pkcs12

package module
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 15, 2020 License: MIT Imports: 19 Imported by: 0

README

Archived Copy

This is a clone of Azure's PKCS#12 implementation in Go, originally from github.com/Azure/go-pkcs12. That project has since been retired, in favor of a PKCS#12 implementation from the Go project itself. However, the official version is read-only, whereas our projects need to generate .p12 files. So we have this (unmaintained, but functional) copy.

Original README content follows.

Package pkcs12

GoDoc

Package pkcs12 provides some Go implementations of PKCS#12.

This implementation is distilled from https://tools.ietf.org/html/rfc7292 and referenced documents. It is intented for decoding P12/PFX-stored certificate+key for use with the crypto/tls package.

Example

p12, err := base64.StdEncoding.DecodeString(`base64-encoded-pfx-file`)
if err != nil {
	panic(err)
}

blocks, err := pkcs12.ConvertToPEM(p12, passwordBytes)
if err != nil {
	panic(err)
}
for i := 0; i < len(passwordBytes); i++ {
	passwordBytes[i] = 0 // clear password data after use
}

pemData := []byte{}
for _, b := range blocks {
	pemData = append(pemData, pem.EncodeToMemory(b)...)
}

// then use PEM data for tls to construct tls certificate:

cert, err := tls.X509KeyPair(pemData, pemData)
if err != nil {
	panic(err)
}

config := tls.Config{
	Certificates: []tls.Certificate{cert},
}

// use tls config for http client

Documentation

Overview

Package pkcs12 provides some implementations of PKCS#12.

This implementation is distilled from https://tools.ietf.org/html/rfc7292 and referenced documents. It is intended for decoding P12/PFX-stored certificate+key for use with the crypto/tls package.

Index

Examples

Constants

View Source 
const (
	TagEndOfContent    = 0x00
	TagBoolean         = 0x01
	TagInteger         = 0x02
	TagBitString       = 0x03
	TagOctetString     = 0x04
	TagNull            = 0x05
	TagOID             = 0x06
	TagUTF8String      = 0x0C
	TagSequence        = 0x10
	TagSet             = 0x11
	TagPrintableString = 0x13
	TagUTCTime         = 0x17

	ClassUniversal       = 0x00
	ClassApplication     = 0x40
	ClassContextSpecific = 0x80
	ClassPrivate         = 0xC0

	TypeConstructed = 0x20
)
View Source 
const (
	CertificateType = "CERTIFICATE"
	PrivateKeyType  = "PRIVATE KEY"
)

PEM block types

Variables

View Source 
var (
	// ErrDecryption represents a failure to decrypt the input.
	ErrDecryption = errors.New("pkcs12: decryption error, incorrect padding")

	// ErrIncorrectPassword is returned when an incorrect password is detected.
	// Usually, P12/PFX data is signed to be able to verify the password.
	ErrIncorrectPassword = errors.New("pkcs12: decryption password incorrect")
)

Functions

func ConvertToPEM 

func ConvertToPEM(pfxData, utf8Password []byte) (blocks []*pem.Block, err error)

ConvertToPEM converts all "safe bags" contained in pfxData to PEM blocks.

Example 
var p12, _ = base64.StdEncoding.DecodeString(`MIIJzgIBAzCCCZQGCS ... CA+gwggPk==`)
blocks, err := ConvertToPEM(p12, []byte("password"))
if err != nil {
	panic(err)
}

pemData := []byte{}
for _, b := range blocks {
	pemData = append(pemData, pem.EncodeToMemory(b)...)
}

// then use PEM data for tls to construct tls certificate:

cert, err := tls.X509KeyPair(pemData, pemData)
if err != nil {
	panic(err)
}

config := tls.Config{
	Certificates: []tls.Certificate{cert},
}

config.BuildNameToCertificate()
for name := range config.NameToCertificate {
	fmt.Println(name)
}

Output:

func Create 

func Create(certificate, privatekey, password []byte, calist [][]byte) ([]byte, error)

func CreateEtc 

func CreateEtc(certificate, privatekey, password []byte, calist [][]byte,
	keyid, certsalt, pkeysalt, macsalt []byte) ([]byte, error)

func Decode 

func Decode(pfxData, utf8Password []byte) (privateKey interface{}, certificate *x509.Certificate, err error)

Decode extracts a certificate and private key from pfxData. This function assumes that there is only one certificate and only one private key in the pfxData.

Types

type AsnItem 

type AsnItem struct {
	// contains filtered or unexported fields
}

func AsnCC 

func AsnCC(n int) *AsnItem

Context-Specific Container

func AsnCCRaw 

func AsnCCRaw(n int, data []byte) *AsnItem

func AsnContainer 

func AsnContainer(_tag int) *AsnItem

func AsnInteger 

func AsnInteger(i int) *AsnItem

func AsnNull 

func AsnNull() *AsnItem

func AsnOID 

func AsnOID(oid []byte) *AsnItem

func AsnOctetString 

func AsnOctetString(data []byte) *AsnItem

func AsnOctetStringContainer 

func AsnOctetStringContainer() *AsnItem

func AsnRaw 

func AsnRaw(_tag int, _data []byte) *AsnItem

func AsnSequence 

func AsnSequence() *AsnItem

func AsnSet 

func AsnSet() *AsnItem

func AsnString 

func AsnString(s string) *AsnItem

type NotImplementedError 

type NotImplementedError string

NotImplementedError indicates that the input is not currently supported.

func (NotImplementedError) Error 

func (e NotImplementedError) Error() string

Source Files

View all Source files

Directories

Path Synopsis
internal
rc2
Package rc2 implements the RC2 cipher https://www.ietf.org/rfc/rfc2268.txt http://people.csail.mit.edu/rivest/pubs/KRRR98.pdf This code is licensed under the MIT license.
 Package rc2 implements the RC2 cipher https://www.ietf.org/rfc/rfc2268.txt http://people.csail.mit.edu/rivest/pubs/KRRR98.pdf This code is licensed under the MIT license.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.