英文:
Create key and certificate in golang same as openssl do for local host
问题
你可以使用Go语言编写等效于以下openssl命令的代码:
package main
import (
"crypto/rand"
"crypto/rsa"
"crypto/x509"
"crypto/x509/pkix"
"encoding/pem"
"fmt"
"math/big"
"net"
"os"
"time"
)
func main() {
// 生成私钥
privateKey, err := rsa.GenerateKey(rand.Reader, 4096)
if err != nil {
fmt.Println("私钥生成失败:", err)
return
}
// 创建证书模板
template := x509.Certificate{
SerialNumber: big.NewInt(1),
Subject: pkix.Name{
Country: []string{""},
Province: []string{""},
Organization: []string{""},
Locality: []string{""},
CommonName: "localhost",
OrganizationalUnit: []string{""},
},
NotBefore: time.Now(),
NotAfter: time.Now().AddDate(10, 0, 0), // 有效期为10年
BasicConstraintsValid: true,
IsCA: true,
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth},
IPAddresses: []net.IP{net.ParseIP("127.0.0.1")},
}
// 使用证书模板和私钥生成证书
derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &privateKey.PublicKey, privateKey)
if err != nil {
fmt.Println("证书生成失败:", err)
return
}
// 将证书保存到文件
certOut, err := os.Create("test.crt")
if err != nil {
fmt.Println("证书保存失败:", err)
return
}
pem.Encode(certOut, &pem.Block{Type: "CERTIFICATE", Bytes: derBytes})
certOut.Close()
fmt.Println("证书已保存到 test.crt")
// 将私钥保存到文件
keyOut, err := os.OpenFile("test.key", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
if err != nil {
fmt.Println("私钥保存失败:", err)
return
}
pem.Encode(keyOut, &pem.Block{Type: "RSA PRIVATE KEY", Bytes: x509.MarshalPKCS1PrivateKey(privateKey)})
keyOut.Close()
fmt.Println("私钥已保存到 test.key")
}
这段代码会生成一个新的证书,从证书请求中生成。生成的证书将保存在test.crt文件中,私钥将保存在test.key文件中。请确保你已经安装了Go语言环境,并且导入了必要的包。
英文:
How can I code in Go the equivalent of the following openssl command?
openssl req -subj /C=/ST=/O=/L=/CN=localhost/OU=/ -x509 -nodes -days 3650 \
-newkey rsa:4096 -keyout test.key -out test.crt
The goal is to generate a new certificate from its certificate request.
答案1
得分: 1
通过以下方式找到了解决方案:
key, err := rsa.GenerateKey(rand.Reader, 4096)
if err != nil {
return "", "", err
}
keyBytes := x509.MarshalPKCS1PrivateKey(key)
// 私钥的PEM编码
keyPEM := pem.EncodeToMemory(
&pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: keyBytes,
},
)
fmt.Println(string(keyPEM))
notBefore := time.Now()
notAfter := notBefore.Add(365*24*10*time.Hour)
// 创建证书模板
template := x509.Certificate{
SerialNumber: big.NewInt(0),
Subject: pkix.Name{CommonName: "localhost"},
SignatureAlgorithm: x509.SHA256WithRSA,
NotBefore: notBefore,
NotAfter: notAfter,
BasicConstraintsValid: true,
KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageKeyAgreement | x509.KeyUsageKeyEncipherment | x509.KeyUsageDataEncipherment,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
}
// 使用模板创建证书
derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &key.PublicKey, key)
if err != nil {
return "", "", err
}
// 证书的PEM编码
certPem := string(pem.EncodeToMemory(
&pem.Block{
Type: "CERTIFICATE",
Bytes: derBytes,
},
))
fmt.Println(certPem)
以上是代码的翻译结果。
英文:
Found my solution by this way-
key, err := rsa.GenerateKey(rand.Reader, 4096)
if err != nil {
return "", "", err
}
keyBytes := x509.MarshalPKCS1PrivateKey(key)
// PEM encoding of private key
keyPEM := pem.EncodeToMemory(
&pem.Block{
Type: "RSA PRIVATE KEY",
Bytes: keyBytes,
},
)
fmt.Println(string(keyPEM))
notBefore := time.Now()
notAfter := notBefore.Add(365*24*10*time.Hour)
//Create certificate templet
template := x509.Certificate{
SerialNumber: big.NewInt(0),
Subject: pkix.Name{CommonName: "localhost"},
SignatureAlgorithm: x509.SHA256WithRSA,
NotBefore: notBefore,
NotAfter: notAfter,
BasicConstraintsValid: true,
KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageKeyAgreement | x509.KeyUsageKeyEncipherment | x509.KeyUsageDataEncipherment,
ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth, x509.ExtKeyUsageClientAuth},
}
//Create certificate using templet
derBytes, err := x509.CreateCertificate(rand.Reader, &template, &template, &key.PublicKey, key)
if err != nil {
return "", "", err
}
//pem encoding of certificate
certPem := string(pem.EncodeToMemory(
&pem.Block{
Type: "CERTIFICATE",
Bytes: derBytes,
},
))
fmt.Println(certPem))
答案2
得分: 0
你可以考虑使用cloudflare/cfssl,其中包含一个cfssl.initca包,如此处所示:
var req *csr.CertificateRequest
hostname := "cloudflare.com"
crl := "http://crl.cloudflare.com/655c6a9b-01c6-4eea-bf21-be690cc315e0.crl" //cert_uuid.crl
for _, param := range validKeyParams {
for _, caconfig := range validCAConfigs {
req = &csr.CertificateRequest{
Names: []csr.Name{
{
C: "US",
ST: "California",
L: "San Francisco",
O: "CloudFlare",
OU: "Systems Engineering",
},
},
CN: hostname,
Hosts: []string{hostname, "www." + hostname},
KeyRequest: ¶m,
CA: &caconfig,
CRL: crl,
}
certBytes, _, keyBytes, err := New(req)
if err != nil {
t.Fatal("InitCA failed:", err)
}
}
}
英文:
You might consider cloudflare/cfssl, which includes a cfssl.initca package, as shown here:
var req *csr.CertificateRequest
hostname := "cloudflare.com"
crl := "http://crl.cloudflare.com/655c6a9b-01c6-4eea-bf21-be690cc315e0.crl" //cert_uuid.crl
for _, param := range validKeyParams {
for _, caconfig := range validCAConfigs {
req = &csr.CertificateRequest{
Names: []csr.Name{
{
C: "US",
ST: "California",
L: "San Francisco",
O: "CloudFlare",
OU: "Systems Engineering",
},
},
CN: hostname,
Hosts: []string{hostname, "www." + hostname},
KeyRequest: &param,
CA: &caconfig,
CRL: crl,
}
certBytes, _, keyBytes, err := New(req)
if err != nil {
t.Fatal("InitCA failed:", err)
}
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论