keyman

package module

v0.0.0-...-4e864ca Latest Latest Go to latest Published: May 3, 2023 License: Apache-2.0 Imports: 16 Imported by: 75

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/getlantern/keyman

Links

Open Source Insights

README ¶

keyman

Easy golang RSA key and certificate management.

API documentation available on godoc.

Build Notes

On Windows, keyman uses a custom executable for importing certificates into the system trust store. This executable is built using Visual Studio from this solution.

The resulting executable is packaged into go using embedbinaries.bash.

Documentation ¶

Rendered for

Overview ¶

Package keyman provides convenience APIs around Go's built-in crypto APIs.

Index ¶

Constants
Variables
func DeleteTrustedRootByName(commonName string, prompt string) error
func KeyPairFor(host, commonName, pkfile, certfile string) (tls.Certificate, error)
func PoolContainingCerts(certs ...string) (*x509.CertPool, error)
func StoredPKAndCert(pkfile string, certfile string, organization string, host string, ...) (*PrivateKey, *Certificate, error)
type Certificate
type PrivateKey

Constants ¶

View Source

const (
	PEM_HEADER_PRIVATE_KEY = "RSA PRIVATE KEY"
	PEM_HEADER_PUBLIC_KEY  = "RSA PRIVATE KEY"
	PEM_HEADER_CERTIFICATE = "CERTIFICATE"
)

Variables ¶

View Source

var (
	FirefoxProfile = os.Getenv("HOME") + "/.mozilla/firefox/*"
)

Functions ¶

func DeleteTrustedRootByName ¶

func DeleteTrustedRootByName(commonName string, prompt string) error

func KeyPairFor ¶

func KeyPairFor(host, commonName, pkfile, certfile string) (tls.Certificate, error)

KeyPairFor creates a key pair for the given host, pkfile and certfile. If either pkfile or certfile is missing, default files will be created.

func PoolContainingCerts ¶

func PoolContainingCerts(certs ...string) (*x509.CertPool, error)

PoolContainingCerts constructs a CertPool containing all of the given certs (PEM encoded).

func StoredPKAndCert ¶

func StoredPKAndCert(pkfile string, certfile string, organization string, host string, commonName string) (*PrivateKey, *Certificate, error)

StoredPKAndCert returns a PK and certificate for the given host, storing these at the given pkfile and certfile paths and using the stored values on subsequence calls.

Types ¶

type Certificate ¶

type Certificate struct {
	// contains filtered or unexported fields
}

Certificate is a convenience wrapper for x509.Certificate

func LoadCertificateFromFile ¶

func LoadCertificateFromFile(filename string) (*Certificate, error)

LoadCertificateFromFile loads a Certificate from a PEM-encoded file

func LoadCertificateFromPEMBytes ¶

func LoadCertificateFromPEMBytes(pemBytes []byte) (*Certificate, error)

LoadCertificateFromPEMBytes loads a Certificate from a byte array in PEM format

func LoadCertificateFromX509 ¶

func LoadCertificateFromX509(cert *x509.Certificate) (*Certificate, error)

LoadCertificateFromX509 loads a Certificate from an x509.Certificate

func (*Certificate) AddAsTrustedRootIfNeeded ¶

func (cert *Certificate) AddAsTrustedRootIfNeeded(elevatePrompt, installPromptTitle, installPromptContent string, installAttempted func(error)) error

AddAsTrustedRootIfNeeded adds the certificate to the user's trust store as a trusted root CA. Supports Chrome and Firefox elevatePrompt, installPromptTitle, installPromptContent are ignored, kept for API compatibility with other platforms If installAttempted is provided it will be called on any attempt to modify system cert store with the resulting error (if any)

func (*Certificate) DER ¶

func (cert *Certificate) DER() []byte

DER returns the der encoded bytes for this Certificate

func (*Certificate) ExpiresBefore ¶

func (cert *Certificate) ExpiresBefore(time time.Time) bool

func (*Certificate) PEMEncoded ¶

func (cert *Certificate) PEMEncoded() (pemBytes []byte)

PEMEncoded encodes the Certificate in PEM

func (*Certificate) PoolContainingCert ¶

func (cert *Certificate) PoolContainingCert() *x509.CertPool

PoolContainingCert creates a pool containing this cert.

func (*Certificate) WriteToDERFile ¶

func (cert *Certificate) WriteToDERFile(filename string) (err error)

WriteToDERFile writes the DER-encoded Certificate to a file.

func (*Certificate) WriteToFile ¶

func (cert *Certificate) WriteToFile(filename string) (err error)

WriteToFile writes the PEM-encoded Certificate to a file.

func (*Certificate) WriteToTempFile ¶

func (cert *Certificate) WriteToTempFile() (name string, err error)

func (*Certificate) X509 ¶

func (cert *Certificate) X509() *x509.Certificate

X509 returns the x509 certificate underlying this Certificate

type PrivateKey ¶

type PrivateKey struct {
	// contains filtered or unexported fields
}

PrivateKey is a convenience wrapper for rsa.PrivateKey

func GeneratePK ¶

func GeneratePK(bits int) (key *PrivateKey, err error)

GeneratePK generates a PrivateKey with a specified size in bits.

func LoadPKFromFile ¶

func LoadPKFromFile(filename string) (key *PrivateKey, err error)

LoadPKFromFile loads a PEM-encoded PrivateKey from a file

func LoadPKFromPEMBytes ¶

func LoadPKFromPEMBytes(pemBytes []byte) (key *PrivateKey, err error)

LoadPKFromPEMBytes loads a PEM-encoded PrivateKey from the PEM bytes

func (*PrivateKey) Certificate ¶

func (key *PrivateKey) Certificate(template *x509.Certificate, issuer *Certificate) (*Certificate, error)

Certificate() generates a certificate for the Public Key of the given PrivateKey based on the given template and signed by the given issuer. If issuer is nil, the generated certificate is self-signed.

func (*PrivateKey) CertificateForKey ¶

func (key *PrivateKey) CertificateForKey(template *x509.Certificate, issuer *Certificate, publicKey interface{}) (*Certificate, error)

CertificateForKey() generates a certificate for the given Public Key based on the given template and signed by the given issuer. If issuer is nil, the generated certificate is self-signed.

func (*PrivateKey) PEMEncoded ¶

func (key *PrivateKey) PEMEncoded() (pemBytes []byte)

PEMEncoded encodes the PrivateKey in PEM

func (*PrivateKey) RSA ¶

func (key *PrivateKey) RSA() *rsa.PrivateKey

RSA() returns the RSA key underlying this PrivateKey

func (*PrivateKey) TLSCertificateFor ¶

func (key *PrivateKey) TLSCertificateFor(
	validUntil time.Time,
	isCA bool,
	issuer *Certificate,
	organization string,
	commonName string,
	hosts ...string) (cert *Certificate, err error)

TLSCertificateFor generates a certificate useful for TLS use based on the given parameters. These certs are usable for key encipherment and digital signatures.

validUntil:   time at which certificate expires
isCA:         whether or not this cert is a CA
issuer:       the certificate which is issuing the new cert.  If nil, the
              new cert will be a self-signed CA certificate.
organization: the org name for the cert.
commonName:   used as the common name for the cert.
hosts:        used to populate either the DNS names or the IP SANs. If
              none specified, defaults to using commonName as a DNS SAN.

func (*PrivateKey) WriteToFile ¶

func (key *PrivateKey) WriteToFile(filename string) (err error)

WriteToFile writes the PEM-encoded PrivateKey to the given file

Source Files ¶

View all Source files

Directories ¶

Path	Synopsis
certimporter
trustdemo

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL