pkcs12

Documentation

Overview

Package pkcs12 implements a subset of PKCS #12 as described here: https://tools.ietf.org/html/rfc7292

Much credit to at Microsoft's Azure project https: github.com/Azure/go-pkcs12/blob/master/pkcs12.go, from which much of the parser code was adapted under the MIT License. PKCS #12 is a format used for transferring certificates and private keys.

In particular the PFX/P12 structure storing certificates and private keys is parsed into a go structure. In almost all cases PKCS #12 stored certificates and private keys are password protected at the time of marshaling, and so the parse function in this package takes in a password []byte. PKCS #12 make extensive use of the PKCS #7 standard, and so the PKCS #7 parser is used frequently here. Although there is flexibility in the data a PKCS #12 object can hold, the typical (i.e. openssl generated) form is roughly as follows (for more specific details on allowed asn1 structure see the standard)

PFX ->
	Version int
	PKCS #7 Data ->
		PKCS #7 encryptedData ->
			CertificateBag ->
				Certificates
		PKCS #7 Data ->
			PKCS #8 ShroudedBag ->
				Private Key
	MAC Data (Not used here)

Index

• type PKCS12
  • func ParsePKCS12(raw, password []byte) (msg *PKCS12, err error)

Types

type PKCS12

type PKCS12 struct {
	Version      int
	Certificates []*x509.Certificate
	PrivateKey   crypto.Signer
}

PKCS12 contains the Data expected in PKCS #12 objects, one or more certificates a private key, an integer indicating the version, and the raw content of the structure

func ParsePKCS12

func ParsePKCS12(raw, password []byte) (msg *PKCS12, err error)

ParsePKCS12 parses a pkcs12 syntax object into a container for a private key, certificate(s), and version number