Documentation

Overview

    Package pkcs12 implements some of PKCS#12.

    This implementation is distilled from https://tools.ietf.org/html/rfc7292 and referenced documents. It is intended for decoding P12/PFX-stored certificates and keys for use with the crypto/tls package.

    This package is frozen. If it's missing functionality you need, consider an alternative like software.sslmate.com/src/go-pkcs12.

    Index

    Examples

    Constants

    This section is empty.

    Variables

    View Source
    var (
    	// ErrDecryption represents a failure to decrypt the input.
    	ErrDecryption = errors.New("pkcs12: decryption error, incorrect padding")
    
    	// ErrIncorrectPassword is returned when an incorrect password is detected.
    	// Usually, P12/PFX data is signed to be able to verify the password.
    	ErrIncorrectPassword = errors.New("pkcs12: decryption password incorrect")
    )

    Functions

    func Decode

    func Decode(pfxData []byte, password string) (privateKey interface{}, certificate *x509.Certificate, err error)

      Decode extracts a certificate and private key from pfxData. This function assumes that there is only one certificate and only one private key in the pfxData; if there are more use ToPEM instead.

      func ToPEM

      func ToPEM(pfxData []byte, password string) ([]*pem.Block, error)

        ToPEM converts all "safe bags" contained in pfxData to PEM blocks. Unknown attributes are discarded.

        Note that although the returned PEM blocks for private keys have type "PRIVATE KEY", the bytes are not encoded according to PKCS #8, but according to PKCS #1 for RSA keys and SEC 1 for ECDSA keys.

        Example

        Code:

        p12, _ := base64.StdEncoding.DecodeString(`MIIJzgIBAzCCCZQGCS ... CA+gwggPk==`)
        
        blocks, err := ToPEM(p12, "password")
        if err != nil {
        	panic(err)
        }
        
        var pemData []byte
        for _, b := range blocks {
        	pemData = append(pemData, pem.EncodeToMemory(b)...)
        }
        
        // then use PEM data for tls to construct tls certificate:
        cert, err := tls.X509KeyPair(pemData, pemData)
        if err != nil {
        	panic(err)
        }
        
        config := &tls.Config{
        	Certificates: []tls.Certificate{cert},
        }
        
        _ = config
        

        Types

        type NotImplementedError

        type NotImplementedError string

          NotImplementedError indicates that the input is not currently supported.

          func (NotImplementedError) Error

          func (e NotImplementedError) Error() string

          Directories

          Path Synopsis
          internal
          rc2
          Package rc2 implements the RC2 cipher https://www.ietf.org/rfc/rfc2268.txt http://people.csail.mit.edu/rivest/pubs/KRRR98.pdf This code is licensed under the MIT license.
          Package rc2 implements the RC2 cipher https://www.ietf.org/rfc/rfc2268.txt http://people.csail.mit.edu/rivest/pubs/KRRR98.pdf This code is licensed under the MIT license.