keystore

package module
v3.1.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 26, 2020 License: MIT Imports: 12 Imported by: 0

README

Keystore

A go (golang) implementation of Java KeyStore encoder/decoder

Take into account that JKS assumes that private keys are PKCS8 encoded.

Example
package main

import (
	"log"
	"os"
	"reflect"
	
	"github.com/pavel-v-chernykh/keystore-go/v3"
)

func readKeyStore(filename string, password []byte) keystore.KeyStore {
	f, err := os.Open(filename)
	if err != nil {
		log.Fatal(err)
	}
	defer f.Close()
	keyStore, err := keystore.Decode(f, password)
	if err != nil {
		log.Fatal(err)
	}
	return keyStore
}

func writeKeyStore(keyStore keystore.KeyStore, filename string, password []byte) {
	o, err := os.Create(filename)
	if err != nil {
		log.Fatal(err)
	}
	defer o.Close()
	err = keystore.Encode(o, keyStore, password)
	if err != nil {
		log.Fatal(err)
	}
}

func zeroing(s []byte) {
	for i := 0; i < len(s); i++ {
		s[i] = 0
	}
}

func main() {
	password := []byte{'p', 'a', 's', 's', 'w', 'o', 'r', 'd'}
	defer zeroing(password)
	ks1 := readKeyStore("keystore.jks", password)

	writeKeyStore(ks1, "keystore2.jks", password)

	ks2 := readKeyStore("keystore2.jks", password)

	log.Printf("Is equal: %v\n", reflect.DeepEqual(ks1, ks2))
}

For more examples explore examples dir

Development

  1. Install go
  2. Install golangci-lint
  3. Clone the repo git clone git@github.com:pavel-v-chernykh/keystore-go.git
  4. Go to the project dir cd keystore-go
  5. Run make to format, test and lint

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Encode

func Encode(w io.Writer, ks KeyStore, password []byte) error

Encode encrypts and signs keystore using password and writes its representation into w It is strongly recommended to fill password slice with zero after usage.

func EncodeWithRand

func EncodeWithRand(rand io.Reader, w io.Writer, ks KeyStore, password []byte) error

Encode encrypts and signs keystore using password and writes its representation into w Random bytes are read from rand, which must be a cryptographically secure source of randomness It is strongly recommended to fill password slice with zero after usage.

Types

type Certificate

type Certificate struct {
	Type    string
	Content []byte
}

Certificate describes type of certificate.

type Entry

type Entry struct {
	CreationTime time.Time
}

Entry is a basis of entries types supported by keystore.

type KeyPassword added in v3.1.0

type KeyPassword struct {
	Alias    string
	Password []byte
}

type KeyStore

type KeyStore map[string]interface{}

KeyStore is a mapping of alias to pointer to PrivateKeyEntry or TrustedCertificateEntry.

func Decode

func Decode(r io.Reader, storePassword []byte, keysPasswords ...KeyPassword) (KeyStore, error)

Decode reads keystore representation from r then decrypts and check signature using password. It is strongly recommended to fill password slice with zero after usage. keysPasswords can be used to decrypt private key entries with passwords other then storePassword.

type PrivateKeyEntry

type PrivateKeyEntry struct {
	Entry
	PrivateKey       []byte
	CertificateChain []Certificate
}

PrivateKeyEntry is an entry for private keys and associated certificates.

type TrustedCertificateEntry

type TrustedCertificateEntry struct {
	Entry
	Certificate Certificate
}

TrustedCertificateEntry is an entry for certificates only.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL