crypto/x509: reading certificates from PKCS12 files #10621
Comments
|
@agl @rakyll What's the next step? Would it make sense to contribute to x/crypto as is, and go through the code review process? |
|
I don't think this would be suitable for the standard library. It might be suitable for x/crypto. It would really be best for the world if all the PKCS standards disappeared so there is a long-term cost to making it easier to use them. However, that doesn't remove the need that some people have to deal with them today. It looks like an RC2 implementation would also have to be pulled in, which is fine, although it should probably be a subpackage of the PKCS#12 package—hopefully PKCS#12 is the last thing in the world that needs it. The interface of the proposed package (https://godoc.org/github.com/Azure/go-pkcs12) looks plausible. As you can probably tell by the latency of my reply, I only get to work on this stuff on the odd weekend so it may take a while to get around to it, but the next step would be to create a code review to add the package to x/crypto. |
|
Should the package also be able to write PKCS12 certs? Can that sort of thing be added later? |
|
It's certainly not necessary that the package be able to write PKCS#12 files in the initial revision. If it never needs to then so much the better. |
@dgryski: would it be possible for you to contribute the RC2 code to the pkcs12 repo, so that I can contribute it to x/crypto? It would require a Microsoft CLA if you don't have one yet (much like contributing to Go requires a Google CLA). |
|
Either route is fine with me. I just signed the Microsoft CLA. I can file a pull request against go-pkcs12 later today and then this issue can move forward. |
|
Thanks, that would be awesome. it will take me some time to get the Go CLA signed on behalf of MS... |
|
Just filed Azure/go-pkcs12#24 to merge go-rc2 into go-pkcs12. |
|
@agl There is an open pull request to write PKCS12 files. |
|
@agl code review opened: https://go-review.googlesource.com/#/c/11986/ |
|
any update on this or CL? |
|
@paulmey is on vacation until Aug 24. Progress is stalled until then. Will need to be updated for Azure/go-pkcs12#25 at least. |
|
I'm keeping an eye on my email, but I haven't seen any review comments yet. @agl was assigned as reviewer, but he's very busy these days, I think. |
|
This would really rock. I'd love to see this merged. I've been needing to R/W PKCS#12 |
|
@paultag For now you can use https://github.com/Azure/go-pkcs12 to read PKCS#12, and I believe there is an open pull request for writing them as well. |
|
@nathany Thanks for that! Looks great! |
Package pkcs12 provides some Go implementations of PKCS#12. This implementation is distilled from https://tools.ietf.org/html/rfc7292 and referenced documents. It is intented for decoding P12/PFX-stored certificate+key for use with the crypto/tls package. Package includes @dgryski's RC2 implementation as a sub package as requested in golang/go#10621. Change-Id: I78401241e39cd0099e9082a3a227cf0a3a36e6d1 Reviewed-on: https://go-review.googlesource.com/11986 Reviewed-by: Adam Langley <[email protected]> Run-TryBot: Adam Langley <[email protected]>
|
Closed by golang/crypto@c8b9e63 |
|
I stumbled upon this Issue due to some research. Sorry to misuse this as mailing list now. Maybe somebody hears me anyway. There was a question about writing PKCS12 certs, which does not look like it is possible, but I want to do exactly that. My question is how. Consider the following How to achieve this in go? Thanks for listening. |
|
Yah, it isn't currently supported. See Azure/go-pkcs12#28. |
There is some interest to have a capability to read certificates from PKCS12 (.pfx/.p12) files in the golang standard library or the crypto sub repo. We have a package at https://github.com/Azure/go-pkcs12 that provides this capability and I'm looking for feedback on the API design. Moving Azure/go-pkcs12#9 here.
CC: @agl @rakyll @dgryski @nathany @ahmetalpbalkan
The text was updated successfully, but these errors were encountered: