pkcs12

package
v0.0.0-...-6fdec92 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Sep 30, 2019 License: BSD-3-Clause Imports: 17 Imported by: 1

Documentation

Overview

Package pkcs12 implements some of PKCS#12.

This implementation is distilled from https://tools.ietf.org/html/rfc7292 and referenced documents. It is intended for decoding P12/PFX-stored certificates and keys for use with the crypto/tls package.

Index

Examples

Constants

View Source 
const (
	// AlgEncPBKDF2DES3 represents DES3 encryption.
	AlgEncPBKDF2DES3 = Algorithm(1)

	// AlgMacPBKDF2HMACSHA1 represents HMAC-SHA1.
	AlgMacPBKDF2HMACSHA1 = Algorithm(3)
)

Variables

View Source 
var (
	// ErrDecryption represents a failure to decrypt the input.
	ErrDecryption = errors.New("pkcs12: decryption error, incorrect padding")

	// ErrIncorrectPassword is returned when an incorrect password is detected.
	// Usually, P12/PFX data is signed to be able to verify the password.
	ErrIncorrectPassword = errors.New("pkcs12: decryption password incorrect")
)
View Source 
var (

	// OidFriendlyName is the PKCS#9 friendlyName attribute identifier
	OidFriendlyName = asn1.ObjectIdentifier([]int{1, 2, 840, 113549, 1, 9, 20})
	// OidLocalKeyID is the PKCS#9 localKeyID attribute identifier
	OidLocalKeyID = asn1.ObjectIdentifier([]int{1, 2, 840, 113549, 1, 9, 21})
)

Functions

func Decode 

func Decode(pfxData []byte, password string) (privateKey interface{}, certificate *x509.Certificate, err error)

Decode extracts a certificate and private key from pfxData. This function assumes that there is only one certificate and only one private key in the pfxData.

func ToPEM 

func ToPEM(pfxData []byte, password string) ([]*pem.Block, error)

ToPEM converts all "safe bags" contained in pfxData to PEM blocks.

Example 
p12, _ := base64.StdEncoding.DecodeString(`MIIJzgIBAzCCCZQGCS ... CA+gwggPk==`)

blocks, err := ToPEM(p12, "password")
if err != nil {
	panic(err)
}

var pemData []byte
for _, b := range blocks {
	pemData = append(pemData, pem.EncodeToMemory(b)...)
}

// then use PEM data for tls to construct tls certificate:
cert, err := tls.X509KeyPair(pemData, pemData)
if err != nil {
	panic(err)
}

config := &tls.Config{
	Certificates: []tls.Certificate{cert},
}

_ = config

Output:

Types

type Algorithm 

type Algorithm int

Algorithm defines an encryption/MAC algorithm.

type Encoder 

type Encoder struct {
	// Encryption algorithm.
	EncAlgorithm Algorithm

	// Encryption algorithm.
	MacAlgorithm Algorithm

	// PBKDF2 iteration count.
	Iterations int

	// PBKDF2 salt length (bytes).
	SaltLength int

	// bagAttributes SET OF PKCS12Attribute OPTIONAL
	Attributes []pkcs12Attribute
	// contains filtered or unexported fields
}

Encoder is a PKCS#12 encoder.

The caller should:

1. Fill in the parameters. 2. For each safe, call Add*Attribute(), AddKey() and AddCertificate() as desired, then CloseSafe(). 3. Call ClosePfx().

Note that Decode() requires that the PFX contain exactly one key and exactly one certificate, in separate safes.

func NewEncoder 

func NewEncoder() (enc *Encoder)

NewEncoder creates a new encoder with default parameters.

func (*Encoder) AddBinaryAttribute 

func (enc *Encoder) AddBinaryAttribute(oid asn1.ObjectIdentifier, value []byte) (err error)

AddBinaryAttribute adds an octet string attribute to the next entry in this safe.

The attribute will apply to the next certificate or key added with AddCertificate() or AddKey().

func (*Encoder) AddCertificate 

func (enc *Encoder) AddCertificate(x509Certificates []byte) (err error)

AddCertificate adds a certificate to the current SafeContents.

func (*Encoder) AddKey 

func (enc *Encoder) AddKey(password string, encrypt bool, privateKey interface{}) (err error)

AddKey adds a key to the current SafeContents.

The key will be encrypted using the password. (Unencrypted private keys are not currently supported.)

func (*Encoder) AddStringAttribute 

func (enc *Encoder) AddStringAttribute(oid asn1.ObjectIdentifier, value string) (err error)

AddStringAttribute adds a BMPString attribute to the next entry in this safe.

The attribute will apply to the next certificate or key added with AddCertificate() or AddKey().

func (*Encoder) ClosePfx 

func (enc *Encoder) ClosePfx(password string, mac bool) (p12data []byte, err error)

ClosePfx finalizes a PFX and return the resulting byte string.

The PFX will be MACed using the password. Unverified PFXs are not supported.

func (*Encoder) CloseSafe 

func (enc *Encoder) CloseSafe(password string, encrypt bool) (err error)

CloseSafe finalizes a SafeContents.

If encrypt==true then the SafeContents will be encrypted using the password.

type NotImplementedError 

type NotImplementedError string

NotImplementedError indicates that the input is not currently supported.

func (NotImplementedError) Error 

func (e NotImplementedError) Error() string

Source Files

View all Source files

Directories

Path Synopsis
cmd
gopkcs12
internal
rc2
Package rc2 implements the RC2 cipher https://www.ietf.org/rfc/rfc2268.txt http://people.csail.mit.edu/rivest/pubs/KRRR98.pdf This code is licensed under the MIT license.
 Package rc2 implements the RC2 cipher https://www.ietf.org/rfc/rfc2268.txt http://people.csail.mit.edu/rivest/pubs/KRRR98.pdf This code is licensed under the MIT license.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.