cert

package

v1.17.27 Latest Latest Go to latest Published: Dec 25, 2025 License: BSD-3-Clause Imports: 7 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/luxfi/crypto

Links

Open Source Insights

Documentation ¶

Overview ¶

Package cert provides X.509 certificate handling for post-quantum algorithms

Index ¶

Variables
type CertBuilder
- func NewCertBuilder(signer sign.Signer) *CertBuilder
type CertPool
- func NewCertPool() *CertPool
- func (cp *CertPool) AddCert(cert *MLDSACert)
- func (cp *CertPool) VerifyChain(chain []*MLDSACert, now time.Time) error
type MLDSACert
- func ParseMLDSACert(der []byte) (*MLDSACert, error)
type SPKIPinner
- func NewSPKIPinner(pins []string) *SPKIPinner
- func (sp *SPKIPinner) Verify(pk sign.PublicKey) bool

Constants ¶

This section is empty.

Variables ¶

View Source

var (
	OIDMLDSA44 = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 2, 267, 7, 6, 5}  // ML-DSA-44
	OIDMLDSA65 = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 2, 267, 7, 8, 7}  // ML-DSA-65
	OIDMLDSA87 = asn1.ObjectIdentifier{1, 3, 6, 1, 4, 1, 2, 267, 7, 10, 8} // ML-DSA-87
)

OID definitions for ML-DSA algorithms

Functions ¶

This section is empty.

Types ¶

type CertBuilder ¶

type CertBuilder struct {
	// contains filtered or unexported fields
}

CertBuilder builds ML-DSA certificates

func NewCertBuilder ¶

func NewCertBuilder(signer sign.Signer) *CertBuilder

NewCertBuilder creates a new certificate builder

func (*CertBuilder) Build ¶

func (cb *CertBuilder) Build(publicKey sign.PublicKey, issuerKey sign.PrivateKey) (*MLDSACert, error)

Build creates the certificate

func (*CertBuilder) SetCA ¶

func (cb *CertBuilder) SetCA(isCA bool) *CertBuilder

SetCA marks the certificate as a CA

func (*CertBuilder) SetCapabilities ¶

func (cb *CertBuilder) SetCapabilities(caps []string) *CertBuilder

SetCapabilities sets the capabilities extension

func (*CertBuilder) SetNodeID ¶

func (cb *CertBuilder) SetNodeID(nodeID string) *CertBuilder

SetNodeID sets the node ID extension

func (*CertBuilder) SetRole ¶

func (cb *CertBuilder) SetRole(role string) *CertBuilder

SetRole sets the role extension

func (*CertBuilder) SetSubject ¶

func (cb *CertBuilder) SetSubject(subject pkix.Name) *CertBuilder

SetSubject sets the certificate subject

func (*CertBuilder) SetValidity ¶

func (cb *CertBuilder) SetValidity(notBefore, notAfter time.Time) *CertBuilder

SetValidity sets the certificate validity period

type CertPool ¶

type CertPool struct {
	// contains filtered or unexported fields
}

CertPool represents a pool of trusted certificates

func NewCertPool ¶

func NewCertPool() *CertPool

NewCertPool creates a new certificate pool

func (*CertPool) AddCert ¶

func (cp *CertPool) AddCert(cert *MLDSACert)

AddCert adds a certificate to the pool

func (*CertPool) VerifyChain ¶

func (cp *CertPool) VerifyChain(chain []*MLDSACert, now time.Time) error

VerifyChain verifies a certificate chain

type MLDSACert ¶

type MLDSACert struct {
	Raw          []byte
	PublicKey    sign.PublicKey
	Subject      pkix.Name
	Issuer       pkix.Name
	SerialNumber []byte
	NotBefore    time.Time
	NotAfter     time.Time
	KeyUsage     x509.KeyUsage
	ExtKeyUsage  []x509.ExtKeyUsage
	IsCA         bool

	// Custom extensions for QZMQ
	NodeID       string
	Capabilities []string
	Role         string
}

MLDSACert represents an ML-DSA certificate

func ParseMLDSACert ¶

func ParseMLDSACert(der []byte) (*MLDSACert, error)

ParseMLDSACert parses an ML-DSA certificate

type SPKIPinner ¶

type SPKIPinner struct {
	// contains filtered or unexported fields
}

SPKIPinner implements SPKI pinning

func NewSPKIPinner ¶

func NewSPKIPinner(pins []string) *SPKIPinner

NewSPKIPinner creates a new SPKI pinner

func (*SPKIPinner) Verify ¶

func (sp *SPKIPinner) Verify(pk sign.PublicKey) bool

Verify checks if a public key is pinned

Source Files ¶

View all Source files

cert.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL