...

Package pkcs12

import "github.com/tjfoc/gmsm/pkcs12"
Overview
Index

Overview ▾

Package go-pkcs12 implements some of PKCS#12.

This implementation is distilled from https://tools.ietf.org/html/rfc7292 and referenced documents. It is intended for decoding P12/PFX-stored certificates and keys for use with the crypto/tls package.

Package rc2 implements the RC2 cipher

https://www.ietf.org/rfc/rfc2268.txt http://people.csail.mit.edu/rivest/pubs/KRRR98.pdf

This code is licensed under the MIT license.

Constants

The rc2 block size in bytes 

const BlockSize = 8

Variables

var (
    // ErrDecryption represents a failure to decrypt the input.
    ErrDecryption = errors.New("go-pkcs12: decryption error, incorrect padding")

    // ErrIncorrectPassword is returned when an incorrect password is detected.
    // Usually, P12/PFX data is signed to be able to verify the password.
    ErrIncorrectPassword = errors.New("go-pkcs12: decryption password incorrect")
)

func Decode 

func Decode(pfxData []byte, password string) (privateKey interface{}, certificate *x509.Certificate, err error)

Decode extracts a certificate and private key from pfxData. This function assumes that there is only one certificate and only one private key in the pfxData.

func DecodeAll 

func DecodeAll(pfxData []byte, password string) (privateKey interface{}, certificate []*x.Certificate, err error)

DecodeAll extracts all certificates and a private key from pfxData.

func Encode 

func Encode(privateKey interface{}, certificate *x.Certificate, caCerts []*x509.Certificate, password string) (pfxData []byte, err error)

Encode produces pfxData containing one private key, an end-entity certificate, and any number of CA certificates. It emulates the behavior of OpenSSL's PKCS12_create: it creates two SafeContents: one that's encrypted with RC2 and contains the certificates, and another that is unencrypted and contains the private key shrouded with 3DES. The private key bag and the end-entity certificate bag have the LocalKeyId attribute set to the SHA-1 fingerprint of the end-entity certificate.

func MarshalECPrivateKey 

func MarshalECPrivateKey(key *sm2.PrivateKey) ([]byte, error)

func MarshalPrivateKey 

func MarshalPrivateKey(key *sm2.PrivateKey, oid asn1.ObjectIdentifier) ([]byte, error)

func New 

func New(key []byte, t1 int) (cipher.Block, error)

New returns a new rc2 cipher with the given key and effective key length t1

func ParsePKCS8PrivateKey 

func ParsePKCS8PrivateKey(der []byte) (key interface{}, err error)

func SM2P12Decrypt 

func SM2P12Decrypt(fileName string, pwd string) (*x.Certificate, *sm2.PrivateKey, error)

func SM2P12Encrypt 

func SM2P12Encrypt(certificate *x.Certificate, pwd string, priv *sm2.PrivateKey, fileName string) error

func ToPEM 

func ToPEM(pfxData []byte, password string) ([]*pem.Block, error)

ConvertToPEM converts all "safe bags" contained in pfxData to PEM blocks.

type NotImplementedError

NotImplementedError indicates that the input is not currently supported. 

type NotImplementedError string

func (NotImplementedError) Error 

func (e NotImplementedError) Error() string