Documentation ¶
Overview ¶
Package decryptpem decrypts encrypted PEM files and blocks. Provides (optional) TTY prompt for input for password.
Installation
go get github.com/phayes/decryptpem
Example
// Get private key, prompt for password and decrypt if necessary pem, err := decryptpem.DecryptFileWithPrompt("/path/to/private_key.pem") if err != nil { log.Fatal(err) } privateKey, err := x509.ParsePKCS1PrivateKey(pem.Bytes()); if err != nil { log.Fatal(err) } // It will also work with unencrypted plaintext PEM files pem, err := decryptpem.DecryptFileWithPrompt("/path/to/plaintext_key.pem") // Will not prompt for pasword. if err != nil { log.Fatal(err) } privateKey, err := x509.ParsePKCS1PrivateKey(pem.Bytes()); if err != nil { log.Fatal(err) }
Index ¶
- Variables
- func DecryptBytesWithPassword(pembytes []byte, password string) (block *pem.Block, rest []byte, err error)
- func DecryptBytesWithPrompt(pembytes []byte, prompt string, incorrectMessage string) (block *pem.Block, rest []byte, err error)
- func DecryptFileWithPassword(filename string, password string) (*pem.Block, error)
- func DecryptFileWithPrompt(filename string) (*pem.Block, error)
Constants ¶
This section is empty.
Variables ¶
var ( // PasswordDelay sets the delay for any password tries and retries as a defence against brute force password guessing // By default there is no delay PasswordDelay time.Duration // MaxTries sets the maximum number of times a password may be tried before erroring out. // A MaxTries of 1 means that there is only one try allowed (no retries) // A MaxTries of 0 means infinite retries are allowed. // When tries run out, an error of x509.IncorrectPasswordError will be returned. MaxTries int )
Configuration
var ( ErrReadFile = errors.New("decryptpem: Cannot read and decrypt file") ErrDecryptBlock = errors.New("decryptpem: Cannot decrypt pem block") ErrNoBlockFound = errors.New("decryptpem: No PEM block found") )
Errors
Functions ¶
func DecryptBytesWithPassword ¶
func DecryptBytesWithPassword(pembytes []byte, password string) (block *pem.Block, rest []byte, err error)
DecryptBytesWithPassword will find the next PEM formatted block (certificate, private key etc) in the input. It returns that block decrypted and the remainder of the input. If no PEM data is found, block is nil and the whole of the input is returned in rest.
func DecryptBytesWithPrompt ¶
func DecryptBytesWithPrompt(pembytes []byte, prompt string, incorrectMessage string) (block *pem.Block, rest []byte, err error)
DecryptBytesWithPrompt is the same as DecryptBytesWithPassword, but if the pem block is password protected, it will prompt stdout / stdin for a password When password retries run out, a x509.IncorrectPasswordError error will be returned.
func DecryptFileWithPassword ¶
DecryptFileWithPassword retrieives the pem file and decrypts it with the provided password
Types ¶
This section is empty.