crypto: Index | Examples | Files | Directories

package pkcs12

import ""

Package pkcs12 implements some of PKCS#12.

This implementation is distilled from and referenced documents. It is intended for decoding P12/PFX-stored certificates and keys for use with the crypto/tls package.



Package Files

bmp-string.go crypto.go errors.go mac.go pbkdf.go pkcs12.go safebags.go


var (
    // ErrDecryption represents a failure to decrypt the input.
    ErrDecryption = errors.New("pkcs12: decryption error, incorrect padding")

    // ErrIncorrectPassword is returned when an incorrect password is detected.
    // Usually, P12/PFX data is signed to be able to verify the password.
    ErrIncorrectPassword = errors.New("pkcs12: decryption password incorrect")

func Decode Uses

func Decode(pfxData []byte, password string) (privateKey interface{}, certificate *x509.Certificate, err error)

Decode extracts a certificate and private key from pfxData. This function assumes that there is only one certificate and only one private key in the pfxData.

func ToPEM Uses

func ToPEM(pfxData []byte, password string) ([]*pem.Block, error)

ConvertToPEM converts all "safe bags" contained in pfxData to PEM blocks.


p12, _ := base64.StdEncoding.DecodeString(`MIIJzgIBAzCCCZQGCS ... CA+gwggPk==`)

blocks, err := ToPEM(p12, "password")
if err != nil {

var pemData []byte
for _, b := range blocks {
    pemData = append(pemData, pem.EncodeToMemory(b)...)

// then use PEM data for tls to construct tls certificate:
cert, err := tls.X509KeyPair(pemData, pemData)
if err != nil {

config := &tls.Config{
    Certificates: []tls.Certificate{cert},

_ = config

type NotImplementedError Uses

type NotImplementedError string

NotImplementedError indicates that the input is not currently supported.

func (NotImplementedError) Error Uses

func (e NotImplementedError) Error() string


internal/rc2Package rc2 implements the RC2 cipher

Package pkcs12 imports 16 packages (graph) and is imported by 93 packages. Updated 2018-03-19. Refresh now. Tools for package owners.