### Configure PKCS#12 Encoder with KDF Iterations Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Use WithIterations to create a new Encoder that uses a specified number of KDF iterations for key derivation. This affects the security of the generated PKCS#12 file. Panics if iterations is less than 1. ```go func (enc Encoder) WithIterations(iterations int) *Encoder ``` -------------------------------- ### Configure PKCS#12 Encoder with Custom Random Number Generator Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Use WithRand to create a new Encoder that utilizes a provided io.Reader for its random number generation, replacing the default crypto/rand.Reader. This is useful for testing or specific cryptographic needs. ```go func (enc Encoder) WithRand(rand io.Reader) *Encoder ``` -------------------------------- ### Import go-pkcs12 Package Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 This snippet shows the correct import path for the go-pkcs12 package. Ensure you use this path when importing the package in your Go projects. ```go import "software.sslmate.com/src/go-pkcs12" ``` -------------------------------- ### WithIterations Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Creates a new Encoder with a specified number of KDF iterations for key derivation. Panics if iterations is less than 1. ```APIDOC ## func (Encoder) WithIterations ### Description WithIterations creates a new Encoder identical to enc except that it will use the given number of KDF iterations for deriving the MAC and encryption keys. Note that even with a large number of iterations, a weak password can still be brute-forced in much less time than it would take to brute-force a high-entropy encrytion key. For the best security, don't worry about the number of iterations and just use a high-entropy password (e.g. one generated with `openssl rand -hex 16`). See https://neilmadden.blog/2023/01/09/on-pbkdf2-iterations/ for more detail. Panics if iterations is less than 1. ### Method *Not specified in source* ### Endpoint *Not specified in source* ### Parameters #### Path Parameters *None specified* #### Query Parameters *None specified* #### Request Body *None specified* ### Request Example *None specified* ### Response #### Success Response *None specified* #### Response Example *None specified* ``` -------------------------------- ### Encode PKCS#12 File with Encoder Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Produces PKCS#12 data with a private key, end-entity certificate, and CA certificates. Encrypts and authenticates using keys derived from the password. ```go func (enc *Encoder) Encode(privateKey interface{}, certificate *x509.Certificate, caCerts []*x509.Certificate, password string) (pfxData []byte, err error) ``` -------------------------------- ### Legacy PKCS#12 Encoder Configuration Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Represents a PKCS#12 encoder using weak, legacy parameters for broad software compatibility. This encoder is recommended for legacy applications. ```go var Legacy = LegacyDES ``` -------------------------------- ### Passwordless Encoder Configuration Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Defines a Passwordless encoder where MAC, certificate, and key algorithms are not specified (nil). This encoder is suitable for scenarios where password protection is not required or handled externally. ```go var Passwordless = &Encoder{ macAlgorithm: nil, certAlgorithm: nil, keyAlgorithm: nil, rand: rand.Reader, } ``` -------------------------------- ### LegacyDES PKCS#12 Encoder Details Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Defines the specific parameters for the LegacyDES PKCS#12 encoder, including algorithms and iteration counts. Due to weak encryption, use with caution and protect files externally. ```go var LegacyDES = &Encoder{ macAlgorithm: oidSHA1, certAlgorithm: oidPBEWithSHAAnd3KeyTripleDESCBC, keyAlgorithm: oidPBEWithSHAAnd3KeyTripleDESCBC, macIterations: 1, encryptionIterations: 2048, saltLen: 8, rand: rand.Reader, } ``` -------------------------------- ### Convert PKCS#12 to PEM (Deprecated) Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Deprecated function to convert PKCS#12 data to PEM blocks. Creates invalid PEM blocks; use DecodeChain and encoding/pem instead. ```go func ToPEM(pfxData []byte, password string) ([]*pem.Block, error) ``` -------------------------------- ### Default PKCS#12 Password Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Defines the default password used for PKCS#12 files. This is a commonly used default. ```go const DefaultPassword = "changeit" ``` -------------------------------- ### WithRand Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Creates a new Encoder using a specified io.Reader for its random number generator. ```APIDOC ## func (Encoder) WithRand ### Description WithRand creates a new Encoder identical to enc except that it will use the given io.Reader for its random number generator instead of crypto/rand.Reader. ### Method *Not specified in source* ### Endpoint *Not specified in source* ### Parameters #### Path Parameters *None specified* #### Query Parameters *None specified* #### Request Body *None specified* ### Request Example *None specified* ### Response #### Success Response *None specified* #### Response Example *None specified* ``` -------------------------------- ### Decode PKCS#12 File Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Extracts a single certificate and private key from DER-encoded PKCS#12 data. Use DecodeChain for files with multiple certificates. ```go func Decode(pfxData []byte, password string) (privateKey interface{}, certificate *x509.Certificate, err error) ``` -------------------------------- ### LegacyRC2 Encoder Configuration Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Defines the LegacyRC2 encoder for PKCS#12 files using PBE with RC2 for certificates and PBE with 3DES for keys, with HMAC-SHA-1. This configuration is compatible with older software, including OpenSSL before 3.0.0 and Java keystore.pkcs12.legacy. It uses 2048 iterations for key derivation. ```go var LegacyRC2 = &Encoder{ macAlgorithm: oidSHA1, certAlgorithm: oidPBEWithSHAAnd40BitRC2CBC, keyAlgorithm: oidPBEWithSHAAnd3KeyTripleDESCBC, macIterations: 1, encryptionIterations: 2048, saltLen: 8, rand: rand.Reader, } ``` -------------------------------- ### Encoder.WithIterations Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Returns a new Encoder with the specified number of iterations for key derivation. This allows customization of the encryption strength, though PKCS#12 is inherently weak. ```APIDOC ## Encoder.WithIterations ### Description Returns a new `Encoder` with the specified number of iterations for key derivation. This method allows customization of the encryption parameters. ### Method *Encoder*.WithIterations ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Parameters * `iterations` (int) - The number of iterations to use for key derivation. ### Returns * `*Encoder` - A new `Encoder` instance with the updated iteration count. ``` -------------------------------- ### EncodeTrustStoreEntries Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Produces pfxData for Java TrustStores, allowing custom Friendly Names (Aliases) for each certificate via TrustStoreEntry. ```APIDOC ## func (*Encoder) EncodeTrustStoreEntries ### Description EncodeTrustStoreEntries produces pfxData containing any number of CA certificates (entries) to be trusted. The certificates will be marked with a special OID that allow it to be used as a Java TrustStore in Java 1.8 and newer. This is identical to Encoder.EncodeTrustStore, but also allows for setting specific Friendly Names (Aliases) to be used per certificate, by specifying a slice of TrustStoreEntry. If the same Friendly Name is used for more than one certificate, then the resulting Friendly Names (Aliases) in the pfxData will be identical, which Java may treat as the same entry when used as a Java TrustStore, e.g. with `keytool`. EncodeTrustStoreEntries creates a single SafeContents that's optionally encrypted and contains the certificates. ### Method *Not specified in source* ### Endpoint *Not specified in source* ### Parameters #### Path Parameters *None specified* #### Query Parameters *None specified* #### Request Body *None specified* ### Request Example *None specified* ### Response #### Success Response *None specified* #### Response Example *None specified* ``` -------------------------------- ### Encode CA Certificates with Custom Aliases to PKCS#12 Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Use EncodeTrustStoreEntries to create PKCS#12 data with specific friendly names (aliases) for each CA certificate. This is useful when certificates might share subjects but require distinct aliases in the Java TrustStore. ```go func (enc *Encoder) EncodeTrustStoreEntries(entries []TrustStoreEntry, password string) (pfxData []byte, err error) ``` -------------------------------- ### PKCS#12 Error Variables Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Provides standard error variables for decryption failures and incorrect passwords. These errors indicate specific issues during PKCS#12 operations. ```go var ( // ErrDecryption represents a failure to decrypt the input. ErrDecryption = errors.New("pkcs12: decryption error, incorrect padding") // ErrIncorrectPassword is returned when an incorrect password is detected. // Usually, P12/PFX data is signed to be able to verify the password. ErrIncorrectPassword = errors.New("pkcs12: decryption password incorrect") ) ``` -------------------------------- ### New RC2 Cipher Function Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12/internal/rc2 Creates a new RC2 cipher instance with a given key and effective key length. This function is used to initialize the cipher for encryption or decryption. ```go func New(key []byte, t1 int) (cipher.Block, error) ``` -------------------------------- ### Decode PKCS#12 File with CA Chain Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Extracts a leaf certificate, CA certificate chain, and private key from DER-encoded PKCS#12 data. Assumes at least one certificate and one private key. ```go func DecodeChain(pfxData []byte, password string) (privateKey interface{}, certificate *x509.Certificate, caCerts []*x509.Certificate, err error) ``` -------------------------------- ### EncodeTrustStore Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Produces pfxData containing CA certificates to be trusted, suitable for Java TrustStores. Certificates are marked with a special OID. Subject names are used as Friendly Names (Aliases). ```APIDOC ## func (enc *Encoder) EncodeTrustStore ### Description EncodeTrustStore produces pfxData containing any number of CA certificates (certs) to be trusted. The certificates will be marked with a special OID that allow it to be used as a Java TrustStore in Java 1.8 and newer. EncodeTrustStore creates a single SafeContents that's optionally encrypted and contains the certificates. The Subject of the certificates are used as the Friendly Names (Aliases) within the resulting pfxData. If certificates share a Subject, then the resulting Friendly Names (Aliases) will be identical, which Java may treat as the same entry when used as a Java TrustStore, e.g. with `keytool`. To customize the Friendly Names, use EncodeTrustStoreEntries. ### Method *Not specified in source* ### Endpoint *Not specified in source* ### Parameters #### Path Parameters *None specified* #### Query Parameters *None specified* #### Request Body *None specified* ### Request Example *None specified* ### Response #### Success Response *None specified* #### Response Example *None specified* ``` -------------------------------- ### Decode PKCS#12 File with Chain Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Extracts a certificate, CA certificate chain, and private key from DER-encoded PKCS#12 data. Assumes at least one certificate and one private key. ```APIDOC ## func DecodeChain ### Description DecodeChain extracts a certificate, a CA certificate chain, and private key from pfxData, which must be a DER-encoded PKCS#12 file. This function assumes that there is at least one certificate and only one private key in the pfxData. The first certificate is assumed to be the leaf certificate, and subsequent certificates, if any, are assumed to comprise the CA certificate chain. ### Signature ```go func DecodeChain(pfxData []byte, password string) (privateKey interface{}, certificate *x509.Certificate, caCerts []*x509.Certificate, err error) ``` ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Parameters - **pfxData** ([]byte) - The DER-encoded PKCS#12 file data. - **password** (string) - The password for the PKCS#12 file. ### Returns - **privateKey** (interface{}) - The extracted private key. - **certificate** (*x509.Certificate) - The leaf certificate. - **caCerts** ([]*x509.Certificate) - A slice of CA certificates forming the chain. - **err** (error) - An error if the decoding fails. ``` -------------------------------- ### Decode PKCS#12 File Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Decodes a DER-encoded PKCS#12 file to extract the private key and certificate. It is recommended not to use this for new applications due to weak encryption primitives. ```APIDOC ## Decode PKCS#12 File ### Description Decodes a DER-encoded PKCS#12 file, returning the private key and the first certificate in the chain. This function is intended for use with the `crypto/tls` package. ### Function Signature `func Decode(pfxData []byte, password string) (privateKey interface{}, certificate *x509.Certificate, err error)` ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Parameters * `pfxData` ([]byte) - The DER-encoded PKCS#12 file data. * `password` (string) - The password to decrypt the PKCS#12 file. ### Returns * `privateKey` (interface{}) - The decoded private key. * `certificate` (*x509.Certificate) - The decoded certificate. * `err` (error) - An error if the decoding fails. ``` -------------------------------- ### Modern2026 Encoder Configuration Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Defines the Modern2026 encoder using PBES2 with PBKDF2-HMAC-SHA-256 and AES-256-CBC for encryption, and PBMAC1 with PBKDF2-HMAC-SHA-256 and HMAC-SHA256 for MAC. This configuration is considered modern as of 2026 and is compatible with OpenSSL 3.4.0+ and Java 26+. ```go var Modern2026 = &Encoder{ macAlgorithm: oidPBMAC1, certAlgorithm: oidPBES2, keyAlgorithm: oidPBES2, macIterations: 2048, encryptionIterations: 2048, saltLen: 16, rand: rand.Reader, } ``` -------------------------------- ### Encoder.EncodeTrustStore Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Encodes a slice of certificates into a DER-encoded PKCS#12 file for trust store usage, using the encoder's configuration. PKCS#12 is not recommended for new applications. ```APIDOC ## Encoder.EncodeTrustStore ### Description Encodes a slice of `x509.Certificate` objects into a DER-encoded PKCS#12 file, suitable for trust store usage, using the configuration of the `Encoder`. ### Method *Encoder*.EncodeTrustStore ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Parameters * `certs` ([]*x509.Certificate) - A slice of certificates to encode. * `password` (string) - The password to protect the PKCS#12 file. ### Returns * `pfxData` ([]byte) - The DER-encoded PKCS#12 file data. * `err` (error) - An error if the encoding fails. ``` -------------------------------- ### Modern2023 Encoder Configuration Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Defines the Modern2023 encoder using PBES2 with PBKDF2-HMAC-SHA-256 and AES-256-CBC for encryption, and HMAC-SHA-2 for MAC. This configuration is considered modern as of 2023 and is compatible with OpenSSL 1.1.1+, Java 12+, and Windows Server 2019+. ```go var Modern2023 = &Encoder{ macAlgorithm: oidSHA256, certAlgorithm: oidPBES2, keyAlgorithm: oidPBES2, macIterations: 2048, encryptionIterations: 2048, saltLen: 16, rand: rand.Reader, } ``` -------------------------------- ### Implement Error Method for NotImplementedError Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 The Error method provides a string representation for the NotImplementedError type, fulfilling the error interface. ```go func (e NotImplementedError) Error() string ``` -------------------------------- ### Decode PKCS#12 File with Chain Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Decodes a DER-encoded PKCS#12 file to extract the private key and the entire certificate chain. Use with caution due to weak encryption. ```APIDOC ## Decode PKCS#12 File with Chain ### Description Decodes a DER-encoded PKCS#12 file, returning the private key, the first certificate, and potentially other certificates in the chain. This function is useful for applications that require the full certificate chain. ### Function Signature `func DecodeChain(pfxData []byte, password string) (privateKey interface{}, certificate *x509.Certificate, ...)` ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Parameters * `pfxData` ([]byte) - The DER-encoded PKCS#12 file data. * `password` (string) - The password to decrypt the PKCS#12 file. ### Returns * `privateKey` (interface{}) - The decoded private key. * `certificate` (*x509.Certificate) - The first decoded certificate. * `...` - Additional return values may include other certificates in the chain and an error. ``` -------------------------------- ### Encode PKCS#12 Trust Store (Deprecated) Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Deprecated function for encoding PKCS#12 trust stores. Use Passwordless.EncodeTrustStore for passwordless generation. ```go func EncodeTrustStore(rand io.Reader, certs []*x509.Certificate, password string) (pfxData []byte, err error) ``` -------------------------------- ### Decode PKCS#12 File Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Extracts a single certificate and private key from DER-encoded PKCS#12 data. Assumes only one certificate and private key are present. ```APIDOC ## func Decode ### Description Decode extracts a certificate and private key from pfxData, which must be a DER-encoded PKCS#12 file. This function assumes that there is only one certificate and only one private key in the pfxData. Since PKCS#12 files often contain more than one certificate, you probably want to use DecodeChain instead. ### Signature ```go func Decode(pfxData []byte, password string) (privateKey interface{}, certificate *x509.Certificate, err error) ``` ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Parameters - **pfxData** ([]byte) - The DER-encoded PKCS#12 file data. - **password** (string) - The password for the PKCS#12 file. ### Returns - **privateKey** (interface{}) - The extracted private key. - **certificate** (*x509.Certificate) - The extracted certificate. - **err** (error) - An error if the decoding fails. ``` -------------------------------- ### Encode PKCS#12 File (Deprecated) Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Deprecated function for encoding PKCS#12 files. Use specific encoder methods for better compatibility or security. ```go func Encode(rand io.Reader, privateKey interface{}, certificate *x509.Certificate, caCerts []*x509.Certificate, password string) (pfxData []byte, err error) ``` -------------------------------- ### Encode PKCS#12 Trust Store Entries (Deprecated) Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Deprecated function for encoding PKCS#12 trust store entries. Use Passwordless.EncodeTrustStoreEntries for passwordless generation. ```go func EncodeTrustStoreEntries(rand io.Reader, entries []TrustStoreEntry, password string) (pfxData []byte, err error) ``` -------------------------------- ### Encoder.Encode Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Encodes a private key and certificate into a DER-encoded PKCS#12 file using the encoder's configuration. Note that PKCS#12 uses weak encryption. ```APIDOC ## Encoder.Encode ### Description Encodes a private key and a certificate into a DER-encoded PKCS#12 file using the configuration of the `Encoder`. ### Method *Encoder*.Encode ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Parameters * `privateKey` (interface{}) - The private key to encode. * `certificate` (*x509.Certificate) - The certificate to encode. * `...` - Additional parameters may be required. ### Returns * `pfxData` ([]byte) - The DER-encoded PKCS#12 file data. * `err` (error) - An error if the encoding fails. ``` -------------------------------- ### Encode PKCS#12 Trust Store with Encoder Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Encodes PKCS#12 data for a trust store using the Encoder. This method is part of the Encoder type. ```go func (enc *Encoder) EncodeTrustStore(rand io.Reader, certs []*x509.Certificate, password string) (pfxData []byte, err error) ``` -------------------------------- ### Encoder.EncodeTrustStoreEntries Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Encodes a slice of `TrustStoreEntry` objects into a DER-encoded PKCS#12 file using the encoder's configuration. PKCS#12 is not recommended for new applications. ```APIDOC ## Encoder.EncodeTrustStoreEntries ### Description Encodes a slice of `TrustStoreEntry` objects into a DER-encoded PKCS#12 file using the configuration of the `Encoder`. ### Method *Encoder*.EncodeTrustStoreEntries ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Parameters * `entries` ([]TrustStoreEntry) - A slice of `TrustStoreEntry` objects to encode. * `password` (string) - The password to protect the PKCS#12 file. ### Returns * `pfxData` ([]byte) - The DER-encoded PKCS#12 file data. * `err` (error) - An error if the encoding fails. ``` -------------------------------- ### Encoder.Encode Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Produces PKCS#12 data containing a private key, end-entity certificate, and CA certificates, encrypted with a password. ```APIDOC ## func (*Encoder) Encode ### Description Encode produces pfxData containing one private key (privateKey), an end-entity certificate (certificate), and any number of CA certificates (caCerts). The pfxData is encrypted and authenticated with keys derived from the provided password. Encode emulates the behavior of OpenSSL's PKCS12_create: it creates two SafeContents: one that's encrypted with the certificate encryption algorithm and contains the certificates, and another that is unencrypted and contains the private key shrouded with the key encryption algorithm. The private key bag and the end-entity certificate bag have the LocalKeyId attribute set to the SHA-1 fingerprint of the end-entity certificate. ### Signature ```go func (enc *Encoder) Encode(privateKey interface{}, certificate *x509.Certificate, caCerts []*x509.Certificate, password string) (pfxData []byte, err error) ``` ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Parameters - **enc** (*Encoder) - The Encoder instance. - **privateKey** (interface{}) - The private key to encode. - **certificate** (*x509.Certificate) - The end-entity certificate. - **caCerts** ([]*x509.Certificate) - A slice of CA certificates. - **password** (string) - The password for the PKCS#12 file. ### Returns - **pfxData** ([]byte) - The DER-encoded PKCS#12 file data. - **err** (error) - An error if the encoding fails. ``` -------------------------------- ### Encode CA Certificates to PKCS#12 Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Use EncodeTrustStore to produce PKCS#12 data containing CA certificates for Java TrustStores. The certificate subjects are used as aliases. This function is suitable when custom aliases are not required. ```go func (enc *Encoder) EncodeTrustStore(certs []*x509.Certificate, password string) (pfxData []byte, err error) ``` -------------------------------- ### Encode PKCS#12 File (Deprecated) Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Encodes a private key and certificate into a DER-encoded PKCS#12 file. This function is deprecated and should not be used for new applications. ```APIDOC ## Encode PKCS#12 File (Deprecated) ### Description Encodes a private key and a certificate into a DER-encoded PKCS#12 file. This function is deprecated due to the use of weak encryption primitives in PKCS#12. ### Function Signature `func Encode(rand io.Reader, privateKey interface{}, certificate *x509.Certificate, ...) (pfxData []byte, err error)` ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Parameters * `rand` (io.Reader) - A random number generator. * `privateKey` (interface{}) - The private key to encode. * `certificate` (*x509.Certificate) - The certificate to encode. * `...` - Additional parameters may be required. ### Returns * `pfxData` ([]byte) - The DER-encoded PKCS#12 file data. * `err` (error) - An error if the encoding fails. ``` -------------------------------- ### Decode PKCS#12 Trust Store Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Extracts certificates from DER-encoded PKCS#12 data specifically formatted as a Java trust anchor. Handles passwordless or empty password files. ```go func DecodeTrustStore(pfxData []byte, password string) (certs []*x509.Certificate, err error) ``` -------------------------------- ### Encoder.WithRand Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Returns a new Encoder with a custom random number generator. This is useful for testing or specific cryptographic needs. ```APIDOC ## Encoder.WithRand ### Description Returns a new `Encoder` with a custom random number generator. This method is useful for controlling the source of randomness during encoding, such as for testing purposes. ### Method *Encoder*.WithRand ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Parameters * `rand` (io.Reader) - The custom random number generator to use. ### Returns * `*Encoder` - A new `Encoder` instance with the updated random number generator. ``` -------------------------------- ### Encoder Type for PKCS#12 Encoding Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Represents an encoder for PKCS#12 files with various parameters. Safe for concurrent use. ```go type Encoder struct { // contains filtered or unexported fields } ``` -------------------------------- ### func New(key []byte, t1 int) (cipher.Block, error) Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12/internal/rc2 New returns a new rc2 cipher with the given key and effective key length t1. The RC2 block size is 8 bytes. ```APIDOC ## func New ### Description Creates a new RC2 cipher instance with the provided key and effective key length. ### Signature ```go func New(key []byte, t1 int) (cipher.Block, error) ``` ### Parameters #### Parameters - **key** ([]byte) - The secret key for the RC2 cipher. - **t1** (int) - The effective key length in bytes. ``` -------------------------------- ### Encode PKCS#12 File Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Encodes a private key, certificate, and CA certificates into a DER-encoded PKCS#12 file. This function is deprecated. ```APIDOC ## func Encode (deprecated) ### Description Encode is equivalent to LegacyRC2.WithRand(rand).Encode. See Encoder.Encode and LegacyRC2 for details. This function is deprecated. ### Signature ```go func Encode(rand io.Reader, privateKey interface{}, certificate *x509.Certificate, caCerts []*x509.Certificate, password string) (pfxData []byte, err error) ``` ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Parameters - **rand** (io.Reader) - A random number generator. - **privateKey** (interface{}) - The private key to encode. - **certificate** (*x509.Certificate) - The end-entity certificate. - **caCerts** ([]*x509.Certificate) - A slice of CA certificates. - **password** (string) - The password for the PKCS#12 file. ### Returns - **pfxData** ([]byte) - The DER-encoded PKCS#12 file data. - **err** (error) - An error if the encoding fails. ### Deprecation Note Deprecated: for the same behavior, use LegacyRC2.Encode; for better compatibility, use Legacy.Encode; for better security, use Modern.Encode. ``` -------------------------------- ### Encode PKCS#12 Trust Store Entries (Deprecated) Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Encodes a slice of `TrustStoreEntry` objects into a DER-encoded PKCS#12 file. This function is deprecated. ```APIDOC ## Encode PKCS#12 Trust Store Entries (Deprecated) ### Description Encodes a slice of `TrustStoreEntry` objects into a DER-encoded PKCS#12 file. This function is deprecated. ### Function Signature `func EncodeTrustStoreEntries(rand io.Reader, entries []TrustStoreEntry, password string) (pfxData []byte, err error)` ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Parameters * `rand` (io.Reader) - A random number generator. * `entries` ([]TrustStoreEntry) - A slice of `TrustStoreEntry` objects to encode. * `password` (string) - The password to protect the PKCS#12 file. ### Returns * `pfxData` ([]byte) - The DER-encoded PKCS#12 file data. * `err` (error) - An error if the encoding fails. ``` -------------------------------- ### Convert PKCS#12 to PEM Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Converts all "safe bags" within PKCS#12 data to PEM blocks. This function is deprecated. ```APIDOC ## func ToPEM (deprecated) ### Description ToPEM converts all "safe bags" contained in pfxData to PEM blocks. This function is deprecated. ### Signature ```go func ToPEM(pfxData []byte, password string) ([]*pem.Block, error) ``` ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Parameters - **pfxData** ([]byte) - The DER-encoded PKCS#12 file data. - **password** (string) - The password for the PKCS#12 file. ### Returns - **[]*pem.Block** - A slice of PEM blocks. - **error** - An error if the conversion fails. ### Deprecation Note Deprecated: ToPEM creates invalid PEM blocks (private keys are encoded as raw RSA or EC private keys rather than PKCS#8 despite being labeled "PRIVATE KEY"). To decode a PKCS#12 file, use DecodeChain instead, and use the encoding/pem package to convert to PEM if necessary. ``` -------------------------------- ### Encode PKCS#12 Trust Store (Deprecated) Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Encodes a slice of certificates into a DER-encoded PKCS#12 file for trust store usage. This function is deprecated. ```APIDOC ## Encode PKCS#12 Trust Store (Deprecated) ### Description Encodes a slice of `x509.Certificate` objects into a DER-encoded PKCS#12 file, suitable for use as a trust store. This function is deprecated. ### Function Signature `func EncodeTrustStore(rand io.Reader, certs []*x509.Certificate, password string) (pfxData []byte, err error)` ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Parameters * `rand` (io.Reader) - A random number generator. * `certs` ([]*x509.Certificate) - A slice of certificates to encode. * `password` (string) - The password to protect the PKCS#12 file. ### Returns * `pfxData` ([]byte) - The DER-encoded PKCS#12 file data. * `err` (error) - An error if the encoding fails. ``` -------------------------------- ### Decode PKCS#12 Trust Store Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Extracts certificates from DER-encoded PKCS#12 data specifically formatted as a Java trust anchor. ```APIDOC ## func DecodeTrustStore ### Description DecodeTrustStore extracts the certificates from pfxData, which must be a DER-encoded PKCS#12 file containing exclusively certificates with attribute 2.16.840.1.113894.746875.1.1, which is used by Java to designate a trust anchor. If the password argument is empty, DecodeTrustStore will decode either password-less PKCS#12 files (i.e. those without encryption) or files with a literal empty password. ### Signature ```go func DecodeTrustStore(pfxData []byte, password string) (certs []*x509.Certificate, err error) ``` ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Parameters - **pfxData** ([]byte) - The DER-encoded PKCS#12 file data. - **password** (string) - The password for the PKCS#12 file. An empty string can be used for passwordless files or files with an empty password. ### Returns - **certs** ([]*x509.Certificate) - A slice of extracted certificates. - **err** (error) - An error if the decoding fails. ``` -------------------------------- ### Modern Encoder Alias Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 An alias for the Modern2023 encoder, representing modern and robust PKCS#12 parameters. This may be updated in the future to reflect evolving best practices. ```go var Modern = Modern2023 ``` -------------------------------- ### Convert PKCS#12 to PEM (Deprecated) Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Converts a DER-encoded PKCS#12 file into PEM-encoded blocks. This function is deprecated. ```APIDOC ## Convert PKCS#12 to PEM (Deprecated) ### Description Converts a DER-encoded PKCS#12 file into a slice of PEM-encoded blocks. This function is deprecated. ### Function Signature `func ToPEM(pfxData []byte, password string) ([]*pem.Block, error)` ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Parameters * `pfxData` ([]byte) - The DER-encoded PKCS#12 file data. * `password` (string) - The password to decrypt the PKCS#12 file. ### Returns * `[]*pem.Block` - A slice of PEM-encoded blocks. * `error` - An error if the conversion fails. ``` -------------------------------- ### Define TrustStoreEntry Structure Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 TrustStoreEntry represents a single entry within a Java TrustStore, containing a certificate and its associated friendly name (alias). ```go type TrustStoreEntry struct { Cert *x509.Certificate FriendlyName string } ``` -------------------------------- ### Decode PKCS#12 Trust Store Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Decodes a DER-encoded PKCS#12 file to extract a list of certificates, typically used for trust store purposes. Note the security implications of PKCS#12. ```APIDOC ## Decode PKCS#12 Trust Store ### Description Decodes a DER-encoded PKCS#12 file and returns a slice of `x509.Certificate` objects, representing the trust store entries contained within the file. ### Function Signature `func DecodeTrustStore(pfxData []byte, password string) (certs []*x509.Certificate, err error)` ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Parameters * `pfxData` ([]byte) - The DER-encoded PKCS#12 file data. * `password` (string) - The password to decrypt the PKCS#12 file. ### Returns * `certs` ([]*x509.Certificate) - A slice of decoded certificates. * `err` (error) - An error if the decoding fails. ``` -------------------------------- ### Encode PKCS#12 Trust Store Entries Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Encodes a slice of TrustStoreEntry objects into a DER-encoded PKCS#12 file. This function is deprecated. ```APIDOC ## func EncodeTrustStoreEntries (deprecated) ### Description EncodeTrustStoreEntries is equivalent to LegacyRC2.WithRand(rand).EncodeTrustStoreEntries. See Encoder.EncodeTrustStoreEntries and LegacyRC2 for details. This function is deprecated. ### Signature ```go func EncodeTrustStoreEntries(rand io.Reader, entries []TrustStoreEntry, password string) (pfxData []byte, err error) ``` ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Parameters - **rand** (io.Reader) - A random number generator. - **entries** ([]TrustStoreEntry) - A slice of TrustStoreEntry objects. - **password** (string) - The password for the PKCS#12 file. ### Returns - **pfxData** ([]byte) - The DER-encoded PKCS#12 file data. - **err** (error) - An error if the encoding fails. ### Deprecation Note Deprecated: for the same behavior, use LegacyRC2.EncodeTrustStoreEntries; to generate passwordless trust stores, use Passwordless.EncodeTrustStoreEntries. ``` -------------------------------- ### Encode PKCS#12 Trust Store Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 Encodes a slice of certificates into a DER-encoded PKCS#12 file suitable for Java trust stores. This function is deprecated. ```APIDOC ## func EncodeTrustStore (deprecated) ### Description EncodeTrustStore is equivalent to LegacyRC2.WithRand(rand).EncodeTrustStore. See Encoder.EncodeTrustStore and LegacyRC2 for details. This function is deprecated. ### Signature ```go func EncodeTrustStore(rand io.Reader, certs []*x509.Certificate, password string) (pfxData []byte, err error) ``` ### Parameters #### Path Parameters None #### Query Parameters None #### Request Body None ### Parameters - **rand** (io.Reader) - A random number generator. - **certs** ([]*x509.Certificate) - A slice of certificates to encode. - **password** (string) - The password for the PKCS#12 file. ### Returns - **pfxData** ([]byte) - The DER-encoded PKCS#12 file data. - **err** (error) - An error if the encoding fails. ### Deprecation Note Deprecated: for the same behavior, use LegacyRC2.EncodeTrustStore; to generate passwordless trust stores, use Passwordless.EncodeTrustStore. ``` -------------------------------- ### Define NotImplementedError Type Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12 NotImplementedError is a type used to indicate that an input or operation is not currently supported by the package. ```go type NotImplementedError string ``` -------------------------------- ### RC2 Block Size Constant Source: https://pkg.go.dev/software.sslmate.com/src/go-pkcs12/internal/rc2 Defines the block size of the RC2 cipher in bytes. This constant is used internally by the package. ```go const BlockSize = 8 ``` === COMPLETE CONTENT === This response contains all available snippets from this library. No additional content exists. Do not make further requests.