# README
TL;DR
This is an opinionated single-file OpenVPN TLS certificate library. It has no dependencies on any other external tool such as openssl.
Features
- Uses a single boltdb instance to store the certificates and keys.
- All data strored in the database is encrypted with keys derived from a user supplied CA passphrase.
- Support for issuing & revoking:
- Server Certs (optionally signed by intermediate CAs)
- Client Certs (optionally signed by intermediate CAs)
- Intermediate CA certs (optionally signed by other intermediate CAs)
- Flexible CRL generation
- The certificates and keys are opinionated:
- All CA cert private keys are Secp521r1
- Client & Servers cert private keys are Secp256k1
- "SSL-Server" attribute set on server certificates (nsCertType)
- "SSL-Client" attribute set on client certificates (nsCertType)
- ECDSA with SHA512 is used as the signature algorithm of encryption to thwart DoS attacks.
Who uses this?
Two tools use this:
- ovpn-tool - an opnionated PKI and OpenVPN Configuration manager
- certik - an example CLI program that uses this library
How to use this?
You will need a fairly recent golang toolchain (>1.10). go-pki is
modules ready. You just import the code in your project as:
import (
"github.com/opencoff/go-pki"
)
# Functions
CertificateRequestText returns a human-readable string representation of the certificate request csr.
CertificateText returns a human-readable string representation of the certificate cert.
New creates a new PKI CA instance with storage backed by boltdb in 'dbname'.
NewFromJSON creates a new PKI CA instance with storage backed by boltDB in 'dbname' with initial contents coming from the JSON blob.
NewWithStorage creates a new RootCA with the given storage engine.
# Constants
DB Version.
# Variables
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
# Interfaces
Storage abstracts the underlying persistent storage provider.