https://github.com/opencoff/go-pki

Simple TLS PKI Library with embedded database
https://github.com/opencoff/go-pki

boltdb golang golang-crypto golang-library pki tls-pki

Last synced: about 1 year ago
JSON representation

Simple TLS PKI Library with embedded database

• Host: GitHub
• URL: https://github.com/opencoff/go-pki
• Owner: opencoff
• License: gpl-2.0
• Created: 2020-07-22T22:16:43.000Z (almost 6 years ago)
• Default Branch: master
• Last Pushed: 2025-03-25T12:37:26.000Z (about 1 year ago)
• Last Synced: 2025-03-25T13:41:51.463Z (about 1 year ago)
• Topics: boltdb, golang, golang-crypto, golang-library, pki, tls-pki
• Language: Go
• Homepage:
• Size: 63.5 KB
• Stars: 9
• Watchers: 0
• Forks: 3
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
[![GoDoc](https://godoc.org/github.com/opencoff/go-pki?status.svg)](https://godoc.org/github.com/opencoff/go-pki)

## TL;DR

This is an opinionated single-file OpenVPN TLS certificate library.

It has _no_ dependencies on any other external tool such as openssl.

## Features

* Uses a single [boltdb](https://github.com/etcd/bbolt) instance to store the

  certificates and keys.

* All data strored in the database is encrypted with keys derived from a user

  supplied CA passphrase.

* Support for issuing & revoking:

   - Server Certs (optionally signed by intermediate CAs)

   - Client Certs (optionally signed by intermediate CAs)

   - Intermediate CA certs (optionally signed by other intermediate

     CAs)

* Flexible CRL generation

* The certificates and keys are opinionated:

   * All CA cert private keys are Secp521r1

   * Client & Servers cert private keys are Secp256k1

   * "SSL-Server" attribute set on server certificates (nsCertType)

   * "SSL-Client" attribute set on client certificates (nsCertType)

   * ECDSA with SHA512 is used as the signature algorithm

     of encryption to thwart DoS attacks.

## Who uses this?

Two tools use this:

* [ovpn-tool](https://github.com/opencoff/ovpn-tool) - an opnionated

  PKI and OpenVPN Configuration manager

* [certik](https://github.com/opencoff/certik) - an example CLI

  program that uses this library

## How to use this?

You will need a fairly recent golang toolchain (>1.10). `go-pki` is

modules ready. You just import the code in your project as:

```go

    import (

        "github.com/opencoff/go-pki"

    )

```