README
¶
CertToStore
CertToStore is a Multi-Platform package that allows you to work with x509 certificates on Linux and the certificate store on Windows.
[TOC]
Why CertToStore?
CertToStore was created to solve some specific problems when working with certificates using Go. Ever wanted to create public/private key pairs using the TPM or create certificate requests using TPM backed keys? Both are possible using CertToStore on Windows. Linux support is also planned.
Native Certificate Store Access without the prompts Certificate storage in CertToStore under Windows uses the certificate store by using native Windows calls. By using native functionality, you won't see the all to common "do you want to import this certificate?" when installing certificates using certtostore.
Additionally, you can lookup and use existing certificates with their private keys through CNG, regardless of how they were issued (TPM or Software backed).
Built-in support for Cryptography API: Next Generation (CNG) CertToStore under Windows was built from the ground up to use Microsoft's Cryptography API: Next Generation (CNG). This grants certificates generated, requested, and stored using CertToStore the ability to use your computer's TPM to safely store private key material safely.
Compatibile with packages that use x509.Certificate x509 compatible certs means that you can use private keys and certificates generated by CertToStore with just about anything else in Go that works with certificates. Want to generate certificate requests using the TPM, and send them to your own third-party CA? Have a Go based web server that you want to use with a TPM backed certificate? Sure thing.
Contact
We have a public discussion list at certtostore-discuss@googlegroups.com
Disclaimer
This is not an official Google product.
Documentation
¶
Overview ¶
Package certtostore handles storage for certificates
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
Types ¶
type CertStorage ¶
type CertStorage interface {
// Cert returns the current X509 certificate or nil if no certificate is installed.
Cert() (*x509.Certificate, error)
// Intermediate returns the current intermediate X509 certificate or nil if no certificate is installed.
Intermediate() (*x509.Certificate, error)
// Generate generates a new private key in the storage and returns a signer that can be used
// to perform signatures with the new key and read the public portion of the key. CertStorage
// implementations should strive to ensure a Generate call doesn't actually destroy any current
// key or cert material and to only install the new key for clients once Store is called.
Generate(keySize int) (crypto.Signer, error)
// Store finishes the cert installation started by the last Generate call with the given cert and
// intermediate.
Store(cert *x509.Certificate, intermediate *x509.Certificate) error
}
CertStorage exposes the different backend storage options for certificates
type FileStorage ¶
type FileStorage struct {
// contains filtered or unexported fields
}
FileStorage exposes the file storage (on disk) backend type for certificates. The certificate id is used as the base of the filename within the basepath.
func NewFileStorage ¶
func NewFileStorage(basepath string) *FileStorage
NewFileStorage sets up a new file storage struct for use by StoreCert
func (*FileStorage) Cert ¶
func (f *FileStorage) Cert() (*x509.Certificate, error)
Cert returns the FileStorage's current cert or nil if there is none.
func (*FileStorage) Generate ¶
func (f *FileStorage) Generate(keySize int) (crypto.Signer, error)
Generate creates a new RSA private key and returns a signer that can be used to make a CSR for the key.
func (*FileStorage) Intermediate ¶
func (f *FileStorage) Intermediate() (*x509.Certificate, error)
Intermediate returns the FileStorage's current intermediate cert or nil if there is none.
func (*FileStorage) Store ¶
func (f *FileStorage) Store(cert *x509.Certificate, intermediate *x509.Certificate) error
Store finishes our cert installation by PEM encoding the cert, intermediate, and key and storing them to disk.
Source Files