pkcs12

package
v1.3.4-beta6 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 4, 2024 License: AGPL-3.0, Apache-2.0 Imports: 22 Imported by: 0

Documentation

Overview

Package go-pkcs12 implements some of PKCS#12.

This implementation is distilled from https://tools.ietf.org/html/rfc7292 and referenced documents. It is intended for decoding P12/PFX-stored certificates and keys for use with the crypto/tls package.

Package rc2 implements the RC2 cipher

https://www.ietf.org/rfc/rfc2268.txt http://people.csail.mit.edu/rivest/pubs/KRRR98.pdf

This code is licensed under the MIT license.

Index

Constants

View Source
const BlockSize = 8

The rc2 block size in bytes

Variables

View Source
var (
	// ErrDecryption represents a failure to decrypt the input.
	ErrDecryption = errors.New("go-pkcs12: decryption error, incorrect padding")

	// ErrIncorrectPassword is returned when an incorrect password is detected.
	// Usually, P12/PFX data is signed to be able to verify the password.
	ErrIncorrectPassword = errors.New("go-pkcs12: decryption password incorrect")
)

Functions

func Decode

func Decode(pfxData []byte, password string) (privateKey interface{}, certificate *x509.Certificate, err error)

Decode extracts a certificate and private key from pfxData. This function assumes that there is only one certificate and only one private key in the pfxData.

func DecodeAll

func DecodeAll(pfxData []byte, password string) (privateKey interface{}, certificate []*x.Certificate, err error)

DecodeAll extracts all certificates and a private key from pfxData.

func Encode

func Encode(privateKey interface{}, certificate *x.Certificate, caCerts []*x509.Certificate, password string) (pfxData []byte, err error)

Encode produces pfxData containing one private key, an end-entity certificate, and any number of CA certificates. It emulates the behavior of OpenSSL's PKCS12_create: it creates two SafeContents: one that's encrypted with RC2 and contains the certificates, and another that is unencrypted and contains the private key shrouded with 3DES. The private key bag and the end-entity certificate bag have the LocalKeyId attribute set to the SHA-1 fingerprint of the end-entity certificate.

func MarshalECPrivateKey

func MarshalECPrivateKey(key *sm2.PrivateKey) ([]byte, error)

func MarshalPrivateKey

func MarshalPrivateKey(key *sm2.PrivateKey, oid asn1.ObjectIdentifier) ([]byte, error)

func New

func New(key []byte, t1 int) (cipher.Block, error)

New returns a new rc2 cipher with the given key and effective key length t1

func ParsePKCS8PrivateKey

func ParsePKCS8PrivateKey(der []byte) (key interface{}, err error)

func SM2P12Decrypt

func SM2P12Decrypt(fileName string, pwd string) (*x.Certificate, *sm2.PrivateKey, error)

func SM2P12Encrypt

func SM2P12Encrypt(certificate *x.Certificate, pwd string, priv *sm2.PrivateKey, fileName string) error

func ToPEM

func ToPEM(pfxData []byte, password string) ([]*pem.Block, error)

ConvertToPEM converts all "safe bags" contained in pfxData to PEM blocks.

Types

type NotImplementedError

type NotImplementedError string

NotImplementedError indicates that the input is not currently supported.

func (NotImplementedError) Error

func (e NotImplementedError) Error() string

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL