keystore

package module
v3.0.2-nomod+incompatible Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 26, 2020 License: MIT Imports: 12 Imported by: 0

README

Keystore

A go (golang) implementation of Java KeyStore encoder/decoder

Take into account that JKS assumes that private keys are PKCS8 encoded.

Example
package main

import (
	"log"
	"os"
	"reflect"
	
	"github.com/pavel-v-chernykh/keystore-go"
)

func readKeyStore(filename string, password []byte) keystore.KeyStore {
	f, err := os.Open(filename)
	if err != nil {
		log.Fatal(err)
	}
	defer f.Close()
	keyStore, err := keystore.Decode(f, password)
	if err != nil {
		log.Fatal(err)
	}
	return keyStore
}

func writeKeyStore(keyStore keystore.KeyStore, filename string, password []byte) {
	o, err := os.Create(filename)
	if err != nil {
		log.Fatal(err)
	}
	defer o.Close()
	err = keystore.Encode(o, keyStore, password)
	if err != nil {
		log.Fatal(err)
	}
}

func zeroing(s []byte) {
	for i := 0; i < len(s); i++ {
		s[i] = 0
	}
}

func main() {
	password := []byte{'p', 'a', 's', 's', 'w', 'o', 'r', 'd'}
	defer zeroing(password)
	ks1 := readKeyStore("keystore.jks", password)

	writeKeyStore(ks1, "keystore2.jks", password)

	ks2 := readKeyStore("keystore2.jks", password)

	log.Printf("Is equal: %v\n", reflect.DeepEqual(ks1, ks2))
}

For more examples explore examples dir

Development

  1. Install go
  2. Install golangci-lint
  3. Clone the repo git clone git@github.com:pavel-v-chernykh/keystore-go.git
  4. Go to the project dir cd keystore-go
  5. Run make to format, test and lint

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Encode

func Encode(w io.Writer, ks KeyStore, password []byte) error

Encode encrypts and signs keystore using password and writes its representation into w It is strongly recommended to fill password slice with zero after usage.

func EncodeWithRand

func EncodeWithRand(rand io.Reader, w io.Writer, ks KeyStore, password []byte) error

Encode encrypts and signs keystore using password and writes its representation into w Random bytes are read from rand, which must be a cryptographically secure source of randomness It is strongly recommended to fill password slice with zero after usage.

Types

type Certificate

type Certificate struct {
	Type    string
	Content []byte
}

Certificate describes type of certificate.

type Entry

type Entry struct {
	CreationTime time.Time
}

Entry is a basis of entries types supported by keystore.

type KeyStore

type KeyStore map[string]interface{}

KeyStore is a mapping of alias to pointer to PrivateKeyEntry or TrustedCertificateEntry.

func Decode

func Decode(r io.Reader, password []byte) (KeyStore, error)

Decode reads keystore representation from r then decrypts and check signature using password It is strongly recommended to fill password slice with zero after usage.

type PrivateKeyEntry

type PrivateKeyEntry struct {
	Entry
	PrivateKey       []byte
	CertificateChain []Certificate
}

PrivateKeyEntry is an entry for private keys and associated certificates.

type TrustedCertificateEntry

type TrustedCertificateEntry struct {
	Entry
	Certificate Certificate
}

TrustedCertificateEntry is an entry for certificates only.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL