Hi all and nice to see you guys over here also have a Discourse forum
I am very very new to golang and am more busy with reading the docs, then programming, but I guess that is normal for the start.
I have two topics, in which I would like to ask the community for help.
OpenSSL.
I started reading the doc, but somehow I canât find the part, where is written, what equivalent goland approaches to the shell are. I really think that would help people move over.
So, what I do is converting the certificate (cer or pem) and key (key or pem) into a PKCS12 (.pfx) file.
My shell commands are:
If âcertâ PEM: openssl x509 -in inout_cert.pem -out output_cert.pem
if âcertâ DER: openssl x509 -inform der -in input_cert.cer -out output_cert.pem
if âkeyâ PEM: openssl pkcs8 -in input_key.pem -passin pass:PASS -out output_key.pem
if âkeyâ DER: openssl pkcs8 -inform der -in input_key.key -passin pass:PASS -out output_key.pem
Finally:
openssl pkcs12 -export -in output_cert.pem -inkey output_key.pem -out server.pfx -password pass:PASS
That will generate the wanted server.pfx
file with the same password as the key (if he had one).
ATM I do this in golang as a wrapper and I indeed execute the command as a shell command and listen for stdout and stderr to capture everything. It is not slow (30ms)⌠but for multiple reasons (mentioned below) I donât want this and want to do this in golang directly with the openssl lib.
What I also do is: storing the files temporarily on the server, which I also donât want, if possible.
So my questions are:
- how to analyse a cert with golang openssl? Is it possible to just throw something at it and it tells me âthis is a âCertâ in PEM formatâ or âthis is a âKeyâ in DER formatâ?
- Can I take (from my form upload) the files and not store them as files, but keep them in memory or as []byte variable and convert them like this, so I donât have to store them?
- If I use openssl from golang, does my system need to have openssl installed, or is not not required anymore?
Here the second part:
file
I use the shell program file to identify files independent from their file extension etc. If golang-openssl can identify all certs & keys I donât need it, but just now I donât know if it can.
If golang-openssl can not do this, is there a golang library which can do so? For my needs it must be able to differentiate between:
- cert (der)
- cert (pem)
- key (der)
- key (pem)
- key (pem - encrypted)
That would be enough for me.
ATM I have these two external libs which I want to get rid of, so my application is 100% go-based and not some sub-shell frankenstein project.
My long term goal
âŚwith golang is, to be able to run my code 100% in golang with no other external dependencies.
I want to do this for multiple reasons:
- performance
- security
- integrity
- being able to run at docker-scratch
I was able to run my whole application as <10MB docker-image, but I had to disable ALL parts which required âopensslâ and âfileâ. Which means for me, that the application was not really usable, but I am highly impressed by how small such a docker-image can get if you use golang and build your app. I really love this and would like to learn more about golang and the dockerization of golang-based applications
Thatâs it for now. I hope some friendly souls here can give me some input or even better examples and how they would do it.
Btw, here the is what I use:
- golang v1.19.1
- gin v1.8.1
So for me it is a gin-based webserver.
Best regards.