使用 golang 如何生成 rsa 证书,然后将私钥导出到 pfx 文件,将公钥导出到 cer 文件
[英]With golang how can I generate a rsa certificates then export the private key to a pfx file and the public key to a cer file
问题描述
I'd like to generate some certificates by golang, but stuck with a problem.
我想通过 golang 生成一些证书,但遇到了一个问题。
When I do that in php, it maybe like those codes:当我在 php 中这样做时,它可能像那些代码:
$privkey = openssl_pkey_new([
'digest_alg' => 'des3',
'private_key_bits' => 1024,
'private_key_type' => OPENSSL_KEYTYPE_RSA
]);
$csr = openssl_csr_new([
"countryName" => "EN",
"stateOrProvinceName" => "province",
"localityName" => "city",
"organizationName" => "org",
"organizationalUnitName" => "org",
"commonName" => "name",
], $privkey, ['digest_alg' => 'des3']);
$x509 = openssl_csr_sign($csr, null, $privkey, $days=3650, ['digest_alg' => 'des3']);
openssl_x509_export_to_file($x509, "/path/to/pub.cer");
openssl_pkcs12_export_to_file($x509, "/path/to/pri.pfx", $privkey, "password");
And now with golang I can only create the private key but don't know what to do next.Help me please and many thanks.现在使用 golang 我只能创建私钥,但不知道下一步该做什么。请帮助我,非常感谢。
func main() {
keyBytes, err := rsa.GenerateKey(rand.Reader, bitSize)
if err != nil {
panic(err)
}
if err := keyBytes.Validate(); err != nil {
panic(err)
}
dn := pkix.Name{
Country: []string{"EN"},
Organization: []string{"org"},
OrganizationalUnit: []string{"org"},
Locality: []string{"city"},
Province: []string{"province"},
CommonName: "name",
}
asn1Dn, err := asn1.Marshal(dn)
if err != nil {
panic(err)
}
template := x509.CertificateRequest{
Raw: asn1Dn,
SignatureAlgorithm: x509.SHA256WithRSA,
}
csrBytes, err := x509.CreateCertificateRequest(rand.Reader, &template, keyBytes)
// how to do with csrBytes next?
}
1 个解决方案
解决方案1
1 已采纳 2020-04-05 15:15:13
Finally I resolved the problem by myself.最后我自己解决了这个问题。 Now I should write the answer for others face the same issue.现在我应该为其他面临同样问题的人写下答案。
The solution is using software.sslmate.com/src/go-pkcs12 which provides function Encode to encode given bytes data created from x509.CreateCertificate .解决方案是使用software.sslmate.com/src/go-pkcs12提供 function Encode来编码从x509.CreateCertificate创建的给定字节数据。
Look at the example codes below:看下面的示例代码:
func main() {
keyBytes, err := rsa.GenerateKey(rand.Reader, 1024)
if err != nil {
panic(err)
}
if err := keyBytes.Validate(); err != nil {
panic(err)
}
template := &x509.Certificate{
SerialNumber: big.NewInt(1),
Subject: pkix.Name{
Country: []string{"EN"},
Organization: []string{"org"},
OrganizationalUnit: []string{"org"},
Locality: []string{"city"},
Province: []string{"province"},
CommonName: "name",
},
}
derBytes, err := x509.CreateCertificate(rand.Reader, template, template, &keyBytes.PublicKey, keyBytes)
if err != nil {
panic(err)
}
cert, err := x509.ParseCertificate(derBytes)
if err != nil {
panic(err)
}
pfxBytes, err := pkcs12.Encode(rand.Reader, keyBytes, cert, []*x509.Certificate{}, pkcs12.DefaultPassword)
if err != nil {
panic(err)
}
// see if pfxBytes valid
_, _, _, err = pkcs12.DecodeChain(pfxBytes, pkcs12.DefaultPassword)
if err != nil {
panic(err)
}
if err := ioutil.WriteFile(
"/path/to/pri.pfx",
pfxBytes,
os.ModePerm,
); err != nil {
panic(err)
}
}
Everyone can find the source code in my github repo yuchanns/gobyexample大家可以在我的github repo yuchanns/gobyexample中找到源代码
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.