CreateCertificate creates a new certificate based on a template.

CreateCertificateRequest creates a new certificate request based on a template.

CreateCertificateToPem creates a new certificate based on a template and encodes it to PEM format.

DegenerateCertificate creates a signed data structure containing only the provided certificate or certificate chain.

MarshalPKCS1PrivateKey converts a private key to ASN.1 DER encoded form.

MarshalPKIXPublicKey serialises a public key to DER-encoded PKIX format.

NewCertPool returns a new, empty CertPool.

NewSignedData initializes a SignedData with content.

ParseCertificate parses a single certificate from the given ASN.1 DER data.

ParseCertificateRequest parses a single certificate request from the given ASN.1 DER data.

ParseCertificates parses one or more certificates from the given ASN.1 DER data.

ParseCRL parses a CRL from the given bytes.

ParseDERCRL parses a DER encoded CRL from the given bytes.

ParsePKCS1PrivateKey returns an RSA private key from its ASN.1 PKCS#1 DER encoded form.

ParsePKCS7 decodes a DER encoded PKCS7.

ParsePKIXPublicKey parses a DER encoded public key.

Encrypt creates and returns an envelope data PKCS7 structure with encrypted recipient keys for each recipient public key.

DHex是sm2私钥的真正关键数值.

RegisterHash registers a function that returns a new instance of the given hash function.

SystemCertPool returns a copy of the system cert pool.

CANotAuthorizedForThisName results when an intermediate or root certificate has a name constraint which doesn't include the name being checked.

Expired results when a certificate has expired, based on the time given in the VerifyOptions.

IncompatibleUsage results when the certificate's key usage indicates that it may only be used for a different purpose.

import golang.org/x/crypto/md4.

import crypto/md5.

no implementation; MD5+SHA1 used for TLS RSA.

NameMismatch results when the subject name of a parent certificate does not match the issuer name in the child.

NotAuthorizedToSign results when a certificate is signed by another which isn't marked as a CA certificate.

import golang.org/x/crypto/ripemd160.

import crypto/sha1.

SM3WithRSA reserve.

import crypto/sha256.

import crypto/sha256.

import golang.org/x/crypto/sha3.

import golang.org/x/crypto/sha3.

import golang.org/x/crypto/sha3.

import golang.org/x/crypto/sha3.

import crypto/sha512.

import crypto/sha512.

import crypto/sha512.

import crypto/sha512.

TooManyIntermediates results when a path length constraint is violated.

ContentEncryptionAlgorithm determines the algorithm used to encrypt the plaintext message.

ErrNotEncryptedContent is returned when attempting to Decrypt data that is not encrypted data.

ErrPKCS7UnsupportedAlgorithm tells you when our quick dev assumptions have failed.

ErrUnsupportedAlgorithm results from attempting to perform an operation that involves algorithms that are not currently implemented.

ErrUnsupportedContentType is returned when a PKCS7 content is not supported.

ErrUnsupportedEncryptionAlgorithm is returned when attempting to encrypt content with an unsupported algorithm.

Attribute represents a key value pair attribute.

A Certificate represents an X.509 certificate.

CertificateInvalidError results when an odd error occurs.

CertificateRequest represents a PKCS #10, certificate signature request.

CertPool is a set of certificates.

ConstraintViolationError results when a requested usage is not permitted by a certificate.

reference to https://www.rfc-editor.org/rfc/rfc5958.txt.

HostnameError results when the set of authorized names doesn't match the requested name.

MessageDigestMismatchError is returned when the signer data digest does not match the computed digest for the contained content.

reference to https://www.ietf.org/rfc/rfc2898.txt.

reference to https://www.ietf.org/rfc/rfc2898.txt.

reference to https://www.ietf.org/rfc/rfc2898.txt.

PKCS7 Represents a PKCS7 structure.

reference to https://www.ietf.org/rfc/rfc2898.txt.

reference to https://www.rfc-editor.org/rfc/rfc5958.txt.

SignedData is an opaque data structure for creating signed data payloads.

SignerInfoConfig are optional values to include when adding a signer.

SystemRootsError results when we fail to load the system root certificates.

UnknownAuthorityError results when the certificate issuer is unknown.

VerifyOptions contains parameters for Certificate.Verify.

ExtKeyUsage represents an extended set of actions that are valid for a given key.

An InsecureAlgorithmError.

KeyUsage represents the set of actions that are valid for a given key.