Decode extracts a certificate and private key from pfxData, which must be a DER-encoded PKCS#12 file.

DecodeChain extracts a certificate, a CA certificate chain, and private key from pfxData, which must be a DER-encoded PKCS#12 file.

DecodeTrustStore extracts the certificates from pfxData, which must be a DER-encoded PKCS#12 file containing exclusively certificates with attribute 2.16.840.1.113894.746875.1.1, which is used by Java to designate a trust anchor.

Encode produces pfxData containing one private key (privateKey), an end-entity certificate (certificate), and any number of CA certificates (caCerts).

EncodeTrustStore produces pfxData containing any number of CA certificates (certs) to be trusted.

ToPEM converts all "safe bags" contained in pfxData to PEM blocks.

DefaultPassword is the string "changeit", a commonly-used password for PKCS#12 files.

ErrDecryption represents a failure to decrypt the input.

ErrIncorrectPassword is returned when an incorrect password is detected.

NotImplementedError indicates that the input is not currently supported.