How to read/write pkcs12 file ?

[lu dongping]

now it's possible to save public cert and private key separately.

but how to save them in one pkcs12 file ?

Thanks.

Outersky

[Kyle Lemons]

You can use openssl to convert it into a format that our crypto libraries understand.  If memory serves, having a quick look at the docs, it looks like you want
openssl pkcs12 -in whatever.p12 -nocerts -nodes -out whatever.pem

--
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.
 
 

[lu dongping]

Yes, openssl can do that, I just confirm it's supported build-in.

Thanks.

[Eric Gavaletz]

Here is an example of oauth2 code that needs a key converted.

https://code.google.com/p/goauth2/source/browse/oauth/jwt/jwt.go

And here is the line of openssl that I included in the documentation to do the conversion.

$ openssl pkcs12 -in <key.p12> -nocerts -passin pass:notasecret -nodes -out <key.pem>

Since pkcs12 is the format that Google uses for key pairs I was hoping that support would make its way into the Go1.1 release, but I was just browsing tip.golang.org and no such luck.

[Kyle Lemons]

It would go into the go.crypto subrepo.  If memory serves, I think agl (who is the author of much of our crypto stuff) has said that he'd do code reviews for pkcs#12 support but that he doesn't have the bandwidth to do it himself, and since we have suitable formats and conversion is straightforward, it's not a priority.  Hopefully I'm not putting any words in his mouth ;-).