openssl

package
v0.11.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 21, 2023 License: Apache-2.0 Imports: 21 Imported by: 0

Documentation

Overview

Package openssl implements basic functionality of OpenSSL - Key generation - X509 Request generation - X509 Request signing

Index

Constants

View Source 
const RSABITS = 4096

SetDebug sets the Debug variable and manipulates RSABITS is the default RSA key length

Variables

View Source 
var Debug bool
View Source 
var ErrNoCert = ca.ErrNoCert
View Source 
var Info = "openssl"

Functions

func NewRSAKey 

func NewRSAKey(bits int) ([]byte, error)

NewRSAKey generates a new RSA key with the number of bits. You may use RSABITS to get the package key length. The result is in PEM format.

func PreCheck 

func PreCheck() error

Implement pre-flight checks

func ReadKey 

func ReadKey(in io.Reader, pass string) ([]byte, error)

ReadKey reads the encrypted PEM file back and stores the decrypted key in memory (PEM)

func ReadKeyFile 

func ReadKeyFile(path string, pass string) ([]byte, error)

ReadKeyFile reads the encrypted key from a file and stores the encrypted variant (PEM) in memory

func WriteKey 

func WriteKey(out io.Writer, key []byte, pass string) error

WriteKey writes the encrypted key to the io.Writer

func WriteKeyFile 

func WriteKeyFile(path string, key []byte, pass string) error

WriteKeyFile writes the encrypted key to the file

Types

type CA 

type CA struct {
	*Config
	// contains filtered or unexported fields
}

func Init 

func Init(config *Config, subj string, force bool) (*CA, error)

Initialize a new CA with subj and a passphrase for the Ca's private key. If no passphrase is supplied, it will be prompted via /dev/tty

func NewCA 

func NewCA(c *Config) (ca *CA, err error)

NewC returns a CA that is ready to sign requests. Basically this CA is even ready to create requests based on the config, which actually isn't the job of a CA. Loading (and decrypting) the key is delayed until we really need it (e.g. for creating requests it is not necessary)

func (*CA) CRL 

func (ca *CA) CRL() (pem []byte, err error)

func (CA) Cert 

func (ca CA) Cert(subj string) (crt *x509.Certificate, err error)

Cert retrieves a cert from the CA

func (*CA) List 

func (ca *CA) List() (certs []*x509.Certificate, err error)

func (*CA) ListAsync 

func (ca *CA) ListAsync(certs chan<- *x509.Certificate, errch chan<- error)

func (*CA) NewCert 

func (ca *CA) NewCert(subj string, v3ext string, days int, key []byte) (*x509.Certificate, error)

NewCert creates a new signed certificate from the given subject and key, in other words, we take the key, create the suitable request (with the configuration of the CA), and finally sign this.

func (*CA) NewRSAKey 

func (*CA) NewRSAKey(bits int) ([]byte, error)

NewRSAKey returns a RSA key with the bits len

func (*CA) Revoke 

func (ca *CA) Revoke(subj string) (*x509.Certificate, error)

Revoke revokes the certificate with the given subject. After updating the index, the old certificate file will be removed FIXME: it shouldn't revoke only one, but all certs with this subject TODO: it should update the CRL

type Config 

type Config struct {
	Dir  string
	File string // typically Dir/openssl.cnf
	Pass string // as in openssl password (fd:<fd>, file:<file>, pass:<pass>, env:<env>, stdin:)
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.