Documentation ¶
Overview ¶
Package crypto wraps go's builtin crypto libraries to make common operations easier. It also helps reduce the number of crypto/etc imports that must be put in each file.
Index ¶
Constants ¶
const ( Md5 = builtin.MD5 Sha256 = builtin.SHA256 Sha256WithRsa = x509.SHA256WithRSA )
const ( PemX509 = PemType("CERTIFICATE") PemX509Pair = PemType("CERTIFICATE PAIR") PemX509Trusted = PemType("TRUSTED CERTIFICATE") PemCertRequest = PemType("CERTIFICATE REQUEST") PemRsaPrivate = PemType("RSA PRIVATE KEY") PemDsaPrivate = PemType("DSA PRIVATE KEY") PemPkcs7 = PemType("PKCS7") PemPkcs8 = PemType("ENCRYPTED PRIVATE KEY") PemPkcs8Info = PemType("PRIVATE KEY") PemDhParams = PemType("DH PARAMETERS") PemSslParams = PemType("SSL SESSION PARAMETERS") PemDsaParams = PemType("DSA PARAMETERS") PemEcParams = PemType("EC PARAMETERS") PemEcPrivate = PemType("EC PRIVATE KEY") )
Variables ¶
This section is empty.
Functions ¶
func MustGenerateRsaKey ¶
func MustGenerateRsaKey(size int) *rsa.PrivateKey
MustGenerateRsaKey wraps rsa.GenerateKey but panics if a key cannot be generated. It simplifies key generation in unittests and one-off scripts.
func SignSha256 ¶
func SignSha256(key PrivateKey, msg []byte) (signature []byte, err error)
SignSha256 accepts a message and an ECDSA or RSA private key and returns a signature of the digest.
N.B. When using an RSA key, PKCS1 v1.5 signatures are preferred over PSS, because PSS is still doesn't seem widely supported/tested in the wild (Feb 2016), and additionally there are no known defects of PKCS1 v1.5. To sign with PSS, import the crypto/rsa and use rsa.SignPSS/VerifyPSS.
Types ¶
type Certificate ¶
type Certificate *x509.Certificate
Redeclare so they don't have to be imported
func LoadCertificate ¶
func LoadCertificate(path string) (Certificate, error)
LoadCertificate loads an X509 certificate in PEM format.
func MustLoadCertificate ¶
func MustLoadCertificate(path string) Certificate
MustLoadCertificate is like LoadCertificate but panics if the key cannot be loaded. It simplifies safe intialization of global variables.
type KeyTypeError ¶
type KeyTypeError struct {
Key PrivateKey
}
func (*KeyTypeError) Error ¶
func (err *KeyTypeError) Error() string
type PemTypeError ¶
func (*PemTypeError) Error ¶
func (err *PemTypeError) Error() string
type PrivateKey ¶
type PrivateKey builtin.PrivateKey
func LoadPrivateKey ¶
func LoadPrivateKey(path string) (PrivateKey, error)
LoadPrivateKey loads an RSA or ECDSA private key in PEM format. It may be wrapped in unencrypted PKCS8 format, but DES keys are not supported.
func MustLoadPrivateKey ¶
func MustLoadPrivateKey(path string) PrivateKey
MustLoadPrivateKey is like LoadPrivateKey but panics if the key cannot be loaded. It simplifies safe intialization of global variables.