FAQ
Hi,

Working on parsing PKCS #10 format. I have a few questions:


    1. There's a lot of private stuff in the crypo/x509 package that would
    make this easier such as exposing oidSignatureMD2WithRSA, etc. and
    or the getSignatureAlgorithmFromOID function. What's the most appropriate
    way to reuse code like this in a library? Copying it and referencing the
    original source?
    2. Would something like this be appropriate to get upstream in the x509
    or other go crypto package? having it in the x509 would solve problem #1
    3. Would like to expose attributes in the CSR (such as alt names). How
    should I choose which ones to expose?

Thanks,
Mike

--

Search Discussions

  • Agl at Oct 1, 2012 at 9:18 pm

    There's a lot of private stuff in the crypo/x509 package that would make
    this easier such as exposing oidSignatureMD2WithRSA, etc. and or the
    getSignatureAlgorithmFromOID function. What's the most appropriate way to
    reuse code like this in a library? Copying it and referencing the original
    source?
    Would something like this be appropriate to get upstream in the x509 or
    other go crypto package? having it in the x509 would solve problem #1

    I think CSR parsing would happily live in crypto/x509.

    Would like to expose attributes in the CSR (such as alt names). How should
    I choose which ones to expose?

    It's a fine line. PKIX is almost impossibly complex and we don't want to
    try and expose everything. Go's crypto libraries generally aim at solving
    90% of the problem, hopefully at 50% of the complexity. Subject alt names
    are exposed in x509.Certificate so it would make sense to mirror that in
    any CSR structure.


    Cheers

    AGL

    --
  • Nick at Sep 18, 2013 at 1:34 am
    Is there any progress on adding a CSR struct? ParseCertificate can't
    handle a CSR as input. It would be nice to be able to call
    CreateCertificate with a CSR as the template instead of a certificate.
      That way a signed certificate can be created from a CSR alone instead of
    needing to have an already signed certificate to create a new signed
    certificate.

    Nick
    On Monday, October 1, 2012 1:55:18 PM UTC-7, agl wrote:

    There's a lot of private stuff in the crypo/x509 package that would make
    this easier such as exposing oidSignatureMD2WithRSA, etc. and or the
    getSignatureAlgorithmFromOID function. What's the most appropriate way to
    reuse code like this in a library? Copying it and referencing the original
    source?
    Would something like this be appropriate to get upstream in the x509 or
    other go crypto package? having it in the x509 would solve problem #1

    I think CSR parsing would happily live in crypto/x509.

    Would like to expose attributes in the CSR (such as alt names). How
    should I choose which ones to expose?

    It's a fine line. PKIX is almost impossibly complex and we don't want to
    try and expose everything. Go's crypto libraries generally aim at solving
    90% of the problem, hopefully at 50% of the complexity. Subject alt names
    are exposed in x509.Certificate so it would make sense to mirror that in
    any CSR structure.


    Cheers

    AGL
    --
    You received this message because you are subscribed to the Google Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Jonathan at Sep 18, 2013 at 2:47 pm
    I've implemented a basic PKCS #10 encoder[1]; it may be useful as a
    starting point for a decoder.

    Jonathan

    [1] https://github.com/cupcake/pkcs10

    --
    You received this message because you are subscribed to the Google Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.
  • Kyle at Feb 1, 2014 at 1:25 am
    Hello,

    I've submitted a patch for parsing and serialising PKCS #10 certificate
    signature requests. The code review is at
    https://codereview.appspot.com/49830048.

    Cheers,
    Kyle

    --
    You received this message because you are subscribed to the Google Groups "golang-nuts" group.
    To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts+unsubscribe@googlegroups.com.
    For more options, visit https://groups.google.com/groups/opt_out.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupgolang-nuts @
categoriesgo
postedOct 1, '12 at 7:23p
activeFeb 1, '14 at 1:25a
posts5
users5
websitegolang.org

People

Translate

site design / logo © 2021 Grokbase