pkcs12

package module
v0.0.0-...-4ca5c57 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 11, 2019 License: MIT Imports: 18 Imported by: 0

README

Introduce

This package code is derived from github.com/AGWA-forks/golang-crypto , and moved to be a independent package for PKCS12 encode and decode!

Demo

package main

import (
	"io/ioutil"
	"log"
	"strconv"

	"github.com/lotus-wu/go-pkcs12"
)

func main() {
	pfxData, _ := ioutil.ReadFile("a.p12")
	pv, cer, err := pkcs12.DecodeAll(pfxData, "123456")
	if err != nil {
		log.Println(err)
		return
	}
	log.Println(pv)
	log.Println(cer)

	id := int64(0)
	for _, v := range cer {
		filename := "test" + strconv.FormatInt(id, 10) + ".cer"
		ioutil.WriteFile(filename, v.Raw, 0666)
		id += 1
	}

	pfxDataNew, _ := pkcs12.Encode(pv, cer[0], cer[1:], "123456")
	ioutil.WriteFile("1.p12", pfxDataNew, 0666)
}

Documentation

Overview

Package pkcs12 implements some of PKCS#12.

This implementation is distilled from https://tools.ietf.org/html/rfc7292 and referenced documents. It is intended for decoding P12/PFX-stored certificates and keys for use with the crypto/tls package.

Package rc2 implements the RC2 cipher

https://www.ietf.org/rfc/rfc2268.txt http://people.csail.mit.edu/rivest/pubs/KRRR98.pdf

This code is licensed under the MIT license.

Index

Examples

Constants

View Source
const BlockSize = 8

The rc2 block size in bytes

Variables

View Source
var (
	// ErrDecryption represents a failure to decrypt the input.
	ErrDecryption = errors.New("pkcs12: decryption error, incorrect padding")

	// ErrIncorrectPassword is returned when an incorrect password is detected.
	// Usually, P12/PFX data is signed to be able to verify the password.
	ErrIncorrectPassword = errors.New("pkcs12: decryption password incorrect")
)

Functions

func Decode

func Decode(pfxData []byte, password string) (privateKey interface{}, certificate *x509.Certificate, err error)

Decode extracts a certificate and private key from pfxData. This function assumes that there is only one certificate and only one private key in the pfxData.

func DecodeAll

func DecodeAll(pfxData []byte, password string) (privateKey interface{}, certificate []*x509.Certificate, err error)

DecodeAll extracts all certificates and a private key from pfxData.

func Encode

func Encode(privateKey interface{}, certificate *x509.Certificate, caCerts []*x509.Certificate, password string) (pfxData []byte, err error)

Encode produces pfxData containing one private key, an end-entity certificate, and any number of CA certificates. It emulates the behavior of OpenSSL's PKCS12_create: it creates two SafeContents: one that's encrypted with RC2 and contains the certificates, and another that is unencrypted and contains the private key shrouded with 3DES. The private key bag and the end-entity certificate bag have the LocalKeyId attribute set to the SHA-1 fingerprint of the end-entity certificate.

func New

func New(key []byte, t1 int) (cipher.Block, error)

New returns a new rc2 cipher with the given key and effective key length t1

func ToPEM

func ToPEM(pfxData []byte, password string) ([]*pem.Block, error)

ConvertToPEM converts all "safe bags" contained in pfxData to PEM blocks.

Example
p12, _ := base64.StdEncoding.DecodeString(`MIIJzgIBAzCCCZQGCS ... CA+gwggPk==`)

blocks, err := ToPEM(p12, "password")
if err != nil {
	panic(err)
}

var pemData []byte
for _, b := range blocks {
	pemData = append(pemData, pem.EncodeToMemory(b)...)
}

// then use PEM data for tls to construct tls certificate:
cert, err := tls.X509KeyPair(pemData, pemData)
if err != nil {
	panic(err)
}

config := &tls.Config{
	Certificates: []tls.Certificate{cert},
}

_ = config
Output:

Types

type NotImplementedError

type NotImplementedError string

NotImplementedError indicates that the input is not currently supported.

func (NotImplementedError) Error

func (e NotImplementedError) Error() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL