cryptutil

package
v0.0.0-...-3746c95 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Feb 11, 2024 License: BSD-3-Clause Imports: 22 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	PemTypePrivateKey    = "PRIVATE KEY"
	PemTypeECPrivateKey  = "EC PRIVATE KEY"
	PemTypeRsaPrivateKey = "RSA PRIVATE KEY"
	PemTypePublicKey     = "PUBLIC KEY"
	PemTypeECPublicKey   = "EC PUBLIC KEY"
	PemTypeRsaPublicKey  = "RSA PUBLIC KEY"
	PemTypeCsr           = "CERTIFICATE REQUEST"
	PemTypeCertificate   = "CERTIFICATE"
)
View Source 
const (
	DefaultSignatureHash = crypto.SHA512
)
View Source 
const NoneName = "None"

Variables

View Source 
var (
	PemTypesPrivateKeys = []string{
		PemTypePrivateKey, PemTypeECPrivateKey, PemTypeRsaPrivateKey,
	}
	PemTypesPublicKeys = []string{
		PemTypePublicKey, PemTypeECPublicKey, PemTypeRsaPublicKey,
	}
	PemTypesPublicKeyExtractable = append(
		append(
			PemTypesPublicKeys,
			PemTypesPrivateKeys...,
		),
		PemTypeCertificate,
		PemTypeCsr,
	)
)
View Source 
var ErrNoPemFound = errors.New("no PEM block found")

Functions

func CertificateIsSelfSigned 

func CertificateIsSelfSigned(cert *x509.Certificate) bool

func DescribeCertificate 

func DescribeCertificate(cert *x509.Certificate) string

DescribeCertificate produces a one line description for a human to read. It contains the certificate's subject and SANs.

func EscapeName 

func EscapeName(name string) string

func ExtKeyUsageAllNames 

func ExtKeyUsageAllNames() []string

func ExtKeyUsageFromNames 

func ExtKeyUsageFromNames(names string) ([]x509.ExtKeyUsage, error)

func ExtKeyUsageNames 

func ExtKeyUsageNames(usages []x509.ExtKeyUsage) []string

func KeyUsageAllNames 

func KeyUsageAllNames() []string

func KeyUsageFromNames 

func KeyUsageFromNames(names string) (x509.KeyUsage, error)

func KeyUsageNames 

func KeyUsageNames(u x509.KeyUsage) []string

func KeysMatch 

func KeysMatch(a, b any) bool

func NameAsString 

func NameAsString(name *pkix.Name) string

NameAsString renders a pkix.Name as a string in the form /OID=Value/…. The first character will be a "/" and OID-value pairs will be separated with a "/". The characters / = \ which are part of the OID or value will be escaped by placing a \ before them. Whereas this function will generate a string representation of the name for all names, the string value of attributes that are not strings may not contain enough information to reverse the process.

func PkixNameSplitter 

func PkixNameSplitter(data []byte, atEOF bool) (advance int, token []byte, err error)

PkixNameSplitter is a bufio.SplitFunc for use with bufio.Scanner which tokens in the form "/OID" or "=value". Escaped characters will not cause a split. No unesscaping is performed, the user of the Scanner is expected to inspect the first character of the token, remove it, then unescape the rest with UnescapeName().

func PublicKeyFingerprint 

func PublicKeyFingerprint(key any) []byte

PublicKeyFingerprint returns a SHA256 hash of a repeatable encoding of the given key. If a private key is passed, only the public part is considered. On error a zero length byte slice is returned.

func PublicKeyFor 

func PublicKeyFor(obj any) crypto.PublicKey

func SignatureAlgorithmForKey 

func SignatureAlgorithmForKey(key any, hash crypto.Hash) x509.SignatureAlgorithm

SignatureAlgorithmForKey returns a signature algorithm that will work for the given key. key can be a public or private key of type RSA (crypto/rsa), EC (crypto/ecdsa), or Ed25519 (crypto/ed25519). For RSA and EC keys the appropriate {RSA|ECDSA}WithSHA{1,256,384,512} value will be returned for the corresponding hash value. For Ed25519 keys x509.PureEd25519 will always be returned regardless of the value of hash.

If an unusable hash or key of unknown type is passed in then x509.UnknownSignatureAlgorithm will be returned.

func SignatureAlgorithmName 

func SignatureAlgorithmName(sa x509.SignatureAlgorithm) string

SignatureAlgorithmName returns a textual name for a signature algorithm type

func StringAsName 

func StringAsName(str string) (*pkix.Name, error)

func SubjectKeyId 

func SubjectKeyId(key any) []byte

SubjectKeyId is used to generate a SHA1 fingerprint of a public key and is compatible with the algorithm defined in RFC5280. This is the value of the Subject Key ID extension in certificates issued. Unless compatibility with RFC5280 is required, use PublicKeyFingerprint() instead as this uses SHA512_256 which is both faster and more secure.

func UnescapeName 

func UnescapeName(name string) string

func UnmarshalPrivateKey 

func UnmarshalPrivateKey(data []byte) (crypto.PrivateKey, error)

func UnmarshalPublicKey 

func UnmarshalPublicKey(data []byte) (crypto.PublicKey, error)

Types

type ExpectingBlockError 

type ExpectingBlockError struct {
	// contains filtered or unexported fields
}

func (ExpectingBlockError) Error 

func (e ExpectingBlockError) Error() string

func (ExpectingBlockError) Is 

func (e ExpectingBlockError) Is(err error) bool

type PemBuffer 

type PemBuffer struct {
	// contains filtered or unexported fields
}

PemBuffer is a sequence of PEM blocks stored in a buffer. It implements PemParser.

func NewPemBuffer 

func NewPemBuffer(b []byte) *PemBuffer

NewPemBuffer stores be in a PemBuffer allowing it to be parsed. Modifying b after this call may affect the parser's results

func NewPemBufferFromStream 

func NewPemBufferFromStream(stream io.Reader) *PemBuffer

NewPemBufferFromStream stores stream and reads it to completion the first call to NextPem(). If the stream implements io.Closer it will be closed.

func (*PemBuffer) NextPem 

func (pb *PemBuffer) NextPem() (block *pem.Block, err error)

func (*PemBuffer) RemainingBytes 

func (pb *PemBuffer) RemainingBytes() ([]byte, error)

type PemParser 

type PemParser interface {
	// NextPem returns a PEM block or and error while attempting to retrieve
	// a PEM block. When no more blocks are available nil should be returned
	// for both the block and the error.
	NextPem() (*pem.Block, error)
}

PemParser is an object that can source a series of PEM blocks

type PemUnmarshaler 

type PemUnmarshaler struct {
	// contains filtered or unexported fields
}

func NewPemUnmarshaler 

func NewPemUnmarshaler(parser PemParser, options ...PemUnmarshalerOption) *PemUnmarshaler

func UnmarshalFile 

func UnmarshalFile(filePath, stdInPrompt string, cryptOptions *pemcrypt.CryptOptions) *PemUnmarshaler

UnmarshalFile is a utility function to use a delayed open file reader and a PemBuffer to read and optionally decrypt some PEM blocks. Errors are delayed until a call the unmarshaler.

func (*PemUnmarshaler) Expect 

func (u *PemUnmarshaler) Expect(pemTypes []string) (*pem.Block, error)

Expect returns a PEM block of the expected type or an error. If the block is encrypted and decryption is enabled then an encrypted block of the correct type(s) will be decrypted before being returned. If pemTypes has a length greater than zero then only these types of PEM blocks will be accepted, if an unacceptable block is found an error will be returned.

func (*PemUnmarshaler) ExpectCSR 

func (u *PemUnmarshaler) ExpectCSR() (*x509.CertificateRequest, error)

ExpectCSR parses and returns a CSR

func (*PemUnmarshaler) ExpectCertificate 

func (u *PemUnmarshaler) ExpectCertificate() (*x509.Certificate, error)

ExpectCertificate parses and returns a certificate

func (*PemUnmarshaler) ExpectPrivateKey 

func (u *PemUnmarshaler) ExpectPrivateKey() (crypto.PrivateKey, error)

ExpectPrivateKey parses and returns a private key

func (*PemUnmarshaler) ExpectPublicKeyExtractable 

func (u *PemUnmarshaler) ExpectPublicKeyExtractable() (crypto.PublicKey, error)

ExpectPublicKeyExtractable parses any type of block that is an object that contains a public key, then returns the public key from that object.

func (*PemUnmarshaler) NextPem 

func (u *PemUnmarshaler) NextPem() (*pem.Block, error)

type PemUnmarshalerOption 

type PemUnmarshalerOption func(unmarshaler *PemUnmarshaler)

func WithDecryption 

func WithDecryption(decryptionOptions *pemcrypt.CryptOptions) PemUnmarshalerOption

func WithNoDecryption 

func WithNoDecryption() PemUnmarshalerOption

func WithUserContext 

func WithUserContext(userContext string) PemUnmarshalerOption

Source Files

View all Source files

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.