Hello all and good to see you guys over right here even have a Discourse discussion board 
I’m very very new to golang and am extra busy with studying the docs, then programming, however I suppose that’s regular for the beginning.
I’ve two subjects, by which I want to ask the neighborhood for assist.
OpenSSL.
I began studying the doc, however in some way I can’t discover the half, the place is written, what equal goland approaches to the shell are. I actually suppose that might assist individuals transfer over.
So, what I do is changing the certificates (cer or pem) and key (key or pem) right into a PKCS12 (.pfx) file.
My shell instructions are:
If “cert” PEM: openssl x509 -in cert.pem -out cert.conv.pem
if “cert” DER: openssl x509 -inform der -in cert.pem -out cert.conv.pem
if “key” PEM: openssl pkcs8 -in key.pem -passin cross:PASS -out key.conv.pem
if “key” DER: openssl pkcs8 -inform der -in key.pem -passin cross:PASS -out key.conv.pem
Lastly:
openssl pkcs12 -export -in cert.conv.pem -inkey key.conv.pem -out server.pfx -password cross:PASS
That can generate the wished server.pfx file with the identical password as the important thing (if he had one).
ATM I do that in golang as a wrapper and I certainly execute the command as a shell command and hear for stdout and stderr to seize all the pieces. It isn’t gradual (30ms)… however for a number of causes (talked about under) I don’t need this and need to do that in golang immediately with the openssl lib.
What I additionally do is: storing the recordsdata briefly on the server, which I additionally don’t need, if doable.
So my questions are:
- easy methods to analyse a cert with golang openssl? Is it doable to only toss stuff at it and it tells me “it is a ‘Cert’ in PEM format” or “it is a ‘Key’ in DER format”?
- Can I take (from my type add) the recordsdata and never retailer them as recordsdata, however maintain them in reminiscence or as []byte variable and convert them like this, so I don’t need to retailer them?
- If I exploit openssl from golang, does my system have to have openssl put in, or is just not not required anymore?
Right here the second half:
file
I exploit the shell program file to determine recordsdata impartial from their file extension and so forth. If golang-openssl can determine all certs & keys I don’t want it, however simply now I don’t know if it could.
If golang-openssl cannot do that, is there a golang library which may achieve this? For my wants it should be capable of differentiate between:
- cert (der)
- cert (pem)
- key (der)
- key (pem)
- key (pem – encrypted)
That will be sufficient for me.
ATM I’ve these two exterior libs which I need to do away with, so my utility is 100% go-based and never some sub-shell frankenstein mission.
My long run purpose
…with golang is, to have the ability to run my code 100% in golang with no different exterior dependencies.
I need to do that for a number of causes:
- efficiency
- safety
- integrity
- with the ability to run at docker-scratch
I used to be in a position to run my complete utility as <10MB docker-image, however I needed to disable ALL components which required “openssl” and “file”. Which implies for me, that the appliance was probably not usable, however I’m extremely impressed by how small such a docker-image can get when you use golang and construct your app. I actually love this and want to study extra about golang and the dockerization of golang-based purposes
That’s it for now. I hope some pleasant souls right here may give me some enter and even higher examples and the way they’d do it.
Btw, right here the is what I exploit:
- golang v1.19.1
- gin v1.8.1
So for me it’s a gin-based webserver.
Greatest regards.
