decryptpem

package module

v0.0.0-...-7e4f5bc Latest Latest Go to latest Published: Sep 28, 2017 License: BSD-3-Clause Imports: 9 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/phayes/decryptpem

Links

Open Source Insights

README ¶

Decrypt PEM

Golang package that decrypts encrypted PEM files and blocks. Provides (optional) TTY prompt for input for password.

Installation

go get github.com/phayes/decryptpem

Example

// Get private key, prompt for password and decrypt if necessary
pem, err := decryptpem.DecryptFileWithPrompt("/path/to/private_key.pem")
if err != nil {
  log.Fatal(err)
}
privateKey, err := x509.ParsePKCS1PrivateKey(pem.Bytes());
if err != nil {
  log.Fatal(err)
}


// It will also work with unencrypted plaintext PEM files
pem, err := decryptpem.DecryptFileWithPrompt("/path/to/plaintext_key.pem") // Will not prompt for pasword.
if err != nil {
  log.Fatal(err)
}
privateKey, err := x509.ParsePKCS1PrivateKey(pem.Bytes());
if err != nil {
  log.Fatal(err)
}

Configuration

There are two configuration variables provided:

// PasswordDelay sets the delay for any password tries and retries as a defence against brute force password guessing
// By default there is no delay
var decryptpem.PasswordDelay time.Duration

// MaxTries sets the maximum number of times a password may be tried before erroring out.
// A MaxTries of 1 means that there is only one try allowed (no retries)
// A MaxTries of 0 means infinite retries are allowed.
// When tries run out, an error of x509.IncorrectPasswordError will be returned.
var decryptpem.MaxTries int

Documentation ¶

Overview ¶

Package decryptpem decrypts encrypted PEM files and blocks. Provides (optional) TTY prompt for input for password.

Installation

go get github.com/phayes/decryptpem

Example

// Get private key, prompt for password and decrypt if necessary
pem, err := decryptpem.DecryptFileWithPrompt("/path/to/private_key.pem")
if err != nil {
  log.Fatal(err)
}
privateKey, err := x509.ParsePKCS1PrivateKey(pem.Bytes());
if err != nil {
  log.Fatal(err)
}

// It will also work with unencrypted plaintext PEM files
pem, err := decryptpem.DecryptFileWithPrompt("/path/to/plaintext_key.pem") // Will not prompt for pasword.
if err != nil {
  log.Fatal(err)
}
privateKey, err := x509.ParsePKCS1PrivateKey(pem.Bytes());
if err != nil {
  log.Fatal(err)
}

Index ¶

Variables
func DecryptBytesWithPassword(pembytes []byte, password string) (block *pem.Block, rest []byte, err error)
func DecryptBytesWithPrompt(pembytes []byte, prompt string, incorrectMessage string) (block *pem.Block, rest []byte, err error)
func DecryptFileWithPassword(filename string, password string) (*pem.Block, error)
func DecryptFileWithPrompt(filename string) (*pem.Block, error)

Constants ¶

This section is empty.

Variables ¶

View Source

var (

	// PasswordDelay sets the delay for any password tries and retries as a defence against brute force password guessing
	// By default there is no delay
	PasswordDelay time.Duration

	// MaxTries sets the maximum number of times a password may be tried before erroring out.
	// A MaxTries of 1 means that there is only one try allowed (no retries)
	// A MaxTries of 0 means infinite retries are allowed.
	// When tries run out, an error of x509.IncorrectPasswordError will be returned.
	MaxTries int
)

Configuration

View Source

var (
	ErrReadFile     = errors.New("decryptpem: Cannot read and decrypt file")
	ErrDecryptBlock = errors.New("decryptpem: Cannot decrypt pem block")
	ErrNoBlockFound = errors.New("decryptpem: No PEM block found")
)

Errors

Functions ¶

func DecryptBytesWithPassword ¶

func DecryptBytesWithPassword(pembytes []byte, password string) (block *pem.Block, rest []byte, err error)

DecryptBytesWithPassword will find the next PEM formatted block (certificate, private key etc) in the input. It returns that block decrypted and the remainder of the input. If no PEM data is found, block is nil and the whole of the input is returned in rest.

func DecryptBytesWithPrompt ¶

func DecryptBytesWithPrompt(pembytes []byte, prompt string, incorrectMessage string) (block *pem.Block, rest []byte, err error)

DecryptBytesWithPrompt is the same as DecryptBytesWithPassword, but if the pem block is password protected, it will prompt stdout / stdin for a password When password retries run out, a x509.IncorrectPasswordError error will be returned.

func DecryptFileWithPassword ¶

func DecryptFileWithPassword(filename string, password string) (*pem.Block, error)

DecryptFileWithPassword retrieives the pem file and decrypts it with the provided password

func DecryptFileWithPrompt ¶

func DecryptFileWithPrompt(filename string) (*pem.Block, error)

DecryptFileWithPrompt retrieives the pem file and decrypts it using a prompt from the user When password retries run out, a x509.IncorrectPasswordError error will be returned.

Types ¶

This section is empty.

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL