Documentation

Overview

Package pki provides PKI all the PKI functions necessary to run micro over an untrusted network including a CA

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CA

func CA(opts ...CertOption) ([]byte, []byte, error)

CA generates a self signed CA and returns cert, key in PEM format

func CSR

func CSR(opts ...CertOption) ([]byte, error)

CSR generates a certificate request in PEM format

func GenerateKey

func GenerateKey() (ed25519.PublicKey, ed25519.PrivateKey, error)

GenerateKey returns an ed25519 key

func Sign

func Sign(CACrt, CAKey, CSR []byte, opts ...CertOption) ([]byte, error)

Sign decodes a CSR and signs it with the CA

Types

type CertOption

type CertOption func(c *CertOptions)

CertOption sets CertOptions

func DNSNames

func DNSNames(names ...string) CertOption

DNSNames is a list of hosts to sign in to the certificate

func IPAddresses

func IPAddresses(ips ...net.IP) CertOption

IPAddresses is a list of IPs to sign in to the certificate

func IsCA

func IsCA() CertOption

IsCA states the cert is a CA

func KeyPair

func KeyPair(pub ed25519.PublicKey, priv ed25519.PrivateKey) CertOption

KeyPair is the key pair to sign the certificate with

func NotAfter

func NotAfter(time time.Time) CertOption

NotAfter is the time the certificate is not valid after

func NotBefore

func NotBefore(time time.Time) CertOption

NotBefore is the time the certificate is not valid before

func SerialNumber

func SerialNumber(serial *big.Int) CertOption

SerialNumber is the Certificate Serial number

func Subject

func Subject(subject pkix.Name) CertOption

Subject sets the Subject field

type CertOptions

type CertOptions struct {
	IsCA         bool
	Subject      pkix.Name
	DNSNames     []string
	IPAddresses  []net.IP
	SerialNumber *big.Int
	NotBefore    time.Time
	NotAfter     time.Time

	Parent *x509.Certificate
	Pub    ed25519.PublicKey
	Priv   ed25519.PrivateKey
}

CertOptions are passed to cert options