Documentation ¶
Index ¶
- Variables
- func DecryptPEMBlock(block *pem.Block, password []byte) ([]byte, error)
- func Parse(b []byte, opts ...Options) (interface{}, error)
- func ParsePKCS8PrivateKey(der []byte) (key interface{}, err error)
- func ParsePKIXPublicKey(derBytes []byte) (pub interface{}, err error)
- func Read(filename string, opts ...Options) (interface{}, error)
- func ReadCertificate(filename string) (*realx509.Certificate, error)
- func ReadStepCertificate(filename string) (*x509.Certificate, error)
- func Serialize(in interface{}, opts ...func(*pem.Block) error) (*pem.Block, error)
- func ToFile(f string, perm os.FileMode) func(*pem.Block) error
- func WithEncryption(pass []byte) func(*pem.Block) error
- type Options
Constants ¶
This section is empty.
Variables ¶
var DefaultEncCipher = x509.PEMCipherAES256
DefaultEncCipher is the default algorithm used when encrypting sensitive data in the PEM format.
Functions ¶
func DecryptPEMBlock ¶
DecryptPEMBlock takes a password encrypted PEM block and the password used to encrypt it and returns a slice of decrypted DER encoded bytes.
If the PEM blocks has the Proc-Type header set to "4,ENCRYPTED" it uses x509.DecryptPEMBlock to decrypt the block. If not it tries to decrypt the block using AES-128-CBC, AES-192-CBC, AES-256-CBC, DES, or 3DES using the key derived using PBKDF2 over the given password.
func ParsePKCS8PrivateKey ¶
ParsePKCS8PrivateKey parses an unencrypted, PKCS#8 private key. See RFC 5208.
Supported key types include RSA, ECDSA, and Ed25519. Unknown key types result in an error.
On success, key will be of type *rsa.PrivateKey, *ecdsa.PublicKey, or ed25519.PrivateKey.
func ParsePKIXPublicKey ¶
ParsePKIXPublicKey parses a DER encoded public key. These values are typically found in PEM blocks with "BEGIN PUBLIC KEY".
Supported key types include RSA, DSA, ECDSA, and Ed25519. Unknown key types result in an error.
On success, pub will be of type *rsa.PublicKey, *dsa.PublicKey, *ecdsa.PublicKey, or ed25519.PublicKey.
func Read ¶
Read returns the key or certificate encoded in the given PEM file. If the file is encrypted it will ask for a password and it will try to decrypt it.
Supported keys algorithms are RSA and EC. Supported standards for private keys are PKCS#1, PKCS#8, RFC5915 for EC, and base64-encoded DER for certificates and public keys.
func ReadCertificate ¶
func ReadCertificate(filename string) (*realx509.Certificate, error)
ReadCertificate returns a *x509.Certificate from the given filename. It supports certificates formats PEM and DER.
func ReadStepCertificate ¶ added in v0.8.1
func ReadStepCertificate(filename string) (*x509.Certificate, error)
ReadStepCertificate returns a *x509.Certificate from the given filename. It supports certificates formats PEM and DER.
Types ¶
type Options ¶
type Options func(o *context) error
Options is the type to add attributes to the context.
func WithFilename ¶
WithFilename is a method that adds the given filename to the context.
func WithPassword ¶
WithPassword is a method that adds the given password to the context.
func WithPasswordFile ¶ added in v0.8.1
WithPasswordFile is a method that adds the password in a file to the context.
func WithStepCrypto ¶ added in v0.8.1
func WithStepCrypto() Options
WithStepCrypto returns cryptographic primitives of the modified step Crypto library.