README
¶
keyman 
Easy golang RSA key and certificate management.
API documentation available on godoc.
Build Notes
On Windows, keyman uses a custom executable for importing certificates into the system trust store. This executable is built using Visual Studio from this solution.
The resulting executable is packaged into go using embedbinaries.bash.
Documentation
¶
Overview ¶
Package keyman provides convenience APIs around Go's built-in crypto APIs.
Index ¶
- Constants
- Variables
- func DeleteTrustedRootByName(commonName string, prompt string) error
- func KeyPairFor(host, commonName, pkfile, certfile string) (tls.Certificate, error)
- func PoolContainingCerts(certs ...string) (*x509.CertPool, error)
- func StoredPKAndCert(pkfile string, certfile string, organization string, host string, ...) (*PrivateKey, *Certificate, error)
- type Certificate
- func (cert *Certificate) AddAsTrustedRootIfNeeded(elevatePrompt, installPromptTitle, installPromptContent string, ...) error
- func (cert *Certificate) DER() []byte
- func (cert *Certificate) ExpiresBefore(time time.Time) bool
- func (cert *Certificate) PEMEncoded() (pemBytes []byte)
- func (cert *Certificate) PoolContainingCert() *x509.CertPool
- func (cert *Certificate) WriteToDERFile(filename string) (err error)
- func (cert *Certificate) WriteToFile(filename string) (err error)
- func (cert *Certificate) WriteToTempFile() (name string, err error)
- func (cert *Certificate) X509() *x509.Certificate
- type PrivateKey
- func (key *PrivateKey) Certificate(template *x509.Certificate, issuer *Certificate) (*Certificate, error)
- func (key *PrivateKey) CertificateForKey(template *x509.Certificate, issuer *Certificate, publicKey interface{}) (*Certificate, error)
- func (key *PrivateKey) PEMEncoded() (pemBytes []byte)
- func (key *PrivateKey) RSA() *rsa.PrivateKey
- func (key *PrivateKey) TLSCertificateFor(validUntil time.Time, isCA bool, issuer *Certificate, organization string, ...) (cert *Certificate, err error)
- func (key *PrivateKey) WriteToFile(filename string) (err error)
Constants ¶
const ( PEM_HEADER_PRIVATE_KEY = "RSA PRIVATE KEY" PEM_HEADER_PUBLIC_KEY = "RSA PRIVATE KEY" PEM_HEADER_CERTIFICATE = "CERTIFICATE" )
Variables ¶
var (
FirefoxProfile = os.Getenv("HOME") + "/.mozilla/firefox/*"
)
Functions ¶
func DeleteTrustedRootByName ¶
func KeyPairFor ¶
func KeyPairFor(host, commonName, pkfile, certfile string) (tls.Certificate, error)
KeyPairFor creates a key pair for the given host, pkfile and certfile. If either pkfile or certfile is missing, default files will be created.
func PoolContainingCerts ¶
PoolContainingCerts constructs a CertPool containing all of the given certs (PEM encoded).
func StoredPKAndCert ¶
func StoredPKAndCert(pkfile string, certfile string, organization string, host string, commonName string) (*PrivateKey, *Certificate, error)
StoredPKAndCert returns a PK and certificate for the given host, storing these at the given pkfile and certfile paths and using the stored values on subsequence calls.
Types ¶
type Certificate ¶
type Certificate struct {
// contains filtered or unexported fields
}
Certificate is a convenience wrapper for x509.Certificate
func LoadCertificateFromFile ¶
func LoadCertificateFromFile(filename string) (*Certificate, error)
LoadCertificateFromFile loads a Certificate from a PEM-encoded file
func LoadCertificateFromPEMBytes ¶
func LoadCertificateFromPEMBytes(pemBytes []byte) (*Certificate, error)
LoadCertificateFromPEMBytes loads a Certificate from a byte array in PEM format
func LoadCertificateFromX509 ¶
func LoadCertificateFromX509(cert *x509.Certificate) (*Certificate, error)
LoadCertificateFromX509 loads a Certificate from an x509.Certificate
func (*Certificate) AddAsTrustedRootIfNeeded ¶
func (cert *Certificate) AddAsTrustedRootIfNeeded(elevatePrompt, installPromptTitle, installPromptContent string, installAttempted func(error)) error
AddAsTrustedRootIfNeeded adds the certificate to the user's trust store as a trusted root CA. Supports Chrome and Firefox elevatePrompt, installPromptTitle, installPromptContent are ignored, kept for API compatibility with other platforms If installAttempted is provided it will be called on any attempt to modify system cert store with the resulting error (if any)
func (*Certificate) DER ¶
func (cert *Certificate) DER() []byte
DER returns the der encoded bytes for this Certificate
func (*Certificate) ExpiresBefore ¶
func (cert *Certificate) ExpiresBefore(time time.Time) bool
func (*Certificate) PEMEncoded ¶
func (cert *Certificate) PEMEncoded() (pemBytes []byte)
PEMEncoded encodes the Certificate in PEM
func (*Certificate) PoolContainingCert ¶
func (cert *Certificate) PoolContainingCert() *x509.CertPool
PoolContainingCert creates a pool containing this cert.
func (*Certificate) WriteToDERFile ¶
func (cert *Certificate) WriteToDERFile(filename string) (err error)
WriteToDERFile writes the DER-encoded Certificate to a file.
func (*Certificate) WriteToFile ¶
func (cert *Certificate) WriteToFile(filename string) (err error)
WriteToFile writes the PEM-encoded Certificate to a file.
func (*Certificate) WriteToTempFile ¶
func (cert *Certificate) WriteToTempFile() (name string, err error)
func (*Certificate) X509 ¶
func (cert *Certificate) X509() *x509.Certificate
X509 returns the x509 certificate underlying this Certificate
type PrivateKey ¶
type PrivateKey struct {
// contains filtered or unexported fields
}
PrivateKey is a convenience wrapper for rsa.PrivateKey
func GeneratePK ¶
func GeneratePK(bits int) (key *PrivateKey, err error)
GeneratePK generates a PrivateKey with a specified size in bits.
func LoadPKFromFile ¶
func LoadPKFromFile(filename string) (key *PrivateKey, err error)
LoadPKFromFile loads a PEM-encoded PrivateKey from a file
func LoadPKFromPEMBytes ¶
func LoadPKFromPEMBytes(pemBytes []byte) (key *PrivateKey, err error)
LoadPKFromPEMBytes loads a PEM-encoded PrivateKey from the PEM bytes
func (*PrivateKey) Certificate ¶
func (key *PrivateKey) Certificate(template *x509.Certificate, issuer *Certificate) (*Certificate, error)
Certificate() generates a certificate for the Public Key of the given PrivateKey based on the given template and signed by the given issuer. If issuer is nil, the generated certificate is self-signed.
func (*PrivateKey) CertificateForKey ¶
func (key *PrivateKey) CertificateForKey(template *x509.Certificate, issuer *Certificate, publicKey interface{}) (*Certificate, error)
CertificateForKey() generates a certificate for the given Public Key based on the given template and signed by the given issuer. If issuer is nil, the generated certificate is self-signed.
func (*PrivateKey) PEMEncoded ¶
func (key *PrivateKey) PEMEncoded() (pemBytes []byte)
PEMEncoded encodes the PrivateKey in PEM
func (*PrivateKey) RSA ¶
func (key *PrivateKey) RSA() *rsa.PrivateKey
RSA() returns the RSA key underlying this PrivateKey
func (*PrivateKey) TLSCertificateFor ¶
func (key *PrivateKey) TLSCertificateFor( validUntil time.Time, isCA bool, issuer *Certificate, organization string, commonName string, hosts ...string) (cert *Certificate, err error)
TLSCertificateFor generates a certificate useful for TLS use based on the given parameters. These certs are usable for key encipherment and digital signatures.
validUntil: time at which certificate expires
isCA: whether or not this cert is a CA
issuer: the certificate which is issuing the new cert. If nil, the
new cert will be a self-signed CA certificate.
organization: the org name for the cert.
commonName: used as the common name for the cert.
hosts: used to populate either the DNS names or the IP SANs. If
none specified, defaults to using commonName as a DNS SAN.
func (*PrivateKey) WriteToFile ¶
func (key *PrivateKey) WriteToFile(filename string) (err error)
WriteToFile writes the PEM-encoded PrivateKey to the given file
Source Files
Directories