The Go Programming Language

• Home
•  
• Documents
• Tutorial
• Effective Go
• FAQ
• Language Design FAQ
• Programming FAQ
• Tech talk (1 hour) (PDF)
• Language Specification
• Memory Model
• Go for C++ Programmers
•  
• Programming
• How to install Go
• How to write code
• Command documentation
• Package documentation
• Source files
• The Go project
•  
• Help
• #go-nuts on irc.freenode.net
• Go Nuts mailing list
• Issue tracker
•  
• Go code search
•  
• Last update
• Wed Mar 10 15:23:23 PST 2010

Package x509

import "crypto/x509"

This package parses X.509-encoded keys and certificates.

Package files

x509.go

func CreateCertificate

func CreateCertificate(rand io.Reader, template, parent *Certificate, priv *rsa.PrivateKey) (cert []byte, err os.Error)

CreateSelfSignedCertificate creates a new certificate based on a template. The following members of template are used: SerialNumber, Subject, NotBefore, NotAfter, KeyUsage, BasicConstraintsValid, IsCA, MaxPathLen, SubjectKeyId, DNSNames.

The certificate is signed by parent. If parent is equal to template then the certificate is self-signed.

The returned slice is the certificate in DER encoding.

func MarshalPKCS1PrivateKey

func MarshalPKCS1PrivateKey(key *rsa.PrivateKey) []byte

MarshalPKCS1PrivateKey converts a private key to ASN.1 DER encoded form.

func ParseCertificates

func ParseCertificates(asn1Data []byte) ([]*Certificate, os.Error)

ParseCertificates parses one or more certificates from the given ASN.1 DER data. The certificates must be concatenated with no intermediate padding.

func ParsePKCS1PrivateKey

func ParsePKCS1PrivateKey(der []byte) (key *rsa.PrivateKey, err os.Error)

ParsePKCS1PrivateKey returns an RSA private key from its ASN.1 PKCS#1 DER encoded form.

type Certificate

A Certificate represents an X.509 certificate.

type Certificate struct {
    Raw                []byte // Raw ASN.1 DER contents.
    Signature          []byte
    SignatureAlgorithm SignatureAlgorithm

    PublicKeyAlgorithm PublicKeyAlgorithm
    PublicKey          interface{}

    Version             int
    SerialNumber        []byte
    Issuer              Name
    Subject             Name
    NotBefore, NotAfter *time.Time // Validity bounds.
    KeyUsage            KeyUsage

    BasicConstraintsValid bool // if true then the next two fields are valid.
    IsCA                  bool
    MaxPathLen            int

    SubjectKeyId   []byte
    AuthorityKeyId []byte

    // Subject Alternate Name values
    DNSNames       []string
    EmailAddresses []string
}

func ParseCertificate

func ParseCertificate(asn1Data []byte) (*Certificate, os.Error)

ParseCertificate parses a single certificate from the given ASN.1 DER data.

func (*Certificate) CheckSignatureFrom

func (c *Certificate) CheckSignatureFrom(parent *Certificate) (err os.Error)

CheckSignatureFrom verifies that the signature on c is a valid signature from parent.

func (*Certificate) IsValidForHost

func (c *Certificate) IsValidForHost(h string) bool

IsValidForHost returns true iff c is a valid certificate for the given host.

type ConstraintViolationError

ConstraintViolationError results when a requested usage is not permitted by a certificate. For example: checking a signature when the public key isn't a certificate signing key.

type ConstraintViolationError struct{}

func (ConstraintViolationError) String

func (ConstraintViolationError) String() string

type KeyUsage

KeyUsage represents the set of actions that are valid for a given key. It's a bitmap of the KeyUsage* constants.

type KeyUsage int

const (
    KeyUsageDigitalSignature KeyUsage = 1 << iota
    KeyUsageContentCommitment
    KeyUsageKeyEncipherment
    KeyUsageDataEncipherment
    KeyUsageKeyAgreement
    KeyUsageCertSign
    KeyUsageCRLSign
    KeyUsageEncipherOnly
    KeyUsageDecipherOnly
)

type Name

Name represents an X.509 distinguished name. This only includes the common elements of a DN. Additional elements in the name are ignored.

type Name struct {
    Country, Organization, OrganizationalUnit string
    CommonName, SerialNumber, Locality        string
    Province, StreetAddress, PostalCode       string
}

type PublicKeyAlgorithm

type PublicKeyAlgorithm int

const (
    UnknownPublicKeyAlgorithm PublicKeyAlgorithm = iota
    RSA
)

type SignatureAlgorithm

type SignatureAlgorithm int

const (
    UnknownSignatureAlgorithm SignatureAlgorithm = iota
    MD2WithRSA
    MD5WithRSA
    SHA1WithRSA
    SHA256WithRSA
    SHA384WithRSA
    SHA512WithRSA
)

type UnhandledCriticalExtension

type UnhandledCriticalExtension struct{}

func (UnhandledCriticalExtension) String

func (h UnhandledCriticalExtension) String() string

type UnsupportedAlgorithmError

UnsupportedAlgorithmError results from attempting to perform an operation that involves algorithms that are not currently implemented.

type UnsupportedAlgorithmError struct{}

func (UnsupportedAlgorithmError) String

func (UnsupportedAlgorithmError) String() string

Except as noted, this content is licensed under Creative Commons Attribution 3.0.