Package pkcs12

Variables

var (
    // ErrDecryption represents a failure to decrypt the input.
    ErrDecryption = errors.New("pkcs12: decryption error, incorrect padding")

    // ErrIncorrectPassword is returned when an incorrect password is detected.
    // Usually, P12/PFX data is signed to be able to verify the password.
    ErrIncorrectPassword = errors.New("pkcs12: decryption password incorrect")
)

func Decode ¶

func Decode(pfxData []byte, password string) (privateKey interface{}, certificate *x509.Certificate, err error)

Decode extracts a certificate and private key from pfxData. This function assumes that there is only one certificate and only one private key in the pfxData; if there are more use ToPEM instead.

func ToPEM ¶

func ToPEM(pfxData []byte, password string) ([]*pem.Block, error)

ToPEM converts all "safe bags" contained in pfxData to PEM blocks. Unknown attributes are discarded.

Note that although the returned PEM blocks for private keys have type "PRIVATE KEY", the bytes are not encoded according to PKCS #8, but according to PKCS #1 for RSA keys and SEC 1 for ECDSA keys.

p12, _ := base64.StdEncoding.DecodeString(`MIIJzgIBAzCCCZQGCS ... CA+gwggPk==`)

blocks, err := ToPEM(p12, "password")
if err != nil {
    panic(err)
}

var pemData []byte
for _, b := range blocks {
    pemData = append(pemData, pem.EncodeToMemory(b)...)
}

// then use PEM data for tls to construct tls certificate:
cert, err := tls.X509KeyPair(pemData, pemData)
if err != nil {
    panic(err)
}

config := &tls.Config{
    Certificates: []tls.Certificate{cert},
}

_ = config

type NotImplementedError ¶

NotImplementedError indicates that the input is not currently supported.

type NotImplementedError string

func (NotImplementedError) Error ¶

func (e NotImplementedError) Error() string

Subdirectories