标签:自签 证书及 err x509 nil 国密 template file string
go语言生成自签证书文件(SM2)
package main
import (
"crypto/rand"
"crypto/x509/pkix"
"encoding/pem"
"github.com/tjfoc/gmsm/sm2"
"github.com/tjfoc/gmsm/x509"
"math/big"
"net"
"os"
"time"
)
func GenerateCertKeySM2(host, commonName string, alternateIPs []net.IP, alternateDNS []string){
priv, err := sm2.GenerateKey(rand.Reader)
if err != nil {
panic(err)
}
max := new(big.Int).Lsh(big.NewInt(1), 128)
serialNumber, _ := rand.Int(rand.Reader, max)
template := x509.Certificate{
SerialNumber: serialNumber,
Issuer: pkix.Name{},
Subject: pkix.Name{
CommonName: commonName,
Organization: []string{"Test"},
Country: []string{"CN"},
ExtraNames: []pkix.AttributeTypeAndValue{
{
Type: []int{2, 5, 4, 42},
Value: "Gopher",
},
{
Type: []int{2, 5, 4, 6},
Value: "NL",
},
},
},
NotBefore: time.Now(),
NotAfter: time.Now().Add(time.Hour * 24 * 365),
KeyUsage: x509.KeyUsageKeyEncipherment | x509.KeyUsageDigitalSignature | x509.KeyUsageCertSign,
BasicConstraintsValid: true,
IsCA: true,
SignatureAlgorithm: x509.SM2WithSM3,
}
if ip := net.ParseIP(host); ip != nil {
template.IPAddresses = append(template.IPAddresses, ip)
}else {
template.DNSNames = append(template.DNSNames, host)
}
template.IPAddresses = append(template.IPAddresses, alternateIPs...)
template.DNSNames = append(template.DNSNames, alternateDNS...)
publicKey := priv.Public().(*sm2.PublicKey)
certificateToPem, err := x509.CreateCertificateToPem(&template, &template, publicKey, priv)
if err != nil {
panic(err)
}
file, err := os.Create("caSM2.crt")
if err != nil {
panic(err)
}
defer file.Close()
file.Write(certificateToPem)
privateKey, err := x509.MarshalSm2PrivateKey(priv, []byte("jjjjjj"))
if err != nil {
panic(err)
}
block := pem.Block{
Type: "SM2 PRIVATE KEY",
Headers: nil,
Bytes: privateKey,
}
file, err = os.Create("caSM2.key")
if err != nil {
panic(err)
}
defer file.Close()
err = pem.Encode(file, &block)
if err != nil {
panic(err)
}
}
func main(){
ip := []byte("127.0.0.1")
alternateDNS := []string{"localhost"}
GenerateCertKeySM2("192.168.0.1", "www.example.com", []net.IP{net.ParseIP(string(ip))}, alternateDNS)
}
查看证书信息,用该库生成的证书Signature Algorithm字段解析出来的值与template中设置的不一致,已在GitHub提交了issue
$ openssl x509 -in caSM2.crt -noout -text
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
ed:e3:0a:34:c5:8f:49:09:13:e4:7b:77:ec:45:87:c8
Signature Algorithm: 1.2.156.10197.1.501
Issuer: O = Test, CN = www.example.com, GN = Gopher, C = NL
Validity
Not Before: May 28 13:20:58 2021 GMT
Not After : May 28 13:20:58 2022 GMT
Subject: O = Test, CN = www.example.com, GN = Gopher, C = NL
Subject Public Key Info:
Public Key Algorithm: id-ecPublicKey
Public-Key: (256 bit)
pub:
04:85:a3:bf:57:67:23:40:fb:81:c4:3f:14:c9:96:
31:a7:76:68:2b:c7:2b:56:b4:9d:3e:f8:9b:69:ff:
97:60:97:97:5d:09:ad:fe:95:28:d1:75:59:bf:00:
f8:cb:8f:27:d9:af:4d:4d:57:07:d8:dd:20:a7:eb:
d0:6e:2d:25:8f
ASN1 OID: SM2
X509v3 extensions:
X509v3 Key Usage: critical
Digital Signature, Key Encipherment, Certificate Sign
X509v3 Basic Constraints: critical
CA:TRUE
X509v3 Subject Alternative Name:
DNS:localhost, IP Address:192.168.0.1, IP Address:127.0.0.1
Signature Algorithm: 1.2.156.10197.1.501
30:45:02:20:7f:27:cf:23:2e:53:15:e7:0c:23:3a:6d:3b:23:
f8:6a:8e:6d:cb:ed:6a:af:e5:a3:46:d3:2a:2d:f0:21:1e:d6:
02:21:00:bf:81:4e:74:19:e2:fe:bc:25:86:1b:39:12:8f:b5:
f5:15:76:14:29:f1:5f:9b:32:da:13:b1:1c:bb:3a:f4:8f
标签:自签,证书及,err,x509,nil,国密,template,file,string 来源: https://blog.csdn.net/weixin_38299404/article/details/117375860
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。