Documentation ¶
Index ¶
- Constants
- Variables
- func AddCertFlags(cmd *cobra.Command)
- func AddRequestFlags(cmd *cobra.Command)
- func CrossSign(certBytes []byte, rand io.Reader, key crypto.Signer, cacert *x509.Certificate) (string, error)
- func DerToPoint(curve elliptic.Curve, der []byte) (*big.Int, *big.Int)
- func FormatIssuer(cert *x509.Certificate) string
- func FormatPkixName(der []byte, style NameStyle) string
- func FormatSubject(cert *x509.Certificate) string
- func FprintCertificate(w io.Writer, cert *x509.Certificate)
- func GetPublicKeyAlgorithm(key interface{}) x509.PublicKeyAlgorithm
- func HashByName(name string) crypto.Hash
- func HashShortName(hash crypto.Hash) string
- func LoadCertPool(path string, tconf *tls.Config) error
- func MakeCertificate(rand io.Reader, key crypto.Signer) (string, error)
- func MakeRequest(rand io.Reader, key crypto.Signer) (string, error)
- func MakeSerial() *big.Int
- func MarshalDigest(hash crypto.Hash, digest []byte) (der []byte, ok bool)
- func MarshalRSAPSSParameters(pub *rsa.PublicKey, opts *rsa.PSSOptions) (asn1.RawValue, error)
- func PkixAlgorithms(pub crypto.PublicKey, opts crypto.SignerOpts) (digestAlg, sigAlg pkix.AlgorithmIdentifier, err error)
- func PkixDigestAlgorithm(hash crypto.Hash) (alg pkix.AlgorithmIdentifier, ok bool)
- func PkixDigestToHash(alg pkix.AlgorithmIdentifier) (hash crypto.Hash, ok bool)
- func PkixDigestToHashE(alg pkix.AlgorithmIdentifier) (hash crypto.Hash, err error)
- func PkixPublicKeyAlgorithm(pub crypto.PublicKey) (alg pkix.AlgorithmIdentifier, ok bool)
- func PkixVerify(pub crypto.PublicKey, digestAlg, sigAlg pkix.AlgorithmIdentifier, ...) error
- func PointToDer(pub *ecdsa.PublicKey) []byte
- func SameKey(pub1, pub2 interface{}) bool
- func SetKeyLogFile(tconf *tls.Config)
- func SignCSR(csrBytes []byte, rand io.Reader, key crypto.Signer, cacert *x509.Certificate, ...) (string, error)
- func SubjectKeyID(pub crypto.PublicKey) ([]byte, error)
- func SupportedCurves() string
- func ToBMPString(value string) asn1.RawValue
- func UnmarshalRSAPSSParameters(hash crypto.Hash, raw asn1.RawValue) (*rsa.PSSOptions, error)
- func Verify(pub interface{}, hash crypto.Hash, hashed []byte, sig []byte) error
- func X509SignatureAlgorithm(pub crypto.PublicKey) x509.SignatureAlgorithm
- type CurveDefinition
- func CurveByBits(bits uint) (*CurveDefinition, error)
- func CurveByCurve(curve elliptic.Curve) (*CurveDefinition, error)
- func CurveByDer(der []byte) (*CurveDefinition, error)
- func CurveByOid(oid asn1.ObjectIdentifier) (*CurveDefinition, error)
- func CurveByOidString(oidstr string) (*CurveDefinition, error)
- type EcdsaSignature
- type NameStyle
- type UnknownDigestError
Constants ¶
const InvalidName = "<invalid>"
returned by the Format* functions in case there's something cripplingly wrong with it
Variables ¶
var ( // RFC 3279 OidDigestMD5 = asn1.ObjectIdentifier{1, 2, 840, 113549, 2, 5} OidDigestSHA1 = asn1.ObjectIdentifier{1, 3, 14, 3, 2, 26} // RFC 5758 OidDigestSHA224 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 4} OidDigestSHA256 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 1} OidDigestSHA384 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 2} OidDigestSHA512 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 3} )
var ( // RFC 3279 OidPublicKeyRSA = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1} OidPublicKeyDSA = asn1.ObjectIdentifier{1, 2, 840, 10040, 4, 1} OidPublicKeyECDSA = asn1.ObjectIdentifier{1, 2, 840, 10045, 2, 1} // RFC 4055 OidMGF1 = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 8} OidSignatureRSAPSS = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 10} )
var ( ArgCountry string ArgOrganization string ArgOrganizationalUnit string ArgLocality string ArgProvince string ArgCommonName string ArgDNSNames string ArgEmailNames string ArgKeyUsage string ArgExpireDays uint ArgCertAuthority bool ArgSerial string ArgInteractive bool ArgRSAPSS bool )
var DefinedCurves = []CurveDefinition{ {256, elliptic.P256(), asn1.ObjectIdentifier{1, 2, 840, 10045, 3, 1, 7}}, {384, elliptic.P384(), asn1.ObjectIdentifier{1, 3, 132, 0, 34}}, {521, elliptic.P521(), asn1.ObjectIdentifier{1, 3, 132, 0, 35}}, }
var HashNames = map[crypto.Hash]string{ crypto.MD5: "MD5", crypto.SHA1: "SHA1", crypto.SHA224: "SHA-224", crypto.SHA256: "SHA-256", crypto.SHA384: "SHA-384", crypto.SHA512: "SHA-512", }
var HashOids = map[crypto.Hash]asn1.ObjectIdentifier{ crypto.MD5: OidDigestMD5, crypto.SHA1: OidDigestSHA1, crypto.SHA224: OidDigestSHA224, crypto.SHA256: OidDigestSHA256, crypto.SHA384: OidDigestSHA384, crypto.SHA512: OidDigestSHA512, }
Functions ¶
func AddCertFlags ¶
Add flags associated with X509 certificate creation to the given command
func AddRequestFlags ¶
Add flags associated with X509 requests to the given command
func CrossSign ¶
func CrossSign(certBytes []byte, rand io.Reader, key crypto.Signer, cacert *x509.Certificate) (string, error)
CrossSign takes a certificate as input and re-signs it using the given key. Any command-line flags set will override the CSR contents.
func DerToPoint ¶
Decode an ECDSA public key from its DER encoding. Both octet and bitstring encodings are supported.
func FormatIssuer ¶
func FormatIssuer(cert *x509.Certificate) string
Format the certificate issuer name in LDAP style
func FormatPkixName ¶
Format the name (RDN sequence) from its raw DER to a readable style.
func FormatSubject ¶
func FormatSubject(cert *x509.Certificate) string
Format the certificate subject name in LDAP style
func FprintCertificate ¶
func FprintCertificate(w io.Writer, cert *x509.Certificate)
FprintCertificate formats a certificate for display
func GetPublicKeyAlgorithm ¶
func GetPublicKeyAlgorithm(key interface{}) x509.PublicKeyAlgorithm
Determine the type of a public or private key
func HashByName ¶
func HashShortName ¶
func LoadCertPool ¶
Load a certificate pool from a file and set it as the root CA for a TLS config. If path is empty then the system pool will be used. If the filename starts with + then both the system pool and the contents of the file will be used.
func MakeCertificate ¶
Make a self-signed X509 certificate using command-line arguments and return the PEM string
func MakeRequest ¶
Make a X509 certificate request using command-line arguments and return the PEM string
func MarshalDigest ¶
Pack a digest along with an algorithm identifier. Mainly useful for PKCS#1v1.5 padding (RSA).
func MarshalRSAPSSParameters ¶
func PkixAlgorithms ¶
func PkixAlgorithms(pub crypto.PublicKey, opts crypto.SignerOpts) (digestAlg, sigAlg pkix.AlgorithmIdentifier, err error)
Given a public key and signer options, return the appropriate X.509 digest and signature algorithms
func PkixDigestAlgorithm ¶
func PkixDigestAlgorithm(hash crypto.Hash) (alg pkix.AlgorithmIdentifier, ok bool)
Convert a crypto.Hash to a X.509 AlgorithmIdentifier
func PkixDigestToHash ¶
func PkixDigestToHash(alg pkix.AlgorithmIdentifier) (hash crypto.Hash, ok bool)
Convert a X.509 AlgorithmIdentifier to a crypto.Hash
func PkixDigestToHashE ¶
func PkixDigestToHashE(alg pkix.AlgorithmIdentifier) (hash crypto.Hash, err error)
Convert a X.509 AlgorithmIdentifier to a crypto.Hash
func PkixPublicKeyAlgorithm ¶
func PkixPublicKeyAlgorithm(pub crypto.PublicKey) (alg pkix.AlgorithmIdentifier, ok bool)
Convert a crypto.PublicKey to a X.509 AlgorithmIdentifier
func PkixVerify ¶
func PkixVerify(pub crypto.PublicKey, digestAlg, sigAlg pkix.AlgorithmIdentifier, digest, sig []byte) error
Verify a signature using the algorithm specified by the given X.509 AlgorithmIdentifier
func PointToDer ¶
func SameKey ¶
func SameKey(pub1, pub2 interface{}) bool
Test whether two public or private keys have the same public key
func SetKeyLogFile ¶
If the SSLKEYLOGFILE environment variable is set, then open it for appending and write TLS master secrets there in the "NSS Key Log Format". Use this for debugging TLS and HTTP problems with Wireshark.
func SignCSR ¶
func SignCSR(csrBytes []byte, rand io.Reader, key crypto.Signer, cacert *x509.Certificate, copyExtensions bool) (string, error)
SignCSR takes a PKCS#10 signing request in PEM or DER format as input and produces a signed certificate in PEM format. Any command-line flags set will override the CSR contents.
func SubjectKeyID ¶
Calculcate subject key identifier from a public key per RFC 3280
func ToBMPString ¶
func X509SignatureAlgorithm ¶
func X509SignatureAlgorithm(pub crypto.PublicKey) x509.SignatureAlgorithm
Choose a X509 signature algorithm suitable for the specified public key
Types ¶
type CurveDefinition ¶
type CurveDefinition struct { Bits uint Curve elliptic.Curve Oid asn1.ObjectIdentifier }
Predefined named ECDSA curve
func CurveByBits ¶
func CurveByBits(bits uint) (*CurveDefinition, error)
Get a curve by a number of bits
func CurveByCurve ¶
func CurveByCurve(curve elliptic.Curve) (*CurveDefinition, error)
Get a curve by an elliptic.Curve value
func CurveByDer ¶
func CurveByDer(der []byte) (*CurveDefinition, error)
Get a curve by the DER encoding of its OID
func CurveByOid ¶
func CurveByOid(oid asn1.ObjectIdentifier) (*CurveDefinition, error)
Get a curve by its ASN.1 object identifier
func CurveByOidString ¶
func CurveByOidString(oidstr string) (*CurveDefinition, error)
Get a curve by a dotted decimal OID string
func (*CurveDefinition) ToDer ¶
func (def *CurveDefinition) ToDer() []byte
Return the DER encoding of the ASN.1 OID of this named curve
type EcdsaSignature ¶
ASN.1 structure used to encode an ECDSA signature
func UnmarshalEcdsaSignature ¶
func UnmarshalEcdsaSignature(der []byte) (sig EcdsaSignature, err error)
Unpack an ECDSA signature from an ASN.1 DER sequence
func UnpackEcdsaSignature ¶
func UnpackEcdsaSignature(packed []byte) (sig EcdsaSignature, err error)
Unpack an ECDSA signature consisting of two numbers concatenated per IEEE 1363
func (EcdsaSignature) Marshal ¶
func (sig EcdsaSignature) Marshal() []byte
Marshal an ECDSA signature as an ASN.1 structure
func (EcdsaSignature) Pack ¶
func (sig EcdsaSignature) Pack() []byte
Pack an ECDSA signature by concatenating the two numbers per IEEE 1363
type UnknownDigestError ¶
type UnknownDigestError struct {
Algorithm asn1.ObjectIdentifier
}
func (UnknownDigestError) Error ¶
func (e UnknownDigestError) Error() string