrivKey crypto.PrivateKey, ...) (*tls.Certificate, Pair, error)
- func NewRSARootCA(opts ...Option) (crypto.PrivateKey, *x509.Certificate, Pair, error)
- func NewRootCA(opts ...Option) (crypto.PrivateKey, *x509.Certificate, Pair, error)
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func EncryptKey ¶ added in v0.15.0
func EncryptKey(key crypto.PrivateKey, passphrase string) ([]byte, error)
EncryptKey accepts a *ecdsa.PrivateKey or *rsa.PrivateKey, it encrypts it and returns the encrypted key in PEM format.
func NewRSARootAndChildCerts ¶ added in v0.12.0
NewRSARootAndChildCerts returns an RSA (2048-bit) root CA and a child certificate and their keys for "localhost" and "127.0.0.1".
func NewRootAndChildCerts ¶
NewRootAndChildCerts returns an ECDSA (P-384) root CA and a child certificate and their keys for "localhost" and "127.0.0.1".
Types ¶
type Option ¶ added in v0.13.0
type Option func(opt *configs)
func WithCNPrefix ¶ added in v0.13.0
WithCNPrefix adds cnPrefix as prefix for the CN.
func WithClientCert ¶ added in v0.15.0
WithClientCert generates a client certificate, without any IP or SAN/DNS. It overrides any other IP or name set by other means.
func WithDNSNames ¶ added in v0.13.0
WithDNSNames adds dnsNames to the DNSNames.
type Pair ¶
Pair is a certificate and its private key in PEM format.
func GenerateChildCert ¶
func GenerateChildCert(name string, ips []net.IP, caPrivKey crypto.PrivateKey, caCert *x509.Certificate, opts ...Option) (*tls.Certificate, Pair, error)
GenerateChildCert generates a ECDSA (P-384) x509 Certificate as a child of caCert and returns the following: - the certificate and private key as a tls.Certificate - a Pair with the certificate and its key im PEM format
If any error occurs during the generation process, a non-nil error is returned.
func GenerateGenericChildCert ¶ added in v0.12.1
func GenerateGenericChildCert( name string, ips []net.IP, priv crypto.PrivateKey, pub crypto.PublicKey, caPrivKey crypto.PrivateKey, caCert *x509.Certificate, opts ...Option) (*tls.Certificate, Pair, error)
GenerateGenericChildCert generates a x509 Certificate using priv and pub as the certificate's private and public keys and as a child of caCert. Use this function if you need fine control over keys or ips and certificate name, otherwise prefer GenerateChildCert or NewRootAndChildCerts/NewRSARootAndChildCerts
It returns the following: - the certificate and private key as a tls.Certificate - a Pair with the certificate and its key im PEM format
If any error occurs during the generation process, a non-nil error is returned.
func GenerateRSAChildCert ¶ added in v0.13.0
func GenerateRSAChildCert(name string, ips []net.IP, caPrivKey crypto.PrivateKey, caCert *x509.Certificate, opts ...Option) (*tls.Certificate, Pair, error)
GenerateRSAChildCert generates a RSA with a 2048-bit key x509 Certificate as a child of caCert and returns the following: - the certificate and private key as a tls.Certificate - a Pair with the certificate and its key im PEM format
If any error occurs during the generation process, a non-nil error is returned.
func NewRSARootCA ¶ added in v0.12.0
func NewRSARootCA(opts ...Option) (crypto.PrivateKey, *x509.Certificate, Pair, error)
NewRSARootCA generates a new x509 Certificate using RSA with a 2048-bit key and returns: - the private key - the certificate - the certificate and its key in PEM format as a byte slice.
If any error occurs during the generation process, a non-nil error is returned.
func NewRootCA ¶
func NewRootCA(opts ...Option) (crypto.PrivateKey, *x509.Certificate, Pair, error)
NewRootCA generates a new x509 Certificate using ECDSA P-384 and returns: - the private key - the certificate - the certificate and its key in PEM format as a byte slice.
If any error occurs during the generation process, a non-nil error is returned.
Source Files
Directories