README
¶
badssl
A library for simplified certificate generation that is probably wrong, dirty, or just plain bad.
model
This package models an (understandably) un(der)used TLS/SSL system where there are no intermediate authorities. There are no certificate chains. There is only an authority and its immediate children.
disclaimer
This package is intended to be used for testing, experimentation and development. I do not know enough about TLS/SSL best practices, or the Go crypto/x509 package to write a package that provides secure TLS/SSL facilities. In short: unless I discover otherwise, this package is considered insecure.
Documentation
¶
Index ¶
Constants ¶
const RSAKeyBits = 2048
RSAKeyBits is the number of bits setting used for generating keys. It is exposed for reference.
const ( // RootCAKeyUsage is the key usage setting used for creating the root // certificate authority. It is exposed for reference. RootCAKeyUsage = x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign )
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Authority ¶
type Authority interface {
Certificate
// NewCert creates a new certificate that is signed by Authority.
NewCert(*PrivateKey, CertOptions) (Certificate, error)
}
Authority is an interface that represents a certificate authority. It extends the Certificate interface with the ability to create child certificates.
func NewAuthority ¶
func NewAuthority(k *PrivateKey, o CertOptions) (a Authority, err error)
NewAuthority generates a new (root) certificate authority with private key k and configuration options o. If k is nil, a new private key will be generated.
func ParseAuthorityDER ¶
func ParseAuthorityDER(data DER, k *PrivateKey) (a Authority, err error)
ParseAuthorityDER parses and loads a certificate authority from ASN.1 DER data.
func ParseAuthorityPEM ¶
func ParseAuthorityPEM(data PEM, k *PrivateKey) (a Authority, err error)
ParseAuthorityPEM parses and loads a certificate authority from PEM data.
type CertOptions ¶
type CertOptions struct {
// ValidFor is the amount of time that a certificate will be valid for.
ValidFor time.Duration
// CommonName is the common name associated with the certificate subject.
CommonName string
}
CertOptions is used to configure a certificate during certificate creation.
type Certificate ¶
type Certificate interface {
GetKey() *PrivateKey
Encodable
}
Certificate is an interface that represents a certificate with an associated private key. Certificate extends the Encodable interface.
func ParseCertificateDER ¶
func ParseCertificateDER(data DER, k *PrivateKey) (c Certificate, err error)
ParseCertificateDER parses and loads a certificate from ASN.1 DER data.
func ParseCertificatePEM ¶
func ParseCertificatePEM(data PEM, k *PrivateKey) (c Certificate, err error)
ParseCertificatePEM parses and loads a certificate from PEM data.
type PrivateKey ¶
type PrivateKey struct {
// contains filtered or unexported fields
}
PrivateKey is an interface that wraps an *rsa.PrivateKey and implements the Encodable interface for it.
func NewPrivateKey ¶
func NewPrivateKey() (*PrivateKey, error)
NewPrivateKey generates a new RSA private key with default settings.
func ParseKeyDER ¶
func ParseKeyDER(data DER) (k *PrivateKey, err error)
ParseKeyDER parses and loads a private key from ASN.1 DER data.
func ParseKeyPEM ¶
func ParseKeyPEM(data PEM) (k *PrivateKey, err error)
ParseKeyPEM parses and loads a private key from PEM data.
func (*PrivateKey) GetPEM ¶
func (k *PrivateKey) GetPEM() (PEM, error)
GetPEM implements the Encodable interface for PrivateKey. GetPEM encodes the associated private key in PEM format.
func (*PrivateKey) Public ¶
func (k *PrivateKey) Public() *PublicKey
Public retrieves the public key from PrivateKey.
Source Files