keystore

README

Keystore

A go (golang) implementation of Java KeyStore encoder/decoder

Example

package main

import (
	"crypto/rsa"
	"crypto/x509"
	"github.com/pavel-v-chernykh/keystore-go"
	"log"
	"os"
	"reflect"
)

func readKeyStore(filename, password string) keystore.KeyStore {
	f, err := os.Open(filename)
	defer f.Close()
	if err != nil {
		log.Fatal(err)
	}
	keyStore, err := keystore.Decode(f, password)
	if err != nil {
		log.Fatal(err)
	}
	return keyStore
}

func writeKeyStore(keyStore keystore.KeyStore, filename, password string) {
	o, err := os.Create(filename)
	defer o.Close()
	if err != nil {
		log.Fatal(err)
	}
	err = keystore.Encode(o, keyStore, password)
	if err != nil {
		log.Fatal(err)
	}
}

func main() {
	ks1 := readKeyStore("keystore1.jks", "password")

	writeKeyStore(ks1, "keystore2.jks", "password")

	ks2 := readKeyStore("keystore2.jks", "password")

	entry := ks1["alias"]
	privKeyEntry := entry.(*keystore.PrivateKeyEntry)
	key, err := x509.ParsePKCS8PrivateKey(privKeyEntry.PrivKey)
	if err != nil {
		log.Fatal(err)
	}
	_, ok := key.(*rsa.PrivateKey)
	if !ok {
		log.Fatal("Should be a rsa private key")
	}

	log.Printf("Is equal: %v\n", reflect.DeepEqual(ks1, ks2))
}

Documentation

Index

• Variables
• func Encode(w io.Writer, ks KeyStore, password string) error
• type Certificate
• type Entry
• type KeyStore
  • func Decode(r io.Reader, password string) (KeyStore, error)
• type PrivateKeyEntry
• type TrustedCertificateEntry

Variables

var ErrEncodedSequenceTooLong = errors.New("Encoded sequence too long")

ErrEncodedSequenceTooLong indicates that size of string or bytes trying to encode too big

var ErrIncorrectEntryType = errors.New("Incorrect entry type")

ErrIncorrectEntryType indicates incorrect entry type addressing

var ErrIncorrectMagic = errors.New("Invalid keystore format")

ErrIncorrectMagic indicates incorrect file magic

var ErrIncorrectPrivateKey = errors.New("Invalid private key format")

ErrIncorrectPrivateKey indicates incorrect private key entry content

var ErrIncorrectTag = errors.New("Invalid keystore format")

ErrIncorrectTag indicates incorrect keystore entry tag

var ErrIncorrectVersion = errors.New("Invalid keystore format")

ErrIncorrectVersion indicates incorrect keystore version format

var ErrInvalidDigest = errors.New("Invalid digest")

ErrTemperedKeyStore indicates that keystore was tampered or password was incorrect

var ErrIo = errors.New("Invalid keystore format")

ErrIo indicates i/o error

var ErrUnrecoverablePrivateKey = errors.New("Unrecoverable private key")

ErrUnrecoverablePrivateKey indicates unrecoverable private key content (often means wrong password usage)

var ErrUnsupportedPrivateKeyAlgorithm = errors.New("Unsupported private key algorithm")

ErrUnsupportedPrivateKeyAlgorithm indicates unsupported private key algorithm

Functions

func Encode

func Encode(w io.Writer, ks KeyStore, password string) error

Types

type Certificate

type Certificate struct {
	Type    string
	Content []byte
}

Certificate describes type of certificate

type Entry

type Entry struct {
	CreationDate time.Time
}

Entry is a basis of entries types supported by keystore

type KeyStore

type KeyStore map[string]interface{}

KeyStore is a mapping of alias to pointer to PrivateKeyEntry or TrustedCertificateEntry

func Decode

func Decode(r io.Reader, password string) (KeyStore, error)

Decode reads and decrypts keystore entries using password

type PrivateKeyEntry

type PrivateKeyEntry struct {
	Entry
	PrivKey   []byte
	CertChain []Certificate
}

PrivateKeyEntry is an entry for private keys and associated certificates

type TrustedCertificateEntry

type TrustedCertificateEntry struct {
	Entry
	Certificate Certificate
}

TrustedCertificateEntry is an entry for certificates only