Version: v1.3.2 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Oct 29, 2018 License: MPL-2.0, BSD-3-Clause, MIT Imports: 18 Imported by: 0



Package pkcs12 implements some of PKCS#12.

This implementation is distilled from and referenced documents. It is intended for decoding P12/PFX-stored certificates and keys for use with the crypto/tls package.

Copyright 2016 The Go Authors. All rights reserved. Use of this source code is governed by a BSD-style license that can be found in the LICENSE file.




This section is empty.


View Source
var (
	// ErrDecryption represents a failure to decrypt the input.
	ErrDecryption = errors.New("pkcs12: decryption error, incorrect padding")

	// ErrIncorrectPassword is returned when an incorrect password is detected.
	// Usually, P12/PFX data is signed to be able to verify the password.
	ErrIncorrectPassword = errors.New("pkcs12: decryption password incorrect")


func Decode added in v1.1.0

func Decode(pfxData []byte, password string) (privateKey interface{}, certificate *x509.Certificate, err error)

Decode extracts a certificate and private key from pfxData. This function assumes that there is only one certificate and only one private key in the pfxData.

func Encode

func Encode(derBytes []byte, privateKey interface{}, password string) (pfxBytes []byte, err error)

Encode converts a certificate and a private key to the PKCS#12 byte stream format.

derBytes is a DER encoded certificate. privateKey is an RSA

func ToPEM added in v1.1.0

func ToPEM(pfxData []byte, password string) ([]*pem.Block, error)

ConvertToPEM converts all "safe bags" contained in pfxData to PEM blocks.

p12, _ := base64.StdEncoding.DecodeString(`MIIJzgIBAzCCCZQGCS ... CA+gwggPk==`)

blocks, err := ToPEM(p12, "password")
if err != nil {

var pemData []byte
for _, b := range blocks {
	pemData = append(pemData, pem.EncodeToMemory(b)...)

// then use PEM data for tls to construct tls certificate:
cert, err := tls.X509KeyPair(pemData, pemData)
if err != nil {

config := &tls.Config{
	Certificates: []tls.Certificate{cert},

_ = config


type EncodeError

type EncodeError string

func (EncodeError) Error

func (e EncodeError) Error() string

type NotImplementedError

type NotImplementedError string

NotImplementedError indicates that the input is not currently supported.

func (NotImplementedError) Error

func (e NotImplementedError) Error() string


Path Synopsis
Package rc2 implements the RC2 cipher This code is licensed under the MIT license.
Package rc2 implements the RC2 cipher This code is licensed under the MIT license.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL