Package pkix contains shared, low level structures used for ASN.1 parsing and serialization of X.509 certificates, CRL and OCSP.

CreateCertificate creates a new certificate based on a template.

DecryptPEMBlock takes a password encrypted PEM block and the password used to encrypt it and returns a slice of decrypted DER encoded bytes.

EncryptPEMBlock returns a PEM block of the specified type holding the given DER-encoded data encrypted with the specified algorithm and password.

IsEncryptedPEMBlock returns if the PEM block is password encrypted.

MarshalPKCS1PrivateKey converts a private key to ASN.1 DER encoded form.

MarshalPKIXPublicKey serialises a public key to DER-encoded PKIX format.

NewCertPool returns a new, empty CertPool.

ParseCertificate parses a single certificate from the given ASN.1 DER data.

ParseCertificates parses one or more certificates from the given ASN.1 DER data.

ParseCRL parses a CRL from the given bytes.

ParseDERCRL parses a DER encoded CRL from the given bytes.

ParseECPrivateKey parses an ASN.1 Elliptic Curve Private Key Structure.

ParsePKCS1PrivateKey returns an RSA private key from its ASN.1 PKCS#1 DER encoded form.

ParsePKCS8PrivateKey parses an unencrypted, PKCS#8 private key.

ParsePKIXPublicKey parses a DER encoded public key.

CANotAuthorizedForThisName results when an intermediate or root certificate has a name constraint which doesn't include the name being checked.

Expired results when a certificate has expired, based on the time given in the VerifyOptions.

IncompatibleUsage results when the certificate's key usage indicates that it may only be used for a different purpose.

NotAuthorizedToSign results when a certificate is signed by another which isn't marked as a CA certificate.

Possible values for the EncryptPEMBlock encryption algorithm.

Possible values for the EncryptPEMBlock encryption algorithm.

Possible values for the EncryptPEMBlock encryption algorithm.

Possible values for the EncryptPEMBlock encryption algorithm.

Possible values for the EncryptPEMBlock encryption algorithm.

TooManyIntermediates results when a path length constraint is violated.

ErrUnsupportedAlgorithm results from attempting to perform an operation that involves algorithms that are not currently implemented.

IncorrectPasswordError is returned when an incorrect password is detected.

A Certificate represents an X.509 certificate.

CertificateInvalidError results when an odd error occurs.

CertPool is a set of certificates.

ConstraintViolationError results when a requested usage is not permitted by a certificate.

HostnameError results when the set of authorized names doesn't match the requested name.

UnknownAuthorityError results when the certificate issuer is unknown.

VerifyOptions contains parameters for Certificate.Verify.

ExtKeyUsage represents an extended set of actions that are valid for a given key.

KeyUsage represents the set of actions that are valid for a given key.