README
¶
Go has a pretty good cryptography library, but most of the provided
functionality is fairly low-level, and it can sometimes be difficult to
figure out exactly how things fit together. This repository gives
end-to-end example code that uses a number of features that can be
pieced together using crypto and net. Hopefully, this code will make
it easier for people trying to do crypto-things in Go to find the piece
of code they're missing.
In no particular order, the code here implements:
- HTTPS server with self-signed certificates.
- Generation of signed client certificates.
- Optional client-side authentication for HTTPS.
- Parsing of public keys submitted through the HTML5
<keygen>tag. - Marshalling and unmarshalling of private keys and certificates to standardized formats supported by browsers, OpenSSL, etc.
To run, first do go build keybin/main.go. Next, open two terminals:
term1$ ./kb server
term2$ ./kb client
If you list the contents of the current directory, you will see that
four files have been generated: localhost.{crt,rsa.key}, and
alice.{crt,rsa.key}. These are the server and client certificates and
keys, stored in formats that can be imported into browsers, used by
cURL, or all sorts of other things.
The code in this repository is meant as example good only, and it should not be used verbatim without additional testing and verification. Code tagged with TODO needs to be modified before use.
Also note that this code was carved out from a much larger software system, and some errors may have snuck in during the transition. If you find any errors, do not hesitate to file an issue using the GitHub issue tracker; or even better, fix the problem yourself and send a Pull Request. If you have ideas for improvements, extensions or clean-up that should be done, please also submit those too!
Happy hacking!
Documentation
¶
Index ¶
- func CertificateToPEM(cert []byte, dest io.Writer) error
- func Client(user string, fqdn string, do func(*http.Client)) error
- func HTMLKeygenKeyToPubkey(postedKey string) (pub interface{}, err error)
- func PEMToCertificate(in io.Reader) (*x509.Certificate, error)
- func PEMToPrivateKey(in io.Reader) (interface{}, error)
- func PrivateKeyToPEM(priv interface{}, dest io.Writer) error
- func PubkeyAsHTMLKeygen(prkey interface{}, challenge string, algo x509.SignatureAlgorithm) (string, error)
- func PublicKey(priv interface{}) (interface{}, error)
- func SelfSignedPowerCertificate(priv interface{}, cname string, domains []string) (*x509.Certificate, []byte, error)
- func Server(fqdn string, auth authenticator, ...) error
- func SignedCertificateFor(signerPkey interface{}, signerCert *x509.Certificate, signee interface{}, ...) (*x509.Certificate, []byte, error)
- type PublicKeyAndChallenge
- type SignedPublicKeyAndChallenge
- type SubjectPublicKeyInfo
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func HTMLKeygenKeyToPubkey ¶
func PEMToCertificate ¶
func PEMToCertificate(in io.Reader) (*x509.Certificate, error)
func PEMToPrivateKey ¶
func PrivateKeyToPEM ¶
x509.pemBlockForKey
func PubkeyAsHTMLKeygen ¶
func PubkeyAsHTMLKeygen(prkey interface{}, challenge string, algo x509.SignatureAlgorithm) (string, error)
func SignedCertificateFor ¶
func SignedCertificateFor(signerPkey interface{}, signerCert *x509.Certificate, signee interface{}, cname string) (*x509.Certificate, []byte, error)
Types ¶
type PublicKeyAndChallenge ¶
type PublicKeyAndChallenge struct {
Spki SubjectPublicKeyInfo
Challenge string
}
https://html.spec.whatwg.org/multipage/forms.html#publickeyandchallenge
type SignedPublicKeyAndChallenge ¶
type SignedPublicKeyAndChallenge struct {
PublicKeyAndChallenge PublicKeyAndChallenge
SignatureAlgorithm pkix.AlgorithmIdentifier
Signature asn1.BitString
}
https://html.spec.whatwg.org/multipage/forms.html#signedpublickeyandchallenge
type SubjectPublicKeyInfo ¶
type SubjectPublicKeyInfo struct {
Algo pkix.AlgorithmIdentifier
BitString asn1.BitString
}
As defined in RFC5280
Source Files
Directories