The Go Programming Language

• Home
•  
• Installing Go
• Go Resources
•  
• Selected Documents
• Tutorial
• Effective Go
• FAQ
• Language Design FAQ
• Programming FAQ
•  
• References
• Language Specification
• Package documentation
• Command documentation
• Source files
•  
• Help & Community
• Go Blog
• Go Nuts mailing list
• #go-nuts on irc.freenode.net
• @go_nuts on Twitter
• gocoding YouTube Channel
• Issue tracker
• Go Wiki
•  
• Go Dashboard
• Build Status
• External Packages
• Benchmarks
•  
•  
• Go code search
•  
• Last update
• Thu Sep 2 03:01:17 PDT 2010
• release.2010-08-25

Package x509

import "crypto/x509"

This package parses X.509-encoded keys and certificates.

Package files

x509.go

func CreateCertificate

func CreateCertificate(rand io.Reader, template, parent *Certificate, pub *rsa.PublicKey, priv *rsa.PrivateKey) (cert []byte, err os.Error)

CreateSelfSignedCertificate creates a new certificate based on a template. The following members of template are used: SerialNumber, Subject, NotBefore, NotAfter, KeyUsage, BasicConstraintsValid, IsCA, MaxPathLen, SubjectKeyId, DNSNames.

The certificate is signed by parent. If parent is equal to template then the certificate is self-signed. The parameter pub is the public key of the signee and priv is the private key of the signer.

The returned slice is the certificate in DER encoding.

func MarshalPKCS1PrivateKey

func MarshalPKCS1PrivateKey(key *rsa.PrivateKey) []byte

MarshalPKCS1PrivateKey converts a private key to ASN.1 DER encoded form.

func ParseCertificates

func ParseCertificates(asn1Data []byte) ([]*Certificate, os.Error)

ParseCertificates parses one or more certificates from the given ASN.1 DER data. The certificates must be concatenated with no intermediate padding.

func ParsePKCS1PrivateKey

func ParsePKCS1PrivateKey(der []byte) (key *rsa.PrivateKey, err os.Error)

ParsePKCS1PrivateKey returns an RSA private key from its ASN.1 PKCS#1 DER encoded form.

type Certificate

A Certificate represents an X.509 certificate.

type Certificate struct {
    Raw                []byte // Raw ASN.1 DER contents.
    Signature          []byte
    SignatureAlgorithm SignatureAlgorithm

    PublicKeyAlgorithm PublicKeyAlgorithm
    PublicKey          interface{}

    Version             int
    SerialNumber        []byte
    Issuer              Name
    Subject             Name
    NotBefore, NotAfter *time.Time // Validity bounds.
    KeyUsage            KeyUsage

    BasicConstraintsValid bool // if true then the next two fields are valid.
    IsCA                  bool
    MaxPathLen            int

    SubjectKeyId   []byte
    AuthorityKeyId []byte

    // Subject Alternate Name values
    DNSNames       []string
    EmailAddresses []string
}

func ParseCertificate

func ParseCertificate(asn1Data []byte) (*Certificate, os.Error)

ParseCertificate parses a single certificate from the given ASN.1 DER data.

func (*Certificate) CheckSignatureFrom

func (c *Certificate) CheckSignatureFrom(parent *Certificate) (err os.Error)

CheckSignatureFrom verifies that the signature on c is a valid signature from parent.

func (*Certificate) IsValidForHost

func (c *Certificate) IsValidForHost(h string) bool

IsValidForHost returns true iff c is a valid certificate for the given host.

type ConstraintViolationError

ConstraintViolationError results when a requested usage is not permitted by a certificate. For example: checking a signature when the public key isn't a certificate signing key.

type ConstraintViolationError struct{}

func (ConstraintViolationError) String

func (ConstraintViolationError) String() string

type KeyUsage

KeyUsage represents the set of actions that are valid for a given key. It's a bitmap of the KeyUsage* constants.

type KeyUsage int

const (
    KeyUsageDigitalSignature KeyUsage = 1 << iota
    KeyUsageContentCommitment
    KeyUsageKeyEncipherment
    KeyUsageDataEncipherment
    KeyUsageKeyAgreement
    KeyUsageCertSign
    KeyUsageCRLSign
    KeyUsageEncipherOnly
    KeyUsageDecipherOnly
)

type Name

Name represents an X.509 distinguished name. This only includes the common elements of a DN. Additional elements in the name are ignored.

type Name struct {
    Country, Organization, OrganizationalUnit string
    CommonName, SerialNumber, Locality        string
    Province, StreetAddress, PostalCode       string
}

type PublicKeyAlgorithm

type PublicKeyAlgorithm int

const (
    UnknownPublicKeyAlgorithm PublicKeyAlgorithm = iota
    RSA
)

type SignatureAlgorithm

type SignatureAlgorithm int

const (
    UnknownSignatureAlgorithm SignatureAlgorithm = iota
    MD2WithRSA
    MD5WithRSA
    SHA1WithRSA
    SHA256WithRSA
    SHA384WithRSA
    SHA512WithRSA
)

type UnhandledCriticalExtension

type UnhandledCriticalExtension struct{}

func (UnhandledCriticalExtension) String

func (h UnhandledCriticalExtension) String() string

type UnsupportedAlgorithmError

UnsupportedAlgorithmError results from attempting to perform an operation that involves algorithms that are not currently implemented.

type UnsupportedAlgorithmError struct{}

func (UnsupportedAlgorithmError) String

func (UnsupportedAlgorithmError) String() string

Except as noted, this content is licensed under Creative Commons Attribution 3.0.