pemutil

package
v0.22.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Nov 8, 2022 License: Apache-2.0 Imports: 31 Imported by: 0

Documentation

Index

Constants

View Source
const PBKDF2Iterations = 100000

PBKDF2Iterations is the default number of iterations for PBKDF2, 100k iterations. Nist recommends at least 10k, 1Passsword uses 100k.

View Source
const PBKDF2SaltSize = 16

PBKDF2SaltSize is the default size of the salt for PBKDF2, 128-bit salt.

Variables

View Source
var DefaultEncCipher = x509.PEMCipherAES256

DefaultEncCipher is the default algorithm used when encrypting sensitive data in the PEM format.

Functions

func DecryptPEMBlock

func DecryptPEMBlock(block *pem.Block, password []byte) ([]byte, error)

DecryptPEMBlock takes a password encrypted PEM block and the password used to encrypt it and returns a slice of decrypted DER encoded bytes.

If the PEM blocks has the Proc-Type header set to "4,ENCRYPTED" it uses x509.DecryptPEMBlock to decrypt the block. If not it tries to decrypt the block using AES-128-CBC, AES-192-CBC, AES-256-CBC, DES, or 3DES using the key derived using PBKDF2 over the given password.

func DecryptPKCS8PrivateKey added in v0.8.3

func DecryptPKCS8PrivateKey(data, password []byte) ([]byte, error)

DecryptPKCS8PrivateKey takes a password encrypted private key using the PKCS#8 encoding and returns the decrypted data in PKCS#8 form.

It supports AES-128-CBC, AES-192-CBC, AES-256-CBC, DES, or 3DES encrypted data using the key derived with PBKDF2 over the given password.

func EncryptPKCS8PrivateKey added in v0.8.3

func EncryptPKCS8PrivateKey(rand io.Reader, data, password []byte, alg x509.PEMCipher) (*pem.Block, error)

EncryptPKCS8PrivateKey returns a PEM block holding the given PKCS#8 encroded private key, encrypted with the specified algorithm and a PBKDF2 derived key from the given password.

func MarshalPKCS8PrivateKey added in v0.8.3

func MarshalPKCS8PrivateKey(key interface{}) ([]byte, error)

MarshalPKCS8PrivateKey converts a private key to PKCS#8 encoded form. The following key types are supported: *rsa.PrivateKey, *ecdsa.PublicKey, ed25519.PrivateKey. Unsupported key types result in an error.

func MarshalPKIXPublicKey added in v0.8.3

func MarshalPKIXPublicKey(pub interface{}) ([]byte, error)

MarshalPKIXPublicKey serializes a public key to DER-encoded PKIX format. The following key types are supported: *rsa.PublicKey, *ecdsa.PublicKey, ed25519.Publickey. Unsupported key types result in an error.

func Parse

func Parse(b []byte, opts ...Options) (interface{}, error)

Parse returns the key or certificate PEM-encoded in the given bytes.

func ParseDER added in v0.8.3

func ParseDER(b []byte) (interface{}, error)

ParseDER parses the given DER-encoded bytes and results the public or private key encoded.

func ParseKey added in v0.8.4

func ParseKey(b []byte, opts ...Options) (interface{}, error)

ParseKey returns the key or the public key of a certificate or certificate signing request in the given PEM-encoded bytes.

func ParseOpenSSHPrivateKey added in v0.14.0

func ParseOpenSSHPrivateKey(key []byte, opts ...Options) (crypto.PrivateKey, error)

ParseOpenSSHPrivateKey parses a private key in OpenSSH PEM format.

Implemented based on the documentation at https://github.com/openssh/openssh-portable/blob/master/PROTOCOL.key

This method is based on the implementation at https://github.com/golang/crypto/blob/master/ssh/keys.go

func ParsePKCS8PrivateKey

func ParsePKCS8PrivateKey(der []byte) (key interface{}, err error)

ParsePKCS8PrivateKey parses an unencrypted, PKCS#8 private key. See RFC 5208.

Supported key types include RSA, ECDSA, and Ed25519. Unknown key types result in an error.

On success, key will be of type *rsa.PrivateKey, *ecdsa.PublicKey, or ed25519.PrivateKey.

func ParsePKIXPublicKey

func ParsePKIXPublicKey(derBytes []byte) (pub interface{}, err error)

ParsePKIXPublicKey parses a DER encoded public key. These values are typically found in PEM blocks with "BEGIN PUBLIC KEY".

Supported key types include RSA, DSA, ECDSA, and Ed25519. Unknown key types result in an error.

On success, pub will be of type *rsa.PublicKey, *dsa.PublicKey, *ecdsa.PublicKey, or ed25519.PublicKey.

func ParseSSH added in v0.12.0

func ParseSSH(b []byte) (interface{}, error)

ParseSSH parses parses a public key from an authorized_keys file used in OpenSSH according to the sshd(8) manual page.

func Read

func Read(filename string, opts ...Options) (interface{}, error)

Read returns the key or certificate encoded in the given PEM file. If the file is encrypted it will ask for a password and it will try to decrypt it.

Supported keys algorithms are RSA and EC. Supported standards for private keys are PKCS#1, PKCS#8, RFC5915 for EC, and base64-encoded DER for certificates and public keys.

func ReadCertificate

func ReadCertificate(filename string, opts ...Options) (*x509.Certificate, error)

ReadCertificate returns a *x509.Certificate from the given filename. It supports certificates formats PEM and DER.

func ReadCertificateBundle added in v0.9.0

func ReadCertificateBundle(filename string) ([]*x509.Certificate, error)

ReadCertificateBundle returns a list of *x509.Certificate from the given filename. It supports certificates formats PEM and DER. If a DER-formatted file is given only one certificate will be returned.

func Serialize

func Serialize(in interface{}, opts ...Options) (*pem.Block, error)

Serialize will serialize the input to a PEM formatted block and apply modifiers.

func SerializeOpenSSHPrivateKey added in v0.14.0

func SerializeOpenSSHPrivateKey(key crypto.PrivateKey, opts ...Options) (*pem.Block, error)

SerializeOpenSSHPrivateKey serialize a private key in the OpenSSH PEM format.

Types

type Options

type Options func(o *context) error

Options is the type to add attributes to the context.

func ToFile

func ToFile(name string, perm os.FileMode) Options

ToFile is a method that adds the given filename and permissions to the context. It is used in the Serialize to store PEM in disk.

func WithComment added in v0.14.0

func WithComment(comment string) Options

WithComment is an option used in the Serialize method to add a comment in the OpenSSH private keys. WithOpenSSH must be set to true too.

func WithFilename

func WithFilename(name string) Options

WithFilename is a method that adds the given filename to the context.

func WithFirstBlock added in v0.8.4

func WithFirstBlock() Options

WithFirstBlock will avoid failing if a PEM contains more than one block or certificate and it will only look at the first.

func WithOpenSSH added in v0.14.0

func WithOpenSSH(v bool) Options

WithOpenSSH is an option used in the Serialize method to use OpenSSH encoding form on the private keys. With v set to false default form will be used.

func WithPKCS8 added in v0.8.3

func WithPKCS8(v bool) Options

WithPKCS8 with v set to true returns an option used in the Serialize method to use the PKCS#8 encoding form on the private keys. With v set to false default form will be used.

func WithPassword

func WithPassword(pass []byte) Options

WithPassword is a method that adds the given password to the context.

func WithPasswordFile added in v0.8.1

func WithPasswordFile(filename string) Options

WithPasswordFile is a method that adds the password in a file to the context.

func WithPasswordPrompt added in v0.8.3

func WithPasswordPrompt(prompt string) Options

WithPasswordPrompt ask the user for a password and adds it to the context.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL