Hi all and nice to see you guys over here also have a Discourse forum
I am very very new to golang and am more busy with reading the docs, then programming, but I guess that is normal for the start.
I have two topics, in which I would like to ask the community for help.
I started reading the doc, but somehow I can’t find the part, where is written, what equivalent goland approaches to the shell are. I really think that would help people move over.
So, what I do is converting the certificate (cer or pem) and key (key or pem) into a PKCS12 (.pfx) file.
My shell commands are:
If “cert” PEM:
openssl x509 -in inout_cert.pem -out output_cert.pem
if “cert” DER:
openssl x509 -inform der -in input_cert.cer -out output_cert.pem
if “key” PEM:
openssl pkcs8 -in input_key.pem -passin pass:PASS -out output_key.pem
if “key” DER:
openssl pkcs8 -inform der -in input_key.key -passin pass:PASS -out output_key.pem
openssl pkcs12 -export -in output_cert.pem -inkey output_key.pem -out server.pfx -password pass:PASS
That will generate the wanted
server.pfx file with the same password as the key (if he had one).
ATM I do this in golang as a wrapper and I indeed execute the command as a shell command and listen for stdout and stderr to capture everything. It is not slow (30ms)… but for multiple reasons (mentioned below) I don’t want this and want to do this in golang directly with the openssl lib.
What I also do is: storing the files temporarily on the server, which I also don’t want, if possible.
So my questions are:
- how to analyse a cert with golang openssl? Is it possible to just throw something at it and it tells me “this is a ‘Cert’ in PEM format” or “this is a ‘Key’ in DER format”?
- Can I take (from my form upload) the files and not store them as files, but keep them in memory or as byte variable and convert them like this, so I don’t have to store them?
- If I use openssl from golang, does my system need to have openssl installed, or is not not required anymore?
Here the second part:
I use the shell program file to identify files independent from their file extension etc. If golang-openssl can identify all certs & keys I don’t need it, but just now I don’t know if it can.
If golang-openssl can not do this, is there a golang library which can do so? For my needs it must be able to differentiate between:
- cert (der)
- cert (pem)
- key (der)
- key (pem)
- key (pem - encrypted)
That would be enough for me.
ATM I have these two external libs which I want to get rid of, so my application is 100% go-based and not some sub-shell frankenstein project.
…with golang is, to be able to run my code 100% in golang with no other external dependencies.
I want to do this for multiple reasons:
- being able to run at docker-scratch
I was able to run my whole application as <10MB docker-image, but I had to disable ALL parts which required “openssl” and “file”. Which means for me, that the application was not really usable, but I am highly impressed by how small such a docker-image can get if you use golang and build your app. I really love this and would like to learn more about golang and the dockerization of golang-based applications
That’s it for now. I hope some friendly souls here can give me some input or even better examples and how they would do it.
Btw, here the is what I use:
- golang v1.19.1
- gin v1.8.1
So for me it is a gin-based webserver.