var ErrNoCerts = errNoCerts{}
func ParseAnyPrivateKey(blob []byte, prompt passprompt.PasswordGetter) (crypto.PrivateKey, error)
Parse and decrypt a private key. It can be a RSA or ECDA key in PKCS#1 or PKCS#8 format and DER or PEM encoding, or it can be a PGP private key. If the private key is encrypted then the given prompter will be invoked to ask for the passphrase, if provided.
func ParseX509Certificates(blob []byte) ([]*x509.Certificate, error)
ParseX509Certificates parses a blob in PEM or DER, X509 or PKCS#7 format and returns a list of certificates
type AnyCerts struct {
X509Certs []*x509.Certificate
PGPCerts openpgp.EntityList
}
func LoadAnyCerts(paths []string) (any AnyCerts, err error)
Load X509 and/or PGP certificates from the named file paths
A bundle of X509 certificate chain and/or PGP certificate, with optional private key
type Certificate struct {
Leaf *x509.Certificate
Certificates []*x509.Certificate
PgpKey *openpgp.Entity
PrivateKey crypto.PrivateKey
Timestamper pkcs9.Timestamper
KeyName string
}
func LoadTokenCertificates(key crypto.PrivateKey, x509cert, pgpcert string) (*Certificate, error)
Load X509 and/or PGP certificates from named paths and return a Certificate structure together with the given private key
func LoadX509KeyPair(certFile, keyFile string) (*Certificate, error)
Load a X509 private key and certificate
func ParsePKCS12(blob []byte, prompt passprompt.PasswordGetter) (*Certificate, error)
func (s *Certificate) Chain() []*x509.Certificate
Return the X509 certificates in the chain up to, but not including, the root CA certificate
func (s *Certificate) Issuer() *x509.Certificate
Return the certificate that issued the leaf certificate
func (s *Certificate) Signer() crypto.Signer
Return the private key in the form of a crypto.Signer
func (s *Certificate) TLS() tls.Certificate
Return a tls.Certificate structure containing the X509 certificate chain and private key