我想通过golang生成一些证书,但是遇到了问题。
当我在php中执行此操作时,它可能类似于以下代码:
$privkey = openssl_pkey_new([
'digest_alg' => 'des3',
'private_key_bits' => 1024,
'private_key_type' => OPENSSL_KEYTYPE_RSA
]);
$csr = openssl_csr_new([
"countryName" => "EN",
"stateOrProvinceName" => "province",
"localityName" => "city",
"organizationName" => "org",
"organizationalUnitName" => "org",
"commonName" => "name",
], $privkey, ['digest_alg' => 'des3']);
$x509 = openssl_csr_sign($csr, null, $privkey, $days=3650, ['digest_alg' => 'des3']);
openssl_x509_export_to_file($x509, "/path/to/pub.cer");
openssl_pkcs12_export_to_file($x509, "/path/to/pri.pfx", $privkey, "password");
现在使用golang我只能创建私钥,但不知道下一步该怎么做,请帮我,非常感谢。
func main() {
keyBytes, err := rsa.GenerateKey(rand.Reader, bitSize)
if err != nil {
panic(err)
}
if err := keyBytes.Validate(); err != nil {
panic(err)
}
dn := pkix.Name{
Country: []string{"EN"},
Organization: []string{"org"},
OrganizationalUnit: []string{"org"},
Locality: []string{"city"},
Province: []string{"province"},
CommonName: "name",
}
asn1Dn, err := asn1.Marshal(dn)
if err != nil {
panic(err)
}
template := x509.CertificateRequest{
Raw: asn1Dn,
SignatureAlgorithm: x509.SHA256WithRSA,
}
csrBytes, err := x509.CreateCertificateRequest(rand.Reader, &template, keyBytes)
// how to do with csrBytes next?
}
最后,我自己解决了这个问题。现在,我应该为其他面临相同问题的人写答案。
该解决方案正在使用software.sslmate.com/src/go-pkcs12
,该解决方案提供Encode
了对从创建的给定字节数据进行编码的功能x509.CreateCertificate
。
查看下面的示例代码:
func main() {
keyBytes, err := rsa.GenerateKey(rand.Reader, 1024)
if err != nil {
panic(err)
}
if err := keyBytes.Validate(); err != nil {
panic(err)
}
template := &x509.Certificate{
SerialNumber: big.NewInt(1),
Subject: pkix.Name{
Country: []string{"EN"},
Organization: []string{"org"},
OrganizationalUnit: []string{"org"},
Locality: []string{"city"},
Province: []string{"province"},
CommonName: "name",
},
}
derBytes, err := x509.CreateCertificate(rand.Reader, template, template, &keyBytes.PublicKey, keyBytes)
if err != nil {
panic(err)
}
cert, err := x509.ParseCertificate(derBytes)
if err != nil {
panic(err)
}
pfxBytes, err := pkcs12.Encode(rand.Reader, keyBytes, cert, []*x509.Certificate{}, pkcs12.DefaultPassword)
if err != nil {
panic(err)
}
// see if pfxBytes valid
_, _, _, err = pkcs12.DecodeChain(pfxBytes, pkcs12.DefaultPassword)
if err != nil {
panic(err)
}
if err := ioutil.WriteFile(
"/path/to/pri.pfx",
pfxBytes,
os.ModePerm,
); err != nil {
panic(err)
}
}
每个人都可以在我的github repo yuchanns / gobyexample中找到源代码
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句