README
¶
pki
This is a small library to make building private keys, public keys, signatures and most of the certificate stuff a bit easier.
For a cli you can take a look at pkictl
Documentation
¶
Overview ¶
Package pki provides an easier way to create crypto related structures with the intent of making the management of these structures easier for other programs. Currently it provides mechanisms to create private keys in ECDSA and RSA, create public keys, create certificate sign requests and certificates.
To create a new private key, there are two ways for an ecdsa key
private_key, err := NewPrivateKeyEcdsa(elliptic.P521())
or for a RSA key
private_key, err := NewPrivateKeyRSA(4096)
Getting a private key from the private key can be done with
public_key := private_key.Public()
Index ¶
- Constants
- type Certificate
- type CertificateData
- type CertificateOptions
- type CertificateRequest
- type EcdsaPrivateKey
- type EcdsaPublicKey
- type Ed25519PrivateKey
- func (pr Ed25519PrivateKey) MarshalPem() (io.WriterTo, error)
- func (pr *Ed25519PrivateKey) PrivateKey() crypto.PrivateKey
- func (pr *Ed25519PrivateKey) Public() PublicKey
- func (pr *Ed25519PrivateKey) Sign(message []byte, hash crypto.Hash) ([]byte, error)
- func (pr Ed25519PrivateKey) ToPem() (pem.Block, error)
- type Ed25519PublicKey
- type PemOutput
- type Pemmer
- type PrivateKey
- type PublicKey
- type RsaPrivateKey
- type RsaPublicKey
Constants ¶
const ( PemLabelCertificateRequest = "CERTIFICATE REQUEST" PemLabelCertificate = "CERTIFICATE" )
labels used in the pem file format to mark certificate sign requests and certificates
const PemLabelEcdsa = "EC PRIVATE KEY"
This label is used as the type in the pem encoding of ECDSA private keys.
const (
PemLabelEd25519 = "ED25519 PRIVATE KEY" // TODO find correct label
)
const PemLabelPublic = "PUBLIC KEY"
This label is used as the type in the pem encoding of public keys.
const (
PemLabelRsa = "RSA PRIVATE KEY"
)
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Certificate ¶
type Certificate x509.Certificate
Certificate is an alias on the x509.Certificate to add some methods.
func LoadCertificate ¶
func LoadCertificate(raw []byte) (*Certificate, error)
Load a certificate from its asn1 representation.
func (*Certificate) MarshalPem ¶
func (c *Certificate) MarshalPem() (io.WriterTo, error)
marshal the certificate to a pem block
type CertificateData ¶
type CertificateData struct {
Subject pkix.Name
DNSNames []string
EmailAddresses []string
IPAddresses []net.IP
}
Use CertificateData to fill in the minimum data you need to create a certificate sign request.
func NewCertificateData ¶
func NewCertificateData() *CertificateData
Create a new set of certificate data.
func (*CertificateData) ToCertificateRequest ¶
func (c *CertificateData) ToCertificateRequest(private_key PrivateKey) (*CertificateRequest, error)
Create a certificate sign request from the input data and the private key of the request creator.
type CertificateOptions ¶
type CertificateOptions struct {
SerialNumber *big.Int
NotBefore time.Time
NotAfter time.Time // Validity bounds.
IsCA bool
// how many sub ca are allowed between this ca and the end/final certificate
// if it is -1, then no limit will be set
CALength int
KeyUsage x509.KeyUsage // for what can the certificate be used
KeyExtendedUsage []x509.ExtKeyUsage // extended usage for the certificate
CRLUrls []string
}
CertificateOptions is used to provide the necessary information to create a certificate from a certificate sign request.
func (*CertificateOptions) Valid ¶
func (co *CertificateOptions) Valid() error
Check if the certificate options have the required fields set.
type CertificateRequest ¶
type CertificateRequest x509.CertificateRequest
CertificateRequest is an alias on the x509.CertificateRequest to add some methods.
func LoadCertificateSignRequest ¶
func LoadCertificateSignRequest(raw []byte) (*CertificateRequest, error)
Load a certificate sign request from its asn1 representation.
func (*CertificateRequest) MarshalPem ¶
func (c *CertificateRequest) MarshalPem() (io.WriterTo, error)
Return the certificate sign request as a pem block.
func (*CertificateRequest) ToCertificate ¶
func (c *CertificateRequest) ToCertificate(private_key PrivateKey, cert_opts CertificateOptions, ca *Certificate) (*Certificate, error)
Convert the certificate sign request to a certificate using the private key of the signer and the certificate of the signer. If the certificate is null, the sign request will be used to sign itself. Please also see the certificate options struct for information on mandatory fields. For more information, please read http://golang.org/pkg/crypto/x509/#CreateCertificate
type EcdsaPrivateKey ¶
type EcdsaPrivateKey struct {
// contains filtered or unexported fields
}
This type handles the function calls to the ecdsa private key by implementing the interface.
func LoadPrivateKeyEcdsa ¶
func LoadPrivateKeyEcdsa(raw []byte) (*EcdsaPrivateKey, error)
Load the private key from the asn1 representation.
func NewPrivateKeyEcdsa ¶
func NewPrivateKeyEcdsa(curve elliptic.Curve) (*EcdsaPrivateKey, error)
Create a new ECDSA private key using the specified curve. For available curves, please take a look at the crypto/elliptic package.
func (EcdsaPrivateKey) MarshalPem ¶
func (pr EcdsaPrivateKey) MarshalPem() (io.WriterTo, error)
This function implements the Pemmer interface to marshal the private key into a pem block.
func (EcdsaPrivateKey) PrivateKey ¶
func (pr EcdsaPrivateKey) PrivateKey() crypto.PrivateKey
This function returns the crypto.PrivateKey structure of the ECDSA key.
func (EcdsaPrivateKey) Public ¶
func (pr EcdsaPrivateKey) Public() PublicKey
Create a new public key from the private key.
type EcdsaPublicKey ¶
type EcdsaPublicKey struct {
// contains filtered or unexported fields
}
EcdsaPublicKey is the specific public key type for ecdsa. It implements the the PublicKey interface.
func LoadPublicKeyEcdsa ¶
func LoadPublicKeyEcdsa(raw []byte) (*EcdsaPublicKey, error)
This functoin loads an ecdsa public key from the asn.1 representation.
func (*EcdsaPublicKey) MarshalPem ¶
func (pu *EcdsaPublicKey) MarshalPem() (io.WriterTo, error)
This function implements the Pemmer interface to marshal the public key into a pem block.
type Ed25519PrivateKey ¶
type Ed25519PrivateKey struct {
// contains filtered or unexported fields
}
func LoadPrivateKeyEd25519 ¶
func LoadPrivateKeyEd25519(raw []byte) (*Ed25519PrivateKey, error)
Restore an ed25519 private key from a raw byte stream. TODO does this have to be asn1? all other functions expect asn1
func NewPrivateKeyEd25519 ¶
func NewPrivateKeyEd25519() (*Ed25519PrivateKey, error)
Create a new private key of type ed25519.
func (Ed25519PrivateKey) MarshalPem ¶
func (pr Ed25519PrivateKey) MarshalPem() (io.WriterTo, error)
Export the private key into the Pem format.
func (*Ed25519PrivateKey) PrivateKey ¶
func (pr *Ed25519PrivateKey) PrivateKey() crypto.PrivateKey
TODO implement the raw API for the private key
func (*Ed25519PrivateKey) Public ¶
func (pr *Ed25519PrivateKey) Public() PublicKey
Return the public key for this private key.
type Ed25519PublicKey ¶
type Ed25519PublicKey struct {
// contains filtered or unexported fields
}
func LoadPublicKeyEd25519 ¶
func LoadPublicKeyEd25519(raw []byte) (*Ed25519PublicKey, error)
Load the public key from a raw byte stream. TODO should this be read from ASN.1? All other functions do that.
func (Ed25519PublicKey) MarshalPem ¶
func (pu Ed25519PublicKey) MarshalPem() (io.WriterTo, error)
Export the public key into the pem format.
type PemOutput ¶
ToPem returns the raw pem block to make it possible to write the result to any place.
type Pemmer ¶
Pemmer is used by all crypto structures which need to be available in the pem format. The result can then be written to any structure implementing the io.Writer interface.
type PrivateKey ¶
type PrivateKey interface {
// Derive a new public key from the private key.
Public() PublicKey
// Sign a message using the public key and the given hash method.
// To use a hash method, include the package
// import _ "crypto/sha512"
Sign(message []byte, hash crypto.Hash) ([]byte, error)
// Return the original go structure of the private key.
PrivateKey() crypto.PrivateKey
// ToPem must return a pem block of the private key.
ToPem() (pem.Block, error)
}
PrivateKey is a common interface for all crypto implementations to provide the same functions, like deriving a public key or signing a message.
type PublicKey ¶
type PublicKey interface {
Pemmer
PemOutput
// This function can be used to verify a message against a provided signature
// using the given hash function.
Verify(message []byte, signature []byte, hash crypto.Hash) (bool, error)
}
PublicKey is used by the different crypto implementations to provide the same functionality like verifying a message against a signature.
type RsaPrivateKey ¶
type RsaPrivateKey struct {
// contains filtered or unexported fields
}
func LoadPrivateKeyRsa ¶
func LoadPrivateKeyRsa(raw []byte) (*RsaPrivateKey, error)
load a rsa private key its ASN.1 presentation
func NewPrivateKeyRsa ¶
func NewPrivateKeyRsa(size int) (*RsaPrivateKey, error)
generate a new rsa private key
func (RsaPrivateKey) MarshalPem ¶
func (pr RsaPrivateKey) MarshalPem() (io.WriterTo, error)
func (RsaPrivateKey) PrivateKey ¶
func (pr RsaPrivateKey) PrivateKey() crypto.PrivateKey
get the private key
func (*RsaPrivateKey) Public ¶
func (pr *RsaPrivateKey) Public() PublicKey
type RsaPublicKey ¶
type RsaPublicKey struct {
// contains filtered or unexported fields
}
func LoadPublicKeyRsa ¶
func LoadPublicKeyRsa(raw []byte) (*RsaPublicKey, error)
restore a rsa public key
func (*RsaPublicKey) MarshalPem ¶
func (pu *RsaPublicKey) MarshalPem() (io.WriterTo, error)
marshal a rsa public key into pem format
Source Files