x509tools

package
v7.6.2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 5, 2024 License: Apache-2.0 Imports: 27 Imported by: 7

Documentation

Index

Constants

View Source
const InvalidName = "<invalid>"

returned by the Format* functions in case there's something cripplingly wrong with it

Variables

View Source
var (
	// RFC 3279
	OidDigestMD5  = asn1.ObjectIdentifier{1, 2, 840, 113549, 2, 5}
	OidDigestSHA1 = asn1.ObjectIdentifier{1, 3, 14, 3, 2, 26}
	// RFC 5758
	OidDigestSHA224 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 4}
	OidDigestSHA256 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 1}
	OidDigestSHA384 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 2}
	OidDigestSHA512 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 3}
)
View Source
var (
	// RFC 3279
	OidPublicKeyRSA   = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1}
	OidPublicKeyDSA   = asn1.ObjectIdentifier{1, 2, 840, 10040, 4, 1}
	OidPublicKeyECDSA = asn1.ObjectIdentifier{1, 2, 840, 10045, 2, 1}

	// RFC 4055
	OidMGF1            = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 8}
	OidSignatureRSAPSS = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 10}
)
View Source
var (
	ArgCountry            string
	ArgOrganization       string
	ArgOrganizationalUnit string
	ArgLocality           string
	ArgProvince           string
	ArgCommonName         string
	ArgDNSNames           string
	ArgEmailNames         string
	ArgKeyUsage           string
	ArgExpireDays         uint
	ArgCertAuthority      bool
	ArgSerial             string
	ArgInteractive        bool
	ArgRSAPSS             bool
)
View Source
var DefinedCurves = []CurveDefinition{
	{256, elliptic.P256(), asn1.ObjectIdentifier{1, 2, 840, 10045, 3, 1, 7}},
	{384, elliptic.P384(), asn1.ObjectIdentifier{1, 3, 132, 0, 34}},
	{521, elliptic.P521(), asn1.ObjectIdentifier{1, 3, 132, 0, 35}},
}
View Source
var HashNames = map[crypto.Hash]string{
	crypto.MD5:    "MD5",
	crypto.SHA1:   "SHA1",
	crypto.SHA224: "SHA-224",
	crypto.SHA256: "SHA-256",
	crypto.SHA384: "SHA-384",
	crypto.SHA512: "SHA-512",
}

Functions

func AddCertFlags

func AddCertFlags(cmd *cobra.Command)

Add flags associated with X509 certificate creation to the given command

func AddRequestFlags

func AddRequestFlags(cmd *cobra.Command)

Add flags associated with X509 requests to the given command

func CrossSign

func CrossSign(certBytes []byte, rand io.Reader, key crypto.Signer, cacert *x509.Certificate) (string, error)

CrossSign takes a certificate as input and re-signs it using the given key. Any command-line flags set will override the CSR contents.

func DerToPoint

func DerToPoint(curve elliptic.Curve, der []byte) (*big.Int, *big.Int)

Decode an ECDSA public key from its DER encoding. Both octet and bitstring encodings are supported.

func FormatIssuer

func FormatIssuer(cert *x509.Certificate) string

Format the certificate issuer name in LDAP style

func FormatPkixName

func FormatPkixName(der []byte, style NameStyle) string

Format the name (RDN sequence) from its raw DER to a readable style.

func FormatSubject

func FormatSubject(cert *x509.Certificate) string

Format the certificate subject name in LDAP style

func FprintCertificate

func FprintCertificate(w io.Writer, cert *x509.Certificate)

FprintCertificate formats a certificate for display

func GetPublicKeyAlgorithm

func GetPublicKeyAlgorithm(key interface{}) x509.PublicKeyAlgorithm

Determine the type of a public or private key

func HashByName

func HashByName(name string) crypto.Hash

func HashShortName

func HashShortName(hash crypto.Hash) string

func LoadCertPool

func LoadCertPool(path string, tconf *tls.Config) error

Load a certificate pool from a file and set it as the root CA for a TLS config. If path is empty then the system pool will be used. If the filename starts with + then both the system pool and the contents of the file will be used.

func MakeCertificate

func MakeCertificate(rand io.Reader, key crypto.Signer) (string, error)

Make a self-signed X509 certificate using command-line arguments and return the PEM string

func MakeRequest

func MakeRequest(rand io.Reader, key crypto.Signer) (string, error)

Make a X509 certificate request using command-line arguments and return the PEM string

func MakeSerial

func MakeSerial() *big.Int

Make a random 12 byte big.Int

func MarshalDigest

func MarshalDigest(hash crypto.Hash, digest []byte) (der []byte, ok bool)

Pack a digest along with an algorithm identifier. Mainly useful for PKCS#1v1.5 padding (RSA).

func MarshalRSAPSSParameters

func MarshalRSAPSSParameters(pub *rsa.PublicKey, opts *rsa.PSSOptions) (asn1.RawValue, error)

func PkixAlgorithms

func PkixAlgorithms(pub crypto.PublicKey, opts crypto.SignerOpts) (digestAlg, sigAlg pkix.AlgorithmIdentifier, err error)

Given a public key and signer options, return the appropriate X.509 digest and signature algorithms

func PkixDigestAlgorithm

func PkixDigestAlgorithm(hash crypto.Hash) (alg pkix.AlgorithmIdentifier, ok bool)

Convert a crypto.Hash to a X.509 AlgorithmIdentifier

func PkixDigestToHash

func PkixDigestToHash(alg pkix.AlgorithmIdentifier) (hash crypto.Hash, ok bool)

Convert a X.509 AlgorithmIdentifier to a crypto.Hash

func PkixDigestToHashE

func PkixDigestToHashE(alg pkix.AlgorithmIdentifier) (hash crypto.Hash, err error)

Convert a X.509 AlgorithmIdentifier to a crypto.Hash

func PkixPublicKeyAlgorithm

func PkixPublicKeyAlgorithm(pub crypto.PublicKey) (alg pkix.AlgorithmIdentifier, ok bool)

Convert a crypto.PublicKey to a X.509 AlgorithmIdentifier

func PkixVerify

func PkixVerify(pub crypto.PublicKey, digestAlg, sigAlg pkix.AlgorithmIdentifier, digest, sig []byte) error

Verify a signature using the algorithm specified by the given X.509 AlgorithmIdentifier

func PointToDer

func PointToDer(pub *ecdsa.PublicKey) []byte

func SameKey

func SameKey(pub1, pub2 interface{}) bool

Test whether two public or private keys have the same public key

func SetKeyLogFile

func SetKeyLogFile(tconf *tls.Config)

If the SSLKEYLOGFILE environment variable is set, then open it for appending and write TLS master secrets there in the "NSS Key Log Format". Use this for debugging TLS and HTTP problems with Wireshark.

func SignCSR

func SignCSR(csrBytes []byte, rand io.Reader, key crypto.Signer, cacert *x509.Certificate, copyExtensions bool) (string, error)

SignCSR takes a PKCS#10 signing request in PEM or DER format as input and produces a signed certificate in PEM format. Any command-line flags set will override the CSR contents.

func SubjectKeyID

func SubjectKeyID(pub crypto.PublicKey) ([]byte, error)

Calculcate subject key identifier from a public key per RFC 3280

func SupportedCurves

func SupportedCurves() string

Return the names of all supported ECDSA curves

func ToBMPString

func ToBMPString(value string) asn1.RawValue

func UnmarshalRSAPSSParameters

func UnmarshalRSAPSSParameters(hash crypto.Hash, raw asn1.RawValue) (*rsa.PSSOptions, error)

func Verify

func Verify(pub interface{}, hash crypto.Hash, hashed []byte, sig []byte) error

Verify an RSA or ECDSA signature

func X509SignatureAlgorithm

func X509SignatureAlgorithm(pub crypto.PublicKey) x509.SignatureAlgorithm

Choose a X509 signature algorithm suitable for the specified public key

Types

type CurveDefinition

type CurveDefinition struct {
	Bits  uint
	Curve elliptic.Curve
	Oid   asn1.ObjectIdentifier
}

Predefined named ECDSA curve

func CurveByBits

func CurveByBits(bits uint) (*CurveDefinition, error)

Get a curve by a number of bits

func CurveByCurve

func CurveByCurve(curve elliptic.Curve) (*CurveDefinition, error)

Get a curve by an elliptic.Curve value

func CurveByDer

func CurveByDer(der []byte) (*CurveDefinition, error)

Get a curve by the DER encoding of its OID

func CurveByOid

func CurveByOid(oid asn1.ObjectIdentifier) (*CurveDefinition, error)

Get a curve by its ASN.1 object identifier

func CurveByOidString

func CurveByOidString(oidstr string) (*CurveDefinition, error)

Get a curve by a dotted decimal OID string

func (*CurveDefinition) ToDer

func (def *CurveDefinition) ToDer() []byte

Return the DER encoding of the ASN.1 OID of this named curve

type EcdsaSignature

type EcdsaSignature struct {
	R, S *big.Int
}

ASN.1 structure used to encode an ECDSA signature

func UnmarshalEcdsaSignature

func UnmarshalEcdsaSignature(der []byte) (sig EcdsaSignature, err error)

Unpack an ECDSA signature from an ASN.1 DER sequence

func UnpackEcdsaSignature

func UnpackEcdsaSignature(packed []byte) (sig EcdsaSignature, err error)

Unpack an ECDSA signature consisting of two numbers concatenated per IEEE 1363

func (EcdsaSignature) Marshal

func (sig EcdsaSignature) Marshal() []byte

Marshal an ECDSA signature as an ASN.1 structure

func (EcdsaSignature) Pack

func (sig EcdsaSignature) Pack() []byte

Pack an ECDSA signature by concatenating the two numbers per IEEE 1363

type NameStyle

type NameStyle int
const (
	NameStyleOpenSsl NameStyle = iota
	NameStyleLdap
	NameStyleMsOsco
)

type UnknownDigestError

type UnknownDigestError struct {
	Algorithm asn1.ObjectIdentifier
}

func (UnknownDigestError) Error

func (e UnknownDigestError) Error() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL