study/uTools-Manuals
1
0
Fork 0
mirror of https://github.com/fofolee/uTools-Manuals.git synced 2025-10-14 05:54:28 +08:00
Code Issues Packages Projects Releases Wiki Activity

新增go和tmux

Browse Source
This commit is contained in:
fofolee
2020-06-28 23:41:19 +08:00
parent 25f5f18c6c
commit c5038f634f
149 changed files with 40779 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
src/docs/go/crypto/aes.html Normal file
View File

@@ -0,0 +1,23 @@
<div class="container">
<h1 id="pkg-overview">package aes</h1>
<p><code>import "crypto/aes"</code>
</p><p>aes包实现了AES加密算法参见U.S. Federal Information Processing Standards Publication 197。</p>
<h2 id="pkg-constants">Constants </h2>
<pre>const <span id="BlockSize">BlockSize</span> = 16</pre>
<p>AES字节块大小。</p>
<h2 id="KeySizeError">type <a href="https://github.com/golang/go/blob/master/src/crypto/aes/cipher.go?name=release#21" title="View Source">KeySizeError</a> </h2>
<pre>type KeySizeError <a href="builtin.htm#int">int</a></pre>
<h3 id="KeySizeError.Error">func (KeySizeError) <a href="https://github.com/golang/go/blob/master/src/crypto/aes/cipher.go?name=release#23" title="View Source">Error</a> </h3>
<pre class="funcdecl">func (k <a href="#KeySizeError">KeySizeError</a>) Error() <a href="builtin.htm#string">string</a></pre>
<h2 id="NewCipher">func <a href="https://github.com/golang/go/blob/master/src/crypto/aes/cipher.go?name=release#31" title="View Source">NewCipher</a> </h2>
<pre class="funcdecl">func NewCipher(key []<a href="builtin.htm#byte">byte</a>) (<a href="crypto/cipher.htm">cipher</a>.<a href="crypto/cipher.htm#Block">Block</a>, <a href="builtin.htm#error">error</a>)</pre>
<p>创建一个cipher.Block接口。参数key为密钥长度只能是16、24、32字节用以选择AES-128、AES-192、AES-256。</p>
</div>

395
src/docs/go/crypto/cipher.html Normal file
View File

@@ -0,0 +1,395 @@
<div class="container">
<h1 id="pkg-overview">package cipher</h1>
<p><code>import "crypto/cipher"</code>
</p><p align="left">cipher包实现了多个标准的用于包装底层块加密算法的加密算法实现。</p>
<p align="left">参见<a href="http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html">http://csrc.nist.gov/groups/ST/toolkit/BCM/current_modes.html</a>和NIST Special Publication 800-38A。</p>
<h2 id="Block">type <a href="https://github.com/golang/go/blob/master/src/crypto/cipher/cipher.go?name=release#15" title="View Source">Block</a> </h2>
<pre>type Block interface {
<span class="com">// 返回加密字节块的大小</span>
<span id="Block.BlockSize">BlockSize</span>() <a href="builtin.htm#int">int</a>
<span class="com">// 加密src的第一块数据并写入dstsrc和dst可指向同一内存地址</span>
<span id="Block.Encrypt">Encrypt</span>(dst, src []<a href="builtin.htm#byte">byte</a>)
<span class="com">// 解密src的第一块数据并写入dstsrc和dst可指向同一内存地址</span>
<span id="Block.Decrypt">Decrypt</span>(dst, src []<a href="builtin.htm#byte">byte</a>)
}</pre>
<p>Block接口代表一个使用特定密钥的底层块加/解密器。它提供了加密和解密独立数据块的能力。</p>
<h2 id="BlockMode">type <a href="https://github.com/golang/go/blob/master/src/crypto/cipher/cipher.go?name=release#37" title="View Source">BlockMode</a> </h2>
<pre>type BlockMode interface {
<span class="com">// 返回加密字节块的大小</span>
<span id="BlockMode.BlockSize">BlockSize</span>() <a href="builtin.htm#int">int</a>
<span class="com">// 加密或解密连续的数据块src的尺寸必须是块大小的整数倍src和dst可指向同一内存地址</span>
<span id="BlockMode.CryptBlocks">CryptBlocks</span>(dst, src []<a href="builtin.htm#byte">byte</a>)
}</pre>
<p>BlockMode接口代表一个工作在块模式如CBC、ECB等的加/解密器。</p>
<h3 id="NewCBCEncrypter">func <a href="https://github.com/golang/go/blob/master/src/crypto/cipher/cbc.go?name=release#35" title="View Source">NewCBCEncrypter</a> </h3>
<pre class="funcdecl">func NewCBCEncrypter(b <a href="#Block">Block</a>, iv []<a href="builtin.htm#byte">byte</a>) <a href="#BlockMode">BlockMode</a></pre>
<p>返回一个密码分组链接模式的、底层用b加密的BlockMode接口初始向量iv的长度必须等于b的块尺寸。</p>
<div class="panel-group">
<div class="panel panel-default" id="example-NewCBCEncrypter">
<div class="panel-heading" onclick="document.getElementById('ex-NewCBCEncrypter').style.display = document.getElementById('ex-NewCBCEncrypter').style.display=='none'?'block':'none';">Example</div>
<div class="panel-collapse collapse" id="ex-NewCBCEncrypter">
<div class="panel-body">
<pre>key := []byte("example key 1234")
plaintext := []byte("exampleplaintext")
<span class="com">// CBC mode works on blocks so plaintexts may need to be padded to the</span>
<span class="com">// next whole block. For an example of such padding, see</span>
<span class="com">// https://tools.ietf.org/html/rfc5246#section-6.2.3.2. Here we'll</span>
<span class="com">// assume that the plaintext is already of the correct length.</span>
if len(plaintext)%aes.BlockSize != 0 {
panic("plaintext is not a multiple of the block size")
}
block, err := aes.NewCipher(key)
if err != nil {
panic(err)
}
<span class="com">// The IV needs to be unique, but not secure. Therefore it's common to</span>
<span class="com">// include it at the beginning of the ciphertext.</span>
ciphertext := make([]byte, aes.BlockSize+len(plaintext))
iv := ciphertext[:aes.BlockSize]
if _, err := io.ReadFull(rand.Reader, iv); err != nil {
panic(err)
}
mode := cipher.NewCBCEncrypter(block, iv)
mode.CryptBlocks(ciphertext[aes.BlockSize:], plaintext)
<span class="com">// It's important to remember that ciphertexts must be authenticated</span>
<span class="com">// (i.e. by using crypto/hmac) as well as being encrypted in order to</span>
<span class="com">// be secure.</span>
fmt.Printf("%x\n", ciphertext)
</pre>
</div>
</div>
</div>
</div>
<h3 id="NewCBCDecrypter">func <a href="https://github.com/golang/go/blob/master/src/crypto/cipher/cbc.go?name=release#81" title="View Source">NewCBCDecrypter</a> </h3>
<pre class="funcdecl">func NewCBCDecrypter(b <a href="#Block">Block</a>, iv []<a href="builtin.htm#byte">byte</a>) <a href="#BlockMode">BlockMode</a></pre>
<p>返回一个密码分组链接模式的、底层用b解密的BlockMode接口初始向量iv必须和加密时使用的iv相同。</p>
<div class="panel-group">
<div class="panel panel-default" id="example-NewCBCDecrypter">
<div class="panel-heading" onclick="document.getElementById('ex-NewCBCDecrypter').style.display = document.getElementById('ex-NewCBCDecrypter').style.display=='none'?'block':'none';">Example</div>
<div class="panel-collapse collapse" id="ex-NewCBCDecrypter">
<div class="panel-body">
<pre>key := []byte("example key 1234")
ciphertext, _ := hex.DecodeString("f363f3ccdcb12bb883abf484ba77d9cd7d32b5baecb3d4b1b3e0e4beffdb3ded")
block, err := aes.NewCipher(key)
if err != nil {
panic(err)
}
<span class="com">// The IV needs to be unique, but not secure. Therefore it's common to</span>
<span class="com">// include it at the beginning of the ciphertext.</span>
if len(ciphertext) &lt; aes.BlockSize {
panic("ciphertext too short")
}
iv := ciphertext[:aes.BlockSize]
ciphertext = ciphertext[aes.BlockSize:]
<span class="com">// CBC mode always works in whole blocks.</span>
if len(ciphertext)%aes.BlockSize != 0 {
panic("ciphertext is not a multiple of the block size")
}
mode := cipher.NewCBCDecrypter(block, iv)
<span class="com">// CryptBlocks can work in-place if the two arguments are the same.</span>
mode.CryptBlocks(ciphertext, ciphertext)
<span class="com">// If the original plaintext lengths are not a multiple of the block</span>
<span class="com">// size, padding would have to be added when encrypting, which would be</span>
<span class="com">// removed at this point. For an example, see</span>
<span class="com">// https://tools.ietf.org/html/rfc5246#section-6.2.3.2. However, it's</span>
<span class="com">// critical to note that ciphertexts must be authenticated (i.e. by</span>
<span class="com">// using crypto/hmac) before being decrypted in order to avoid creating</span>
<span class="com">// a padding oracle.</span>
fmt.Printf("%s\n", ciphertext)</pre>
<p>Output:
</p><pre>exampleplaintext
</pre>
</div>
</div>
</div>
</div>
<h2 id="Stream">type <a href="https://github.com/golang/go/blob/master/src/crypto/cipher/cipher.go?name=release#29" title="View Source">Stream</a> </h2>
<pre>type Stream interface {
<span class="com">// 从加密器的key流和src中依次取出字节二者xor后写入dstsrc和dst可指向同一内存地址</span>
<span id="Stream.XORKeyStream">XORKeyStream</span>(dst, src []<a href="builtin.htm#byte">byte</a>)
}</pre>
<p>Stream接口代表一个流模式的加/解密器。</p>
<h3 id="NewCFBEncrypter">func <a href="https://github.com/golang/go/blob/master/src/crypto/cipher/cfb.go?name=release#45" title="View Source">NewCFBEncrypter</a> </h3>
<pre class="funcdecl">func NewCFBEncrypter(block <a href="#Block">Block</a>, iv []<a href="builtin.htm#byte">byte</a>) <a href="#Stream">Stream</a></pre>
<p>返回一个密码反馈模式的、底层用block加密的Stream接口初始向量iv的长度必须等于block的块尺寸。</p>
<div class="panel-group">
<div class="panel panel-default" id="example-NewCFBEncrypter">
<div class="panel-heading" onclick="document.getElementById('ex-NewCFBEncrypter').style.display = document.getElementById('ex-NewCFBEncrypter').style.display=='none'?'block':'none';">Example</div>
<div class="panel-collapse collapse" id="ex-NewCFBEncrypter">
<div class="panel-body">
<pre>key := []byte("example key 1234")
plaintext := []byte("some plaintext")
block, err := aes.NewCipher(key)
if err != nil {
panic(err)
}
<span class="com">// The IV needs to be unique, but not secure. Therefore it's common to</span>
<span class="com">// include it at the beginning of the ciphertext.</span>
ciphertext := make([]byte, aes.BlockSize+len(plaintext))
iv := ciphertext[:aes.BlockSize]
if _, err := io.ReadFull(rand.Reader, iv); err != nil {
panic(err)
}
stream := cipher.NewCFBEncrypter(block, iv)
stream.XORKeyStream(ciphertext[aes.BlockSize:], plaintext)
<span class="com">// It's important to remember that ciphertexts must be authenticated</span>
<span class="com">// (i.e. by using crypto/hmac) as well as being encrypted in order to</span>
<span class="com">// be secure.</span>
</pre>
</div>
</div>
</div>
</div>
<h3 id="NewCFBDecrypter">func <a href="https://github.com/golang/go/blob/master/src/crypto/cipher/cfb.go?name=release#52" title="View Source">NewCFBDecrypter</a> </h3>
<pre class="funcdecl">func NewCFBDecrypter(block <a href="#Block">Block</a>, iv []<a href="builtin.htm#byte">byte</a>) <a href="#Stream">Stream</a></pre>
<p>返回一个密码反馈模式的、底层用block解密的Stream接口初始向量iv必须和加密时使用的iv相同。</p>
<div class="panel-group">
<div class="panel panel-default" id="example-NewCFBDecrypter">
<div class="panel-heading" onclick="document.getElementById('ex-NewCFBDecrypter').style.display = document.getElementById('ex-NewCFBDecrypter').style.display=='none'?'block':'none';">Example</div>
<div class="panel-collapse collapse" id="ex-NewCFBDecrypter">
<div class="panel-body">
<pre>key := []byte("example key 1234")
ciphertext, _ := hex.DecodeString("22277966616d9bc47177bd02603d08c9a67d5380d0fe8cf3b44438dff7b9")
block, err := aes.NewCipher(key)
if err != nil {
panic(err)
}
<span class="com">// The IV needs to be unique, but not secure. Therefore it's common to</span>
<span class="com">// include it at the beginning of the ciphertext.</span>
if len(ciphertext) &lt; aes.BlockSize {
panic("ciphertext too short")
}
iv := ciphertext[:aes.BlockSize]
ciphertext = ciphertext[aes.BlockSize:]
stream := cipher.NewCFBDecrypter(block, iv)
<span class="com">// XORKeyStream can work in-place if the two arguments are the same.</span>
stream.XORKeyStream(ciphertext, ciphertext)
fmt.Printf("%s", ciphertext)</pre>
<p>Output:
</p><pre>some plaintext
</pre>
</div>
</div>
</div>
</div>
<h3 id="NewOFB">func <a href="https://github.com/golang/go/blob/master/src/crypto/cipher/ofb.go?name=release#19" title="View Source">NewOFB</a> </h3>
<pre class="funcdecl">func NewOFB(b <a href="#Block">Block</a>, iv []<a href="builtin.htm#byte">byte</a>) <a href="#Stream">Stream</a></pre>
<p>返回一个输出反馈模式的、底层采用b生成key流的Stream接口初始向量iv的长度必须等于b的块尺寸。</p>
<div class="panel-group">
<div class="panel panel-default" id="example-NewOFB">
<div class="panel-heading" onclick="document.getElementById('ex-NewOFB').style.display = document.getElementById('ex-NewOFB').style.display=='none'?'block':'none';">Example</div>
<div class="panel-collapse collapse" id="ex-NewOFB">
<div class="panel-body">
<pre>key := []byte("example key 1234")
plaintext := []byte("some plaintext")
block, err := aes.NewCipher(key)
if err != nil {
panic(err)
}
<span class="com">// The IV needs to be unique, but not secure. Therefore it's common to</span>
<span class="com">// include it at the beginning of the ciphertext.</span>
ciphertext := make([]byte, aes.BlockSize+len(plaintext))
iv := ciphertext[:aes.BlockSize]
if _, err := io.ReadFull(rand.Reader, iv); err != nil {
panic(err)
}
stream := cipher.NewOFB(block, iv)
stream.XORKeyStream(ciphertext[aes.BlockSize:], plaintext)
<span class="com">// It's important to remember that ciphertexts must be authenticated</span>
<span class="com">// (i.e. by using crypto/hmac) as well as being encrypted in order to</span>
<span class="com">// be secure.</span>
<span class="com">// OFB mode is the same for both encryption and decryption, so we can</span>
<span class="com">// also decrypt that ciphertext with NewOFB.</span>
plaintext2 := make([]byte, len(plaintext))
stream = cipher.NewOFB(block, iv)
stream.XORKeyStream(plaintext2, ciphertext[aes.BlockSize:])
fmt.Printf("%s\n", plaintext2)</pre>
<p>Output:
</p><pre>some plaintext
</pre>
</div>
</div>
</div>
</div>
<h3 id="NewCTR">func <a href="https://github.com/golang/go/blob/master/src/crypto/cipher/ctr.go?name=release#26" title="View Source">NewCTR</a> </h3>
<pre class="funcdecl">func NewCTR(block <a href="#Block">Block</a>, iv []<a href="builtin.htm#byte">byte</a>) <a href="#Stream">Stream</a></pre>
<p>返回一个计数器模式的、底层采用block生成key流的Stream接口初始向量iv的长度必须等于block的块尺寸。</p>
<div class="panel-group">
<div class="panel panel-default" id="example-NewCTR">
<div class="panel-heading" onclick="document.getElementById('ex-NewCTR').style.display = document.getElementById('ex-NewCTR').style.display=='none'?'block':'none';">Example</div>
<div class="panel-collapse collapse" id="ex-NewCTR">
<div class="panel-body">
<pre>key := []byte("example key 1234")
plaintext := []byte("some plaintext")
block, err := aes.NewCipher(key)
if err != nil {
panic(err)
}
<span class="com">// The IV needs to be unique, but not secure. Therefore it's common to</span>
<span class="com">// include it at the beginning of the ciphertext.</span>
ciphertext := make([]byte, aes.BlockSize+len(plaintext))
iv := ciphertext[:aes.BlockSize]
if _, err := io.ReadFull(rand.Reader, iv); err != nil {
panic(err)
}
stream := cipher.NewCTR(block, iv)
stream.XORKeyStream(ciphertext[aes.BlockSize:], plaintext)
<span class="com">// It's important to remember that ciphertexts must be authenticated</span>
<span class="com">// (i.e. by using crypto/hmac) as well as being encrypted in order to</span>
<span class="com">// be secure.</span>
<span class="com">// CTR mode is the same for both encryption and decryption, so we can</span>
<span class="com">// also decrypt that ciphertext with NewCTR.</span>
plaintext2 := make([]byte, len(plaintext))
stream = cipher.NewCTR(block, iv)
stream.XORKeyStream(plaintext2, ciphertext[aes.BlockSize:])
fmt.Printf("%s\n", plaintext2)</pre>
<p>Output:
</p><pre>some plaintext
</pre>
</div>
</div>
</div>
</div>
<h2 id="StreamReader">type <a href="https://github.com/golang/go/blob/master/src/crypto/cipher/io.go?name=release#14" title="View Source">StreamReader</a> </h2>
<pre>type StreamReader struct {
<span id="StreamReader.S">S</span> <a href="#Stream">Stream</a>
<span id="StreamReader.R">R</span> <a href="io.htm">io</a>.<a href="io.htm#Reader">Reader</a>
}</pre>
<p>将一个Stream与一个io.Reader接口关联起来Read方法会调用XORKeyStream方法来处理获取的所有切片。</p>
<div class="panel-group">
<div class="panel panel-default" id="example-StreamReader">
<div class="panel-heading" onclick="document.getElementById('ex-StreamReader').style.display = document.getElementById('ex-StreamReader').style.display=='none'?'block':'none';">Example</div>
<div class="panel-collapse collapse" id="ex-StreamReader">
<div class="panel-body">
<pre>key := []byte("example key 1234")
inFile, err := os.Open("encrypted-file")
if err != nil {
panic(err)
}
defer inFile.Close()
block, err := aes.NewCipher(key)
if err != nil {
panic(err)
}
<span class="com">// If the key is unique for each ciphertext, then it's ok to use a zero</span>
<span class="com">// IV.</span>
var iv [aes.BlockSize]byte
stream := cipher.NewOFB(block, iv[:])
outFile, err := os.OpenFile("decrypted-file", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
if err != nil {
panic(err)
}
defer outFile.Close()
reader := &amp;cipher.StreamReader{S: stream, R: inFile}
<span class="com">// Copy the input file to the output file, decrypting as we go.</span>
if _, err := io.Copy(outFile, reader); err != nil {
panic(err)
}
<span class="com">// Note that this example is simplistic in that it omits any</span>
<span class="com">// authentication of the encrypted data. It you were actually to use</span>
<span class="com">// StreamReader in this manner, an attacker could flip arbitrary bits in</span>
<span class="com">// the output.</span>
</pre>
</div>
</div>
</div>
</div>
<h3 id="StreamReader.Read">func (StreamReader) <a href="https://github.com/golang/go/blob/master/src/crypto/cipher/io.go?name=release#19" title="View Source">Read</a> </h3>
<pre class="funcdecl">func (r <a href="#StreamReader">StreamReader</a>) Read(dst []<a href="builtin.htm#byte">byte</a>) (n <a href="builtin.htm#int">int</a>, err <a href="builtin.htm#error">error</a>)</pre>
<h2 id="StreamWriter">type <a href="https://github.com/golang/go/blob/master/src/crypto/cipher/io.go?name=release#30" title="View Source">StreamWriter</a> </h2>
<pre>type StreamWriter struct {
<span id="StreamWriter.S">S</span> <a href="#Stream">Stream</a>
<span id="StreamWriter.W">W</span> <a href="io.htm">io</a>.<a href="io.htm#Writer">Writer</a>
<span id="StreamWriter.Err">Err</span> <a href="builtin.htm#error">error</a> <span class="com">// unused</span>
}</pre>
<p>将一个Stream与一个io.Writer接口关联起来Write方法会调用XORKeyStream方法来处理提供的所有切片。如果Write方法返回的n小于提供的切片的长度则表示StreamWriter不同步必须丢弃。StreamWriter没有内建的缓存不需要调用Close方法去清空缓存。</p>
<div class="panel-group">
<div class="panel panel-default" id="example-StreamWriter">
<div class="panel-heading" onclick="document.getElementById('ex-StreamWriter').style.display = document.getElementById('ex-StreamWriter').style.display=='none'?'block':'none';">Example</div>
<div class="panel-collapse collapse" id="ex-StreamWriter">
<div class="panel-body">
<pre>key := []byte("example key 1234")
inFile, err := os.Open("plaintext-file")
if err != nil {
panic(err)
}
defer inFile.Close()
block, err := aes.NewCipher(key)
if err != nil {
panic(err)
}
<span class="com">// If the key is unique for each ciphertext, then it's ok to use a zero</span>
<span class="com">// IV.</span>
var iv [aes.BlockSize]byte
stream := cipher.NewOFB(block, iv[:])
outFile, err := os.OpenFile("encrypted-file", os.O_WRONLY|os.O_CREATE|os.O_TRUNC, 0600)
if err != nil {
panic(err)
}
defer outFile.Close()
writer := &amp;cipher.StreamWriter{S: stream, W: outFile}
<span class="com">// Copy the input file to the output file, encrypting as we go.</span>
if _, err := io.Copy(writer, inFile); err != nil {
panic(err)
}
<span class="com">// Note that this example is simplistic in that it omits any</span>
<span class="com">// authentication of the encrypted data. It you were actually to use</span>
<span class="com">// StreamReader in this manner, an attacker could flip arbitrary bits in</span>
<span class="com">// the decrypted result.</span>
</pre>
</div>
</div>
</div>
</div>
<h3 id="StreamWriter.Write">func (StreamWriter) <a href="https://github.com/golang/go/blob/master/src/crypto/cipher/io.go?name=release#36" title="View Source">Write</a> </h3>
<pre class="funcdecl">func (w <a href="#StreamWriter">StreamWriter</a>) Write(src []<a href="builtin.htm#byte">byte</a>) (n <a href="builtin.htm#int">int</a>, err <a href="builtin.htm#error">error</a>)</pre>
<h3 id="StreamWriter.Close">func (StreamWriter) <a href="https://github.com/golang/go/blob/master/src/crypto/cipher/io.go?name=release#50" title="View Source">Close</a> </h3>
<pre class="funcdecl">func (w <a href="#StreamWriter">StreamWriter</a>) Close() <a href="builtin.htm#error">error</a></pre>
<p>如果w.W字段实现了io.Closer接口本方法会调用其Close方法并返回该方法的返回值否则不做操作返回nil。</p>
<h2 id="AEAD">type <a href="https://github.com/golang/go/blob/master/src/crypto/cipher/gcm.go?name=release#14" title="View Source">AEAD</a> </h2>
<pre>type AEAD interface {
<span class="com">// 返回提供给Seal和Open方法的随机数nonce的字节长度</span>
<span id="AEAD.NonceSize">NonceSize</span>() <a href="builtin.htm#int">int</a>
<span class="com">// 返回原始文本和加密文本的最大长度差异</span>
<span id="AEAD.Overhead">Overhead</span>() <a href="builtin.htm#int">int</a>
<span class="com">// 加密并认证明文认证附加的data将结果添加到dst返回更新后的切片。</span>
<span class="com">// nonce的长度必须是NonceSize()字节且对给定的key和时间都是独一无二的。</span>
<span class="com">// plaintext和dst可以是同一个切片也可以不同。</span>
<span id="AEAD.Seal">Seal</span>(dst, nonce, plaintext, data []<a href="builtin.htm#byte">byte</a>) []<a href="builtin.htm#byte">byte</a>
<span class="com">// 解密密文并认证认证附加的data如果认证成功将明文添加到dst返回更新后的切片。</span>
<span class="com">// nonce的长度必须是NonceSize()字节nonce和data都必须和加密时使用的相同。</span>
<span class="com">// ciphertext和dst可以是同一个切片也可以不同。</span>
<span id="AEAD.Open">Open</span>(dst, nonce, ciphertext, data []<a href="builtin.htm#byte">byte</a>) ([]<a href="builtin.htm#byte">byte</a>, <a href="builtin.htm#error">error</a>)
}</pre>
<p>AEAD接口是一种提供了使用关联数据进行认证加密的功能的加密模式。</p>
<h3 id="NewGCM">func <a href="https://github.com/golang/go/blob/master/src/crypto/cipher/gcm.go?name=release#62" title="View Source">NewGCM</a> </h3>
<pre class="funcdecl">func NewGCM(cipher <a href="#Block">Block</a>) (<a href="#AEAD">AEAD</a>, <a href="builtin.htm#error">error</a>)</pre>
<p>函数用迦洛瓦计数器模式包装提供的128位Block接口并返回AEAD接口。</p>
</div>

49
src/docs/go/crypto/des.html Normal file
View File

@@ -0,0 +1,49 @@
<div class="container">
<h1 id="pkg-overview">package des</h1>
<p><code>import "crypto/des"</code>
</p><p>des包实现了DES标准和TDEA算法参见U.S. Federal Information Processing Standards Publication 46-3。</p>
<h2 id="pkg-constants">Constants </h2>
<pre>const <span id="BlockSize">BlockSize</span> = 8</pre>
<p>DES字节块的大小。</p>
<h2 id="KeySizeError">type <a href="https://github.com/golang/go/blob/master/src/crypto/des/cipher.go?name=release#15" title="View Source">KeySizeError</a> </h2>
<pre>type KeySizeError <a href="builtin.htm#int">int</a></pre>
<h3 id="KeySizeError.Error">func (KeySizeError) <a href="https://github.com/golang/go/blob/master/src/crypto/des/cipher.go?name=release#17" title="View Source">Error</a> </h3>
<pre class="funcdecl">func (k <a href="#KeySizeError">KeySizeError</a>) Error() <a href="builtin.htm#string">string</a></pre>
<h2 id="NewCipher">func <a href="https://github.com/golang/go/blob/master/src/crypto/des/cipher.go?name=release#27" title="View Source">NewCipher</a> </h2>
<pre class="funcdecl">func NewCipher(key []<a href="builtin.htm#byte">byte</a>) (<a href="crypto/cipher.htm">cipher</a>.<a href="crypto/cipher.htm#Block">Block</a>, <a href="builtin.htm#error">error</a>)</pre>
<p>创建并返回一个使用DES算法的cipher.Block接口。</p>
<h2 id="NewTripleDESCipher">func <a href="https://github.com/golang/go/blob/master/src/crypto/des/cipher.go?name=release#49" title="View Source">NewTripleDESCipher</a> </h2>
<pre class="funcdecl">func NewTripleDESCipher(key []<a href="builtin.htm#byte">byte</a>) (<a href="crypto/cipher.htm">cipher</a>.<a href="crypto/cipher.htm#Block">Block</a>, <a href="builtin.htm#error">error</a>)</pre>
<p>创建并返回一个使用TDEA算法的cipher.Block接口。</p>
<div class="panel-group">
<div class="panel panel-default" id="example-NewTripleDESCipher">
<div class="panel-heading" onclick="document.getElementById('ex-NewTripleDESCipher').style.display = document.getElementById('ex-NewTripleDESCipher').style.display=='none'?'block':'none';">Example</div>
<div class="panel-collapse collapse" id="ex-NewTripleDESCipher">
<div class="panel-body">
<pre><span class="com">// NewTripleDESCipher can also be used when EDE2 is required by</span>
<span class="com">// duplicating the first 8 bytes of the 16-byte key.</span>
ede2Key := []byte("example key 1234")
var tripleDESKey []byte
tripleDESKey = append(tripleDESKey, ede2Key[:16]...)
tripleDESKey = append(tripleDESKey, ede2Key[:8]...)
_, err := des.NewTripleDESCipher(tripleDESKey)
if err != nil {
panic(err)
}
<span class="com">// See crypto/cipher for how to use a cipher.Block for encryption and</span>
<span class="com">// decryption.</span>
</pre>
</div>
</div>
</div>
</div>
</div>

61
src/docs/go/crypto/dsa.html Normal file
View File

@@ -0,0 +1,61 @@
<div class="container">
<h1 id="pkg-overview">package dsa</h1>
<p><code>import "crypto/dsa"</code>
</p><p>dsa包实现FIPS 186-3定义的数字签名算法Digital Signature Algorithm即DSA算法。</p>
<h2 id="pkg-variables">Variables </h2>
<pre>var <span id="ErrInvalidPublicKey">ErrInvalidPublicKey</span> = <a href="errors.htm">errors</a>.<a href="errors.htm#New">New</a>("crypto/dsa: invalid public key")</pre>
<p>非法公钥FIPS标准的公钥格式是很严格的但有些实现没这么严格使用这些实现的公钥时就会导致这个错误。</p>
<h2 id="ParameterSizes">type <a href="https://github.com/golang/go/blob/master/src/crypto/dsa/dsa.go?name=release#40" title="View Source">ParameterSizes</a> </h2>
<pre>type ParameterSizes <a href="builtin.htm#int">int</a></pre>
<p>是DSA参数中的质数可以接受的字位长度的枚举参见FIPS 186-3 section 4.2。</p>
<pre>const (
<span id="L1024N160">L1024N160</span> <a href="#ParameterSizes">ParameterSizes</a> = <a href="builtin.htm#iota">iota</a>
<span id="L2048N224">L2048N224</span>
<span id="L2048N256">L2048N256</span>
<span id="L3072N256">L3072N256</span>
)</pre>
<h2 id="Parameters">type <a href="https://github.com/golang/go/blob/master/src/crypto/dsa/dsa.go?name=release#16" title="View Source">Parameters</a> </h2>
<pre>type Parameters struct {
<span id="Parameters.P">P</span>, <span id="Parameters.Q">Q</span>, <span id="Parameters.G">G</span> *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a>
}</pre>
<p>Parameters代表密钥的域参数这些参数可以被一组密钥共享Q的字位长度必须是8的倍数。</p>
<h2 id="PublicKey">type <a href="https://github.com/golang/go/blob/master/src/crypto/dsa/dsa.go?name=release#21" title="View Source">PublicKey</a> </h2>
<pre>type PublicKey struct {
<a href="#Parameters">Parameters</a>
<span id="PublicKey.Y">Y</span> *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a>
}</pre>
<p>PublicKey代表一个DSA公钥。</p>
<h2 id="PrivateKey">type <a href="https://github.com/golang/go/blob/master/src/crypto/dsa/dsa.go?name=release#27" title="View Source">PrivateKey</a> </h2>
<pre>type PrivateKey struct {
<a href="#PublicKey">PublicKey</a>
<span id="PrivateKey.X">X</span> *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a>
}</pre>
<p>PrivateKey代表一个DSA私钥。</p>
<h2 id="GenerateKey">func <a href="https://github.com/golang/go/blob/master/src/crypto/dsa/dsa.go?name=release#151" title="View Source">GenerateKey</a> </h2>
<h2 id="GenerateParameters">func <a href="https://github.com/golang/go/blob/master/src/crypto/dsa/dsa.go?name=release#55" title="View Source">GenerateParameters</a> </h2>
<pre class="funcdecl">func GenerateParameters(params *<a href="#Parameters">Parameters</a>, rand <a href="io.htm">io</a>.<a href="io.htm#Reader">Reader</a>, sizes <a href="#ParameterSizes">ParameterSizes</a>) (err <a href="builtin.htm#error">error</a>)</pre>
<p>GenerateParameters函数随机设置合法的参数到params。即使机器很快函数也可能会花费很多时间来生成参数。</p>
<pre class="funcdecl">func GenerateKey(priv *<a href="#PrivateKey">PrivateKey</a>, rand <a href="io.htm">io</a>.<a href="io.htm#Reader">Reader</a>) <a href="builtin.htm#error">error</a></pre>
<p>GenerateKey生成一对公钥和私钥priv.PublicKey.Parameters字段必须已经被GenerateParameters函数设置了合法的参数。</p>
<h2 id="Sign">func <a href="https://github.com/golang/go/blob/master/src/crypto/dsa/dsa.go?name=release#194" title="View Source">Sign</a> </h2>
<pre class="funcdecl">func Sign(rand <a href="io.htm">io</a>.<a href="io.htm#Reader">Reader</a>, priv *<a href="#PrivateKey">PrivateKey</a>, hash []<a href="builtin.htm#byte">byte</a>) (r, s *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a>, err <a href="builtin.htm#error">error</a>)</pre>
<p align="left">使用私钥对任意长度的hash值必须是较大信息的hash结果进行签名返回签名结果一对大整数。私钥的安全性取决于密码读取器的熵度随机程度</p>
<p align="left">注意根据FIPS 186-3 section 4.6的规定hash必须被截断到亚组的长度本函数是不会自己截断的。</p>
<h2 id="Verify">func <a href="https://github.com/golang/go/blob/master/src/crypto/dsa/dsa.go?name=release#249" title="View Source">Verify</a> </h2>
<pre class="funcdecl">func Verify(pub *<a href="#PublicKey">PublicKey</a>, hash []<a href="builtin.htm#byte">byte</a>, r, s *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a>) <a href="builtin.htm#bool">bool</a></pre>
<p align="left">使用公钥认证hash和两个大整数r、s构成的签名报告签名是否合法。</p>
<p align="left">注意根据FIPS 186-3 section 4.6的规定hash必须被截断到亚组的长度本函数是不会自己截断的。</p>
</div>

36
src/docs/go/crypto/ecdsa.html Normal file
View File

@@ -0,0 +1,36 @@
<div class="container">
<h1 id="pkg-overview">package ecdsa</h1>
<p><code>import "crypto/ecdsa"</code>
</p><p>ecdsa包实现了椭圆曲线数字签名算法参见FIPS 186-3。</p>
<h2 id="PublicKey">type <a href="https://github.com/golang/go/blob/master/src/crypto/ecdsa/ecdsa.go?name=release#22" title="View Source">PublicKey</a> </h2>
<pre>type PublicKey struct {
<a href="crypto/elliptic.htm">elliptic</a>.<a href="crypto/elliptic.htm#Curve">Curve</a>
<span id="PublicKey.X">X</span>, <span id="PublicKey.Y">Y</span> *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a>
}</pre>
<p>PrivateKey代表一个ECDSA公钥。</p>
<h2 id="PrivateKey">type <a href="https://github.com/golang/go/blob/master/src/crypto/ecdsa/ecdsa.go?name=release#28" title="View Source">PrivateKey</a> </h2>
<pre>type PrivateKey struct {
<a href="#PublicKey">PublicKey</a>
<span id="PrivateKey.D">D</span> *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a>
}</pre>
<p>PrivateKey代表一个ECDSA私钥。</p>
<h3 id="GenerateKey">func <a href="https://github.com/golang/go/blob/master/src/crypto/ecdsa/ecdsa.go?name=release#53" title="View Source">GenerateKey</a> </h3>
<p>GenerateKey函数生成一对</p>
<pre class="funcdecl">func GenerateKey(c <a href="crypto/elliptic.htm">elliptic</a>.<a href="crypto/elliptic.htm#Curve">Curve</a>, rand <a href="io.htm">io</a>.<a href="io.htm#Reader">Reader</a>) (priv *<a href="#PrivateKey">PrivateKey</a>, err <a href="builtin.htm#error">error</a>)</pre>
<p>公钥/私钥。</p>
<h2 id="Sign">func <a href="https://github.com/golang/go/blob/master/src/crypto/ecdsa/ecdsa.go?name=release#101" title="View Source">Sign</a> </h2>
<pre class="funcdecl">func Sign(rand <a href="io.htm">io</a>.<a href="io.htm#Reader">Reader</a>, priv *<a href="#PrivateKey">PrivateKey</a>, hash []<a href="builtin.htm#byte">byte</a>) (r, s *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a>, err <a href="builtin.htm#error">error</a>)</pre>
<p>使用私钥对任意长度的hash值必须是较大信息的hash结果进行签名返回签名结果一对大整数。私钥的安全性取决于密码读取器的熵度随机程度</p>
<h2 id="Verify">func <a href="https://github.com/golang/go/blob/master/src/crypto/ecdsa/ecdsa.go?name=release#138" title="View Source">Verify</a> </h2>
<pre class="funcdecl">func Verify(pub *<a href="#PublicKey">PublicKey</a>, hash []<a href="builtin.htm#byte">byte</a>, r, s *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a>) <a href="builtin.htm#bool">bool</a></pre>
<p>使用公钥验证hash值和两个大整数r、s构成的签名并返回签名是否合法。</p>
</div>

76
src/docs/go/crypto/elliptic.html Normal file
View File

@@ -0,0 +1,76 @@
<div class="container">
<h1 id="pkg-overview">package elliptic</h1>
<p><code>import "crypto/elliptic"</code>
</p><p>elliptic包实现了几条覆盖素数有限域的标准椭圆曲线。</p>
<h2 id="Curve">type <a href="https://github.com/golang/go/blob/master/src/crypto/elliptic/elliptic.go?name=release#24" title="View Source">Curve</a> </h2>
<pre>type Curve interface {
<span class="com">// Params返回椭圆曲线的参数</span>
<span id="Curve.Params">Params</span>() *<a href="#CurveParams">CurveParams</a>
<span class="com">// IsOnCurve判断一个点是否在椭圆曲线上</span>
<span id="Curve.IsOnCurve">IsOnCurve</span>(x, y *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a>) <a href="builtin.htm#bool">bool</a>
<span class="com">// 返回点(x1,y1)和点(x2,y2)相加的结果</span>
<span id="Curve.Add">Add</span>(x1, y1, x2, y2 *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a>) (x, y *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a>)
<span class="com">// 返回2*(x,y),即(x,y)+(x,y)</span>
<span id="Curve.Double">Double</span>(x1, y1 *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a>) (x, y *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a>)
<span class="com">// k是一个大端在前格式的数字返回k*(Bx,By)</span>
<span id="Curve.ScalarMult">ScalarMult</span>(x1, y1 *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a>, k []<a href="builtin.htm#byte">byte</a>) (x, y *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a>)
<span class="com">// k是一个大端在前格式的数字返回k*GG是本椭圆曲线的基点</span>
<span id="Curve.ScalarBaseMult">ScalarBaseMult</span>(k []<a href="builtin.htm#byte">byte</a>) (x, y *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a>)
}</pre>
<p align="left">Curve代表一个短格式的Weierstrass椭圆曲线其中a=-3。</p>
<p align="left">Weierstrass椭圆曲线的格式y**2 = x**3 + a*x + b</p>
<p align="left">参见<a href="http://www.hyperelliptic.org/EFD/g1p/auto-shortw.html">http://www.hyperelliptic.org/EFD/g1p/auto-shortw.html</a></p>
<h3 id="P224">func <a href="https://github.com/golang/go/blob/master/src/crypto/elliptic/p224.go?name=release#39" title="View Source">P224</a> </h3>
<pre class="funcdecl">func P224() <a href="#Curve">Curve</a></pre>
<p>返回一个实现了P-224的曲线。参见FIPS 186-3, section D.2.2</p>
<h3 id="P256">func <a href="https://github.com/golang/go/blob/master/src/crypto/elliptic/elliptic.go?name=release#358" title="View Source">P256</a> </h3>
<pre class="funcdecl">func P256() <a href="#Curve">Curve</a></pre>
<p>返回一个实现了P-256的曲线。参见FIPS 186-3, section D.2.3</p>
<h3 id="P384">func <a href="https://github.com/golang/go/blob/master/src/crypto/elliptic/elliptic.go?name=release#364" title="View Source">P384</a> </h3>
<pre class="funcdecl">func P384() <a href="#Curve">Curve</a></pre>
<p>返回一个实现了P-384的曲线。参见FIPS 186-3, section D.2.4</p>
<h3 id="P521">func <a href="https://github.com/golang/go/blob/master/src/crypto/elliptic/elliptic.go?name=release#370" title="View Source">P521</a> </h3>
<pre class="funcdecl">func P521() <a href="#Curve">Curve</a></pre>
<p>返回一个实现了P-512的曲线。参见FIPS 186-3, section D.2.5</p>
<h2 id="CurveParams">type <a href="https://github.com/golang/go/blob/master/src/crypto/elliptic/elliptic.go?name=release#42" title="View Source">CurveParams</a> </h2>
<pre>type CurveParams struct {
<span id="CurveParams.P">P</span> *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a> <span class="com">// 决定有限域的p的值必须是素数</span>
<span id="CurveParams.N">N</span> *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a> <span class="com">// 基点的阶(必须是素数)</span>
<span id="CurveParams.B">B</span> *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a> <span class="com">// 曲线公式的常量B!=2</span>
<span id="CurveParams.Gx">Gx</span>, <span id="CurveParams.Gy">Gy</span> *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a> <span class="com">// 基点的坐标</span>
<span id="CurveParams.BitSize">BitSize</span> <a href="builtin.htm#int">int</a> <span class="com">// 决定有限域的p的字位数</span>
}</pre>
<p>CurveParams包含一个椭圆曲线的所有参数也可提供一般的、非常数时间实现的椭圆曲线。</p>
<h3 id="CurveParams.Params">func (*CurveParams) <a href="https://github.com/golang/go/blob/master/src/crypto/elliptic/elliptic.go?name=release#50" title="View Source">Params</a> </h3>
<pre class="funcdecl">func (curve *<a href="#CurveParams">CurveParams</a>) Params() *<a href="#CurveParams">CurveParams</a></pre>
<h3 id="CurveParams.IsOnCurve">func (*CurveParams) <a href="https://github.com/golang/go/blob/master/src/crypto/elliptic/elliptic.go?name=release#54" title="View Source">IsOnCurve</a> </h3>
<pre class="funcdecl">func (curve *<a href="#CurveParams">CurveParams</a>) IsOnCurve(x, y *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a>) <a href="builtin.htm#bool">bool</a></pre>
<h3 id="CurveParams.Add">func (*CurveParams) <a href="https://github.com/golang/go/blob/master/src/crypto/elliptic/elliptic.go?name=release#101" title="View Source">Add</a> </h3>
<pre class="funcdecl">func (curve *<a href="#CurveParams">CurveParams</a>) Add(x1, y1, x2, y2 *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a>) (*<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a>, *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a>)</pre>
<h3 id="CurveParams.Double">func (*CurveParams) <a href="https://github.com/golang/go/blob/master/src/crypto/elliptic/elliptic.go?name=release#185" title="View Source">Double</a> </h3>
<pre class="funcdecl">func (curve *<a href="#CurveParams">CurveParams</a>) Double(x1, y1 *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a>) (*<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a>, *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a>)</pre>
<h3 id="CurveParams.ScalarMult">func (*CurveParams) <a href="https://github.com/golang/go/blob/master/src/crypto/elliptic/elliptic.go?name=release#250" title="View Source">ScalarMult</a> </h3>
<pre class="funcdecl">func (curve *<a href="#CurveParams">CurveParams</a>) ScalarMult(Bx, By *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a>, k []<a href="builtin.htm#byte">byte</a>) (*<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a>, *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a>)</pre>
<h3 id="CurveParams.ScalarBaseMult">func (*CurveParams) <a href="https://github.com/golang/go/blob/master/src/crypto/elliptic/elliptic.go?name=release#267" title="View Source">ScalarBaseMult</a> </h3>
<pre class="funcdecl">func (curve *<a href="#CurveParams">CurveParams</a>) ScalarBaseMult(k []<a href="builtin.htm#byte">byte</a>) (*<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a>, *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a>)</pre>
<h2 id="GenerateKey">func <a href="https://github.com/golang/go/blob/master/src/crypto/elliptic/elliptic.go?name=release#275" title="View Source">GenerateKey</a> </h2>
<pre class="funcdecl">func GenerateKey(curve <a href="#Curve">Curve</a>, rand <a href="io.htm">io</a>.<a href="io.htm#Reader">Reader</a>) (priv []<a href="builtin.htm#byte">byte</a>, x, y *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a>, err <a href="builtin.htm#error">error</a>)</pre>
<p>GenerateKey返回一个公钥/私钥对。priv是私钥而(x,y)是公钥。密钥对是通过提供的随机数读取器来生成的该io.Reader接口必须返回随机数据。</p>
<h2 id="Marshal">func <a href="https://github.com/golang/go/blob/master/src/crypto/elliptic/elliptic.go?name=release#297" title="View Source">Marshal</a> </h2>
<pre class="funcdecl">func Marshal(curve <a href="#Curve">Curve</a>, x, y *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a>) []<a href="builtin.htm#byte">byte</a></pre>
<p>Marshal将一个点编码为ANSI X9.62指定的格式。</p>
<h2 id="Unmarshal">func <a href="https://github.com/golang/go/blob/master/src/crypto/elliptic/elliptic.go?name=release#311" title="View Source">Unmarshal</a> </h2>
<pre class="funcdecl">func Unmarshal(curve <a href="#Curve">Curve</a>, data []<a href="builtin.htm#byte">byte</a>) (x, y *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a>)</pre>
<p>将一个Marshal编码后的点还原如果出错x会被设为nil。</p>
</div>

26
src/docs/go/crypto/hmac.html Normal file
View File

@@ -0,0 +1,26 @@
<div class="container">
<h1 id="pkg-overview">package hmac</h1>
<p><code>import "crypto/hmac"</code>
</p><p align="left">hmac包实现了U.S. Federal Information Processing Standards Publication 198规定的HMAC加密哈希信息认证码</p>
<p align="left">HMAC是使用key标记信息的加密hash。接收者使用相同的key逆运算来认证hash。</p>
<p align="left">出于安全目的接收者应使用Equal函数比较认证码</p>
<pre>// 如果messageMAC是message的合法HMAC标签函数返回真
func CheckMAC(message, messageMAC, key []byte) bool {
mac := hmac.New(sha256.New, key)
mac.Write(message)
expectedMAC := mac.Sum(nil)
return hmac.Equal(messageMAC, expectedMAC)
}</pre>
<h2 id="Equal">func <a href="https://github.com/golang/go/blob/master/src/crypto/hmac/hmac.go?name=release#97" title="View Source">Equal</a> </h2>
<pre class="funcdecl">func Equal(mac1, mac2 []<a href="builtin.htm#byte">byte</a>) <a href="builtin.htm#bool">bool</a></pre>
<p>比较两个MAC是否相同而不会泄露对比时间信息。以规避时间侧信道攻击指通过计算比较时花费的时间的长短来获取密码的信息用于密码破解</p>
<h2 id="New">func <a href="https://github.com/golang/go/blob/master/src/crypto/hmac/hmac.go?name=release#78" title="View Source">New</a> </h2>
<pre class="funcdecl">func New(h func() <a href="hash.htm">hash</a>.<a href="hash.htm#Hash">Hash</a>, key []<a href="builtin.htm#byte">byte</a>) <a href="hash.htm">hash</a>.<a href="hash.htm#Hash">Hash</a></pre>
<p>New函数返回一个采用hash.Hash作为底层hash接口、key作为密钥的HMAC算法的hash接口。</p>
</div>

59
src/docs/go/crypto/md5.html Normal file
View File

@@ -0,0 +1,59 @@
<div class="container">
<h1 id="pkg-overview">package md5</h1>
<p><code>import "crypto/md5"</code>
</p><p>md5包实现了MD5哈希算法参见<a href="http://tools.ietf.org/html/rfc1321">RFC 1321</a></p>
<h2 id="pkg-constants">Constants </h2>
<pre>const <span id="BlockSize">BlockSize</span> = 64</pre>
<p>MD5字节块大小。</p>
<pre>const <span id="Size">Size</span> = 16</pre>
<p>MD5校验和字节数。</p>
<h2 id="Sum">func <a href="https://github.com/golang/go/blob/master/src/crypto/md5/md5.go?name=release#129" title="View Source">Sum</a> </h2>
<pre class="funcdecl">func Sum(data []<a href="builtin.htm#byte">byte</a>) [<a href="#Size">Size</a>]<a href="builtin.htm#byte">byte</a></pre>
<p>返回数据data的MD5校验和。</p>
<div class="panel-group">
<div class="panel panel-default" id="example-Sum">
<div class="panel-heading" onclick="document.getElementById('ex-Sum').style.display = document.getElementById('ex-Sum').style.display=='none'?'block':'none';">Example</div>
<div class="panel-collapse collapse" id="ex-Sum">
<div class="panel-body">
<pre>data := []byte("These pretzels are making me thirsty.")
fmt.Printf("%x", md5.Sum(data))</pre>
<p>Output:
</p><pre>b0804ec967f48520697662a204f5fe72
</pre>
</div>
</div>
</div>
</div>
<h2 id="New">func <a href="https://github.com/golang/go/blob/master/src/crypto/md5/md5.go?name=release#49" title="View Source">New</a> </h2>
<pre class="funcdecl">func New() <a href="hash.htm">hash</a>.<a href="hash.htm#Hash">Hash</a></pre>
<p>返回一个新的使用MD5校验的hash.Hash接口。</p>
<div class="panel-group">
<div class="panel panel-default" id="example-New">
<div class="panel-heading" onclick="document.getElementById('ex-New').style.display = document.getElementById('ex-New').style.display=='none'?'block':'none';">Example</div>
<div class="panel-collapse collapse" id="ex-New">
<div class="panel-body">
<pre>h := md5.New()
io.WriteString(h, "The fog is getting thicker!")
io.WriteString(h, "And Leon's getting laaarger!")
fmt.Printf("%x", h.Sum(nil))</pre>
<p>Output:
</p><pre>e2c569be17396eca2a2e3c11578123ed
</pre>
</div>
</div>
</div>
</div>
</div>

51
src/docs/go/crypto/rand.html Normal file
View File

@@ -0,0 +1,51 @@
<div class="container">
<h1 id="pkg-overview">package rand</h1>
<p><code>import "crypto/rand"</code>
</p><p>rand包实现了用于加解密的更安全的随机数生成器。</p>
<h2 id="pkg-variables">Variables </h2>
<pre>var <span id="Reader">Reader</span> <a href="io.htm">io</a>.<a href="io.htm#Reader">Reader</a></pre>
<p>Reader是一个全局、共享的密码用强随机数生成器。在Unix类型系统中会从/dev/urandom读取而Windows中会调用CryptGenRandom API。</p>
<h2 id="Int">func <a href="https://github.com/golang/go/blob/master/src/crypto/rand/util.go?name=release#106" title="View Source">Int</a> </h2>
<pre class="funcdecl">func Int(rand <a href="io.htm">io</a>.<a href="io.htm#Reader">Reader</a>, max *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a>) (n *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a>, err <a href="builtin.htm#error">error</a>)</pre>
<p>返回一个在[0, max)区间服从均匀分布的随机值如果max&lt;=0则会panic。</p>
<h2 id="Prime">func <a href="https://github.com/golang/go/blob/master/src/crypto/rand/util.go?name=release#31" title="View Source">Prime</a> </h2>
<pre class="funcdecl">func Prime(rand <a href="io.htm">io</a>.<a href="io.htm#Reader">Reader</a>, bits <a href="builtin.htm#int">int</a>) (p *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a>, err <a href="builtin.htm#error">error</a>)</pre>
<p>返回一个具有指定字位数的数字该数字具有很高可能性是质数。如果从rand读取时出错或者bits&lt;2会返回错误。</p>
<h2 id="Read">func <a href="https://github.com/golang/go/blob/master/src/crypto/rand/rand.go?name=release#19" title="View Source">Read</a> </h2>
<pre class="funcdecl">func Read(b []<a href="builtin.htm#byte">byte</a>) (n <a href="builtin.htm#int">int</a>, err <a href="builtin.htm#error">error</a>)</pre>
<p>本函数是一个使用io.ReadFull调用Reader.Read的辅助性函数。当且仅当err == nil时返回值n == len(b)。</p>
<div class="panel-group">
<div class="panel panel-default" id="example-Read">
<div class="panel-heading" onclick="document.getElementById('ex-Read').style.display = document.getElementById('ex-Read').style.display=='none'?'block':'none';">Example</div>
<div class="panel-collapse collapse" id="ex-Read">
<div class="panel-body">
<pre>c := 10
b := make([]byte, c)
_, err := rand.Read(b)
if err != nil {
fmt.Println("error:", err)
return
}
<span class="com">// The slice should now contain random bytes instead of only zeroes.</span>
fmt.Println(bytes.Equal(b, make([]byte, c)))</pre>
<p>Output:
</p><pre>false
</pre>
</div>
</div>
</div>
</div>
</div>

32
src/docs/go/crypto/rc4.html Normal file
View File

@@ -0,0 +1,32 @@
<div class="container">
<h1 id="pkg-overview">package rc4</h1>
<p><code>import "crypto/rc4"</code>
</p><p>rc4包实现了RC4加密算法参见Bruce Schneier's Applied Cryptography。</p>
<h2 id="KeySizeError">type <a href="https://github.com/golang/go/blob/master/src/crypto/rc4/rc4.go?name=release#20" title="View Source">KeySizeError</a> </h2>
<pre>type KeySizeError <a href="builtin.htm#int">int</a></pre>
<h3 id="KeySizeError.Error">func (KeySizeError) <a href="https://github.com/golang/go/blob/master/src/crypto/rc4/rc4.go?name=release#22" title="View Source">Error</a> </h3>
<pre class="funcdecl">func (k <a href="#KeySizeError">KeySizeError</a>) Error() <a href="builtin.htm#string">string</a></pre>
<h2 id="Cipher">type <a href="https://github.com/golang/go/blob/master/src/crypto/rc4/rc4.go?name=release#15" title="View Source">Cipher</a> </h2>
<pre>type Cipher struct {
<span class="com">// 内含隐藏或非导出字段</span>
}</pre>
<p>Cipher是一个使用特定密钥的RC4实例本类型实现了cipher.Stream接口。</p>
<h3 id="NewCipher">func <a href="https://github.com/golang/go/blob/master/src/crypto/rc4/rc4.go?name=release#28" title="View Source">NewCipher</a> </h3>
<pre class="funcdecl">func NewCipher(key []<a href="builtin.htm#byte">byte</a>) (*<a href="#Cipher">Cipher</a>, <a href="builtin.htm#error">error</a>)</pre>
<p>NewCipher创建并返回一个新的Cipher。参数key是RC4密钥至少1字节最多256字节。</p>
<h3 id="Cipher.Reset">func (*Cipher) <a href="https://github.com/golang/go/blob/master/src/crypto/rc4/rc4.go?name=release#47" title="View Source">Reset</a> </h3>
<pre class="funcdecl">func (c *<a href="#Cipher">Cipher</a>) Reset()</pre>
<p>Reset方法会清空密钥数据以便将其数据从程序内存中清除以免被破解</p>
<h3 id="Cipher.XORKeyStream">func (*Cipher) <a href="https://github.com/golang/go/blob/master/src/crypto/rc4/rc4_asm.go?name=release#13" title="View Source">XORKeyStream</a> </h3>
<pre class="funcdecl">func (c *<a href="#Cipher">Cipher</a>) XORKeyStream(dst, src []<a href="builtin.htm#byte">byte</a>)</pre>
<p>XORKeyStream方法将src的数据与秘钥生成的伪随机位流取XOR并写入dst。dst和src可指向同一内存地址但如果指向不同则其底层内存不可重叠。</p>
<h2 id="pkg-note-bug">Bugs </h2>
<p><a href="https://github.com/golang/go/blob/master/src/crypto/rc4/rc4.go?name=release#9" title="View Source"></a> RC4被广泛使用但设计上的缺陷使它很少用于较新的协议中。 </p></div>

119
src/docs/go/crypto/rsa.html Normal file
View File

@@ -0,0 +1,119 @@
<div class="container">
<h1 id="pkg-overview">package rsa</h1>
<p><code>import "crypto/rsa"</code>
</p><p>rsa包实现了PKCS#1规定的RSA加密算法。</p>
<h2 id="pkg-constants">Constants </h2>
<pre>const (
<span class="com">// PSSSaltLengthAuto让PSS签名在签名时让盐尽可能长并在验证时自动检测出盐。</span><span class="com"></span>
<span id="PSSSaltLengthAuto">PSSSaltLengthAuto</span> = 0
<span class="com">// PSSSaltLengthEqualsHash让盐的长度和用于签名的哈希值的长度相同。</span>
<span id="PSSSaltLengthEqualsHash">PSSSaltLengthEqualsHash</span> = -1
)</pre>
<h2 id="pkg-variables">Variables </h2>
<pre>var <span id="ErrDecryption">ErrDecryption</span> = <a href="errors.htm">errors</a>.<a href="errors.htm#New">New</a>("crypto/rsa: decryption error")</pre>
<p>ErrDecryption代表解密数据失败。它故意写的语焉不详以避免适应性攻击。</p>
<pre>var <span id="ErrMessageTooLong">ErrMessageTooLong</span> = <a href="errors.htm">errors</a>.<a href="errors.htm#New">New</a>("crypto/rsa: message too long for RSA public key size")</pre>
<p>当试图用公钥加密尺寸过大的数据时就会返回ErrMessageTooLong。</p>
<pre>var <span id="ErrVerification">ErrVerification</span> = <a href="errors.htm">errors</a>.<a href="errors.htm#New">New</a>("crypto/rsa: verification error")</pre>
<p>ErrVerification代表认证签名失败。它故意写的语焉不详以避免适应性攻击。</p>
<h2 id="CRTValue">type <a href="https://github.com/golang/go/blob/master/src/crypto/rsa/rsa.go?name=release#73" title="View Source">CRTValue</a> </h2>
<pre>type CRTValue struct {
<span id="CRTValue.Exp">Exp</span> *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a> <span class="com">// D mod (prime-1).</span>
<span id="CRTValue.Coeff">Coeff</span> *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a> <span class="com">// R·Coeff ≡ 1 mod Prime.</span>
<span id="CRTValue.R">R</span> *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a> <span class="com">// product of primes prior to this (inc p and q).</span>
}</pre>
<p>CRTValue包含预先计算的中国剩余定理的值。</p>
<h2 id="PrecomputedValues">type <a href="https://github.com/golang/go/blob/master/src/crypto/rsa/rsa.go?name=release#61" title="View Source">PrecomputedValues</a> </h2>
<pre>type PrecomputedValues struct {
<span id="PrecomputedValues.Dp">Dp</span>, <span id="PrecomputedValues.Dq">Dq</span> *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a> <span class="com">// D mod (P-1) (or mod Q-1)</span>
<span id="PrecomputedValues.Qinv">Qinv</span> *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a> <span class="com">// Q^-1 mod P</span>
<span class="com">// CRTValues用于保存第3个及其余的素数的预计算值。</span>
<span class="com">// 因为历史原因头两个素数的CRT在PKCS#1中的处理是不同的。</span>
<span class="com">// 因为互操作性十分重要,我们镜像了这些素数的预计算值。</span>
<span id="PrecomputedValues.CRTValues">CRTValues</span> []<a href="#CRTValue">CRTValue</a>
}</pre>
<h2 id="PublicKey">type <a href="https://github.com/golang/go/blob/master/src/crypto/rsa/rsa.go?name=release#21" title="View Source">PublicKey</a> </h2>
<pre>type PublicKey struct {
<span id="PublicKey.N">N</span> *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a> <span class="com">// 模</span>
<span id="PublicKey.E">E</span> <a href="builtin.htm#int">int</a> <span class="com">// 公开的指数</span>
}</pre>
<p>代表一个RSA公钥。</p>
<h2 id="PrivateKey">type <a href="https://github.com/golang/go/blob/master/src/crypto/rsa/rsa.go?name=release#51" title="View Source">PrivateKey</a> </h2>
<pre>type PrivateKey struct {
<a href="#PublicKey">PublicKey</a> <span class="com">// 公钥</span>
<span id="PrivateKey.D">D</span> *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a> <span class="com">// 私有的指数</span>
<span id="PrivateKey.Primes">Primes</span> []*<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a> <span class="com">// N的素因子至少有两个</span>
<span class="com">// 包含预先计算好的值,可在某些情况下加速私钥的操作</span>
<span id="PrivateKey.Precomputed">Precomputed</span> <a href="#PrecomputedValues">PrecomputedValues</a>
}</pre>
<p>代表一个RSA私钥。</p>
<h3 id="GenerateKey">func <a href="https://github.com/golang/go/blob/master/src/crypto/rsa/rsa.go?name=release#125" title="View Source">GenerateKey</a> </h3>
<pre class="funcdecl">func GenerateKey(random <a href="io.htm">io</a>.<a href="io.htm#Reader">Reader</a>, bits <a href="builtin.htm#int">int</a>) (priv *<a href="#PrivateKey">PrivateKey</a>, err <a href="builtin.htm#error">error</a>)</pre>
<p>GenerateKey函数使用随机数据生成器random生成一对具有指定字位数的RSA密钥。</p>
<h3 id="GenerateMultiPrimeKey">func <a href="https://github.com/golang/go/blob/master/src/crypto/rsa/rsa.go?name=release#140" title="View Source">GenerateMultiPrimeKey</a> </h3>
<pre class="funcdecl">func GenerateMultiPrimeKey(random <a href="io.htm">io</a>.<a href="io.htm#Reader">Reader</a>, nprimes <a href="builtin.htm#int">int</a>, bits <a href="builtin.htm#int">int</a>) (priv *<a href="#PrivateKey">PrivateKey</a>, err <a href="builtin.htm#error">error</a>)</pre>
<p align="left">GenerateMultiPrimeKey使用指定的字位数生成一对多质数的RSA密钥参见US patent 4405829。虽然公钥可以和二质数情况下的公钥兼容事实上不能区分两种公钥私钥却不行。因此有可能无法生成特定格式的多质数的密钥对或不能将生成的密钥用在其他语言的代码里。</p>
<p align="left"><a href="http://www.cacr.math.uwaterloo.ca/techreports/2006/cacr2006-16.pdf">http://www.cacr.math.uwaterloo.ca/techreports/2006/cacr2006-16.pdf</a>中的Table 1说明了给定字位数的密钥可以接受的质数最大数量。</p>
<h3 id="PrivateKey.Precompute">func (*PrivateKey) <a href="https://github.com/golang/go/blob/master/src/crypto/rsa/rsa.go?name=release#348" title="View Source">Precompute</a> </h3>
<pre class="funcdecl">func (priv *<a href="#PrivateKey">PrivateKey</a>) Precompute()</pre>
<p>Precompute方法会预先进行一些计算以加速未来的私钥的操作。</p>
<h3 id="PrivateKey.Validate">func (*PrivateKey) <a href="https://github.com/golang/go/blob/master/src/crypto/rsa/rsa.go?name=release#81" title="View Source">Validate</a> </h3>
<pre class="funcdecl">func (priv *<a href="#PrivateKey">PrivateKey</a>) Validate() <a href="builtin.htm#error">error</a></pre>
<p>Validate方法进行密钥的完整性检查。如果密钥合法会返回nil否则会返回说明问题的error值。</p>
<h2 id="PSSOptions">type <a href="https://github.com/golang/go/blob/master/src/crypto/rsa/pss.go?name=release#220" title="View Source">PSSOptions</a> </h2>
<pre>type PSSOptions struct {
<span class="com">// SaltLength控制PSS签名中加盐的长度可以是字节数或者某个PSS盐长度的常数</span>
<span id="PSSOptions.SaltLength">SaltLength</span> <a href="builtin.htm#int">int</a>
}</pre>
<p>PSSOptions包含用于创建和认证PSS签名的参数。</p>
<h2 id="EncryptOAEP">func <a href="https://github.com/golang/go/blob/master/src/crypto/rsa/rsa.go?name=release#268" title="View Source">EncryptOAEP</a> </h2>
<pre class="funcdecl">func EncryptOAEP(hash <a href="hash.htm">hash</a>.<a href="hash.htm#Hash">Hash</a>, random <a href="io.htm">io</a>.<a href="io.htm#Reader">Reader</a>, pub *<a href="#PublicKey">PublicKey</a>, msg []<a href="builtin.htm#byte">byte</a>, label []<a href="builtin.htm#byte">byte</a>) (out []<a href="builtin.htm#byte">byte</a>, err <a href="builtin.htm#error">error</a>)</pre>
<p>采用RSA-OAEP算法加密给出的数据。数据不能超过((公共模数的长度)-2*( hash长度)+2)字节。</p>
<h2 id="DecryptOAEP">func <a href="https://github.com/golang/go/blob/master/src/crypto/rsa/rsa.go?name=release#457" title="View Source">DecryptOAEP</a> </h2>
<pre class="funcdecl">func DecryptOAEP(hash <a href="hash.htm">hash</a>.<a href="hash.htm#Hash">Hash</a>, random <a href="io.htm">io</a>.<a href="io.htm#Reader">Reader</a>, priv *<a href="#PrivateKey">PrivateKey</a>, ciphertext []<a href="builtin.htm#byte">byte</a>, label []<a href="builtin.htm#byte">byte</a>) (msg []<a href="builtin.htm#byte">byte</a>, err <a href="builtin.htm#error">error</a>)</pre>
<p>DecryptOAEP解密RSA-OAEP算法加密的数据。如果random不是nil函数会注意规避时间侧信道攻击。</p>
<h2 id="EncryptPKCS1v15">func <a href="https://github.com/golang/go/blob/master/src/crypto/rsa/pkcs1v15.go?name=release#21" title="View Source">EncryptPKCS1v15</a> </h2>
<pre class="funcdecl">func EncryptPKCS1v15(rand <a href="io.htm">io</a>.<a href="io.htm#Reader">Reader</a>, pub *<a href="#PublicKey">PublicKey</a>, msg []<a href="builtin.htm#byte">byte</a>) (out []<a href="builtin.htm#byte">byte</a>, err <a href="builtin.htm#error">error</a>)</pre>
<p>EncryptPKCS1v15使用PKCS#1 v1.5规定的填充方案和RSA算法加密msg。信息不能超过((公共模数的长度)-11)字节。注意使用本函数加密明文而不是会话密钥是危险的请尽量在新协议中使用RSA OAEP。</p>
<h2 id="DecryptPKCS1v15">func <a href="https://github.com/golang/go/blob/master/src/crypto/rsa/pkcs1v15.go?name=release#52" title="View Source">DecryptPKCS1v15</a> </h2>
<pre class="funcdecl">func DecryptPKCS1v15(rand <a href="io.htm">io</a>.<a href="io.htm#Reader">Reader</a>, priv *<a href="#PrivateKey">PrivateKey</a>, ciphertext []<a href="builtin.htm#byte">byte</a>) (out []<a href="builtin.htm#byte">byte</a>, err <a href="builtin.htm#error">error</a>)</pre>
<p>DecryptPKCS1v15使用PKCS#1 v1.5规定的填充方案和RSA算法解密密文。如果random不是nil函数会注意规避时间侧信道攻击。</p>
<h2 id="DecryptPKCS1v15SessionKey">func <a href="https://github.com/golang/go/blob/master/src/crypto/rsa/pkcs1v15.go?name=release#80" title="View Source">DecryptPKCS1v15SessionKey</a> </h2>
<pre class="funcdecl">func DecryptPKCS1v15SessionKey(rand <a href="io.htm">io</a>.<a href="io.htm#Reader">Reader</a>, priv *<a href="#PrivateKey">PrivateKey</a>, ciphertext []<a href="builtin.htm#byte">byte</a>, key []<a href="builtin.htm#byte">byte</a>) (err <a href="builtin.htm#error">error</a>)</pre>
<p align="left">DecryptPKCS1v15SessionKey使用PKCS#1 v1.5规定的填充方案和RSA算法解密会话密钥。如果random不是nil函数会注意规避时间侧信道攻击。</p>
<p align="left">如果密文长度不对或者如果密文比公共模数的长度还长会返回错误否则不会返回任何错误。如果填充是合法的生成的明文信息会拷贝进key否则key不会被修改。这些情况都会在固定时间内出现规避时间侧信道攻击。本函数的目的是让程序的使用者事先生成一个随机的会话密钥并用运行时的值继续协议。这样可以避免任何攻击者从明文窃取信息的可能性。</p>
<p align="left">参见”Chosen Ciphertext Attacks Against Protocols Based on the RSA Encryption Standard PKCS #1”。</p>
<h2 id="SignPKCS1v15">func <a href="https://github.com/golang/go/blob/master/src/crypto/rsa/pkcs1v15.go?name=release#194" title="View Source">SignPKCS1v15</a> </h2>
<pre class="funcdecl">func SignPKCS1v15(rand <a href="io.htm">io</a>.<a href="io.htm#Reader">Reader</a>, priv *<a href="#PrivateKey">PrivateKey</a>, hash <a href="crypto.htm">crypto</a>.<a href="crypto.htm#Hash">Hash</a>, hashed []<a href="builtin.htm#byte">byte</a>) (s []<a href="builtin.htm#byte">byte</a>, err <a href="builtin.htm#error">error</a>)</pre>
<p>SignPKCS1v15使用RSA PKCS#1 v1.5规定的RSASSA-PKCS1-V1_5-SIGN签名方案计算签名。注意hashed必须是使用提供给本函数的hash参数对要签名的原始数据进行hash的结果。</p>
<h2 id="VerifyPKCS1v15">func <a href="https://github.com/golang/go/blob/master/src/crypto/rsa/pkcs1v15.go?name=release#231" title="View Source">VerifyPKCS1v15</a> </h2>
<pre class="funcdecl">func VerifyPKCS1v15(pub *<a href="#PublicKey">PublicKey</a>, hash <a href="crypto.htm">crypto</a>.<a href="crypto.htm#Hash">Hash</a>, hashed []<a href="builtin.htm#byte">byte</a>, sig []<a href="builtin.htm#byte">byte</a>) (err <a href="builtin.htm#error">error</a>)</pre>
<p>VerifyPKCS1v15认证RSA PKCS#1 v1.5签名。hashed是使用提供的hash参数对要签名的原始数据进行hash的结果。合法的签名会返回nil否则表示签名不合法。</p>
<h2 id="SignPSS">func <a href="https://github.com/golang/go/blob/master/src/crypto/rsa/pss.go?name=release#238" title="View Source">SignPSS</a> </h2>
<pre class="funcdecl">func SignPSS(rand <a href="io.htm">io</a>.<a href="io.htm#Reader">Reader</a>, priv *<a href="#PrivateKey">PrivateKey</a>, hash <a href="crypto.htm">crypto</a>.<a href="crypto.htm#Hash">Hash</a>, hashed []<a href="builtin.htm#byte">byte</a>, opts *<a href="#PSSOptions">PSSOptions</a>) (s []<a href="builtin.htm#byte">byte</a>, err <a href="builtin.htm#error">error</a>)</pre>
<p>SignPSS采用RSASSA-PSS方案计算签名。注意hashed必须是使用提供给本函数的hash参数对要签名的原始数据进行hash的结果。opts参数可以为nil此时会使用默认参数。</p>
<h2 id="VerifyPSS">func <a href="https://github.com/golang/go/blob/master/src/crypto/rsa/pss.go?name=release#259" title="View Source">VerifyPSS</a> </h2>
<pre class="funcdecl">func VerifyPSS(pub *<a href="#PublicKey">PublicKey</a>, hash <a href="crypto.htm">crypto</a>.<a href="crypto.htm#Hash">Hash</a>, hashed []<a href="builtin.htm#byte">byte</a>, sig []<a href="builtin.htm#byte">byte</a>, opts *<a href="#PSSOptions">PSSOptions</a>) <a href="builtin.htm#error">error</a></pre>
<p>VerifyPSS认证一个PSS签名。hashed是使用提供给本函数的hash参数对要签名的原始数据进行hash的结果。合法的签名会返回nil否则表示签名不合法。opts参数可以为nil此时会使用默认参数。</p>
</div>

59
src/docs/go/crypto/sha1.html Normal file
View File

@@ -0,0 +1,59 @@
<div class="container">
<h1 id="pkg-overview">package sha1</h1>
<p><code>import "crypto/sha1"</code>
</p><p>sha1包实现了SHA1哈希算法参见<a href="http://tools.ietf.org/html/rfc3174">RFC 3174</a></p>
<h2 id="pkg-constants">Constants </h2>
<pre>const <span id="BlockSize">BlockSize</span> = 64</pre>
<p>SHA1的块大小。</p>
<pre>const <span id="Size">Size</span> = 20</pre>
<p>SHA1校验和的字节数。</p>
<h2 id="Sum">func <a href="https://github.com/golang/go/blob/master/src/crypto/sha1/sha1.go?name=release#125" title="View Source">Sum</a> </h2>
<pre class="funcdecl">func Sum(data []<a href="builtin.htm#byte">byte</a>) [<a href="#Size">Size</a>]<a href="builtin.htm#byte">byte</a></pre>
<p>返回数据data的SHA1校验和。</p>
<div class="panel-group">
<div class="panel panel-default" id="example-Sum">
<div class="panel-heading" onclick="document.getElementById('ex-Sum').style.display = document.getElementById('ex-Sum').style.display=='none'?'block':'none';">Example</div>
<div class="panel-collapse collapse" id="ex-Sum">
<div class="panel-body">
<pre>data := []byte("This page intentionally left blank.")
fmt.Printf("% x", sha1.Sum(data))</pre>
<p>Output:
</p><pre>af 06 49 23 bb f2 30 15 96 aa c4 c2 73 ba 32 17 8e bc 4a 96
</pre>
</div>
</div>
</div>
</div>
<h2 id="New">func <a href="https://github.com/golang/go/blob/master/src/crypto/sha1/sha1.go?name=release#51" title="View Source">New</a> </h2>
<pre class="funcdecl">func New() <a href="hash.htm">hash</a>.<a href="hash.htm#Hash">Hash</a></pre>
<p>返回一个新的使用SHA1校验的hash.Hash接口。</p>
<div class="panel-group">
<div class="panel panel-default" id="example-New">
<div class="panel-heading" onclick="document.getElementById('ex-New').style.display = document.getElementById('ex-New').style.display=='none'?'block':'none';">Example</div>
<div class="panel-collapse collapse" id="ex-New">
<div class="panel-body">
<pre>h := sha1.New()
io.WriteString(h, "His money is twice tainted:")
io.WriteString(h, " 'taint yours and 'taint mine.")
fmt.Printf("% x", h.Sum(nil))</pre>
<p>Output:
</p><pre>59 7f 6a 54 00 10 f9 4c 15 d7 18 06 a9 9a 2c 87 10 e7 47 bd
</pre>
</div>
</div>
</div>
</div>
</div>

33
src/docs/go/crypto/sha256.html Normal file
View File

@@ -0,0 +1,33 @@
<div class="container">
<h1 id="pkg-overview">package sha256</h1>
<p><code>import "crypto/sha256"</code>
</p><p>sha256包实现了SHA224和SHA256哈希算法参见FIPS 180-4。</p>
<h2 id="pkg-constants">Constants </h2>
<pre>const <span id="BlockSize">BlockSize</span> = 64</pre>
<p>SHA224和SHA256的字节块大小。</p>
<pre>const <span id="Size">Size</span> = 32</pre>
<p>SHA256校验和的字节长度。</p>
<pre>const <span id="Size224">Size224</span> = 28</pre>
<p>SHA224校验和的字节长度。</p>
<h2 id="Sum256">func <a href="https://github.com/golang/go/blob/master/src/crypto/sha256/sha256.go?name=release#177" title="View Source">Sum256</a> </h2>
<pre class="funcdecl">func Sum256(data []<a href="builtin.htm#byte">byte</a>) [<a href="#Size">Size</a>]<a href="builtin.htm#byte">byte</a></pre>
<p>返回数据的SHA256校验和。</p>
<h2 id="New">func <a href="https://github.com/golang/go/blob/master/src/crypto/sha256/sha256.go?name=release#82" title="View Source">New</a> </h2>
<pre class="funcdecl">func New() <a href="hash.htm">hash</a>.<a href="hash.htm#Hash">Hash</a></pre>
<p>返回一个新的使用SHA256校验算法的hash.Hash接口。</p>
<h2 id="Sum224">func <a href="https://github.com/golang/go/blob/master/src/crypto/sha256/sha256.go?name=release#185" title="View Source">Sum224</a> </h2>
<pre class="funcdecl">func Sum224(data []<a href="builtin.htm#byte">byte</a>) (sum224 [<a href="#Size224">Size224</a>]<a href="builtin.htm#byte">byte</a>)</pre>
<p>返回数据的SHA224校验和。</p>
<h2 id="New224">func <a href="https://github.com/golang/go/blob/master/src/crypto/sha256/sha256.go?name=release#89" title="View Source">New224</a> </h2>
<pre class="funcdecl">func New224() <a href="hash.htm">hash</a>.<a href="hash.htm#Hash">Hash</a></pre>
<p>返回一个新的使用SHA224校验算法的hash.Hash接口。</p>
</div>

33
src/docs/go/crypto/sha512.html Normal file
View File

@@ -0,0 +1,33 @@
<div class="container">
<h1 id="pkg-overview">package sha512</h1>
<p><code>import "crypto/sha512"</code>
</p><p>sha512包实现了SHA384和SHA512哈希算法参见FIPS 180-2。</p>
<h2 id="pkg-constants">Constants </h2>
<pre>const <span id="BlockSize">BlockSize</span> = 128</pre>
<p>SHA384和SHA512的字节块大小。</p>
<pre>const <span id="Size">Size</span> = 64</pre>
<p>SHA512校验和的字节长度。</p>
<pre>const <span id="Size384">Size384</span> = 48</pre>
<p>SHA384校验和的字节长度。</p>
<h2 id="Sum512">func <a href="https://github.com/golang/go/blob/master/src/crypto/sha512/sha512.go?name=release#182" title="View Source">Sum512</a> </h2>
<pre class="funcdecl">func Sum512(data []<a href="builtin.htm#byte">byte</a>) [<a href="#Size">Size</a>]<a href="builtin.htm#byte">byte</a></pre>
<p>返回数据的SHA512校验和。</p>
<h2 id="New">func <a href="https://github.com/golang/go/blob/master/src/crypto/sha512/sha512.go?name=release#82" title="View Source">New</a> </h2>
<pre class="funcdecl">func New() <a href="hash.htm">hash</a>.<a href="hash.htm#Hash">Hash</a></pre>
<p>返回一个新的使用SHA512校验算法的hash.Hash接口。</p>
<h2 id="Sum384">func <a href="https://github.com/golang/go/blob/master/src/crypto/sha512/sha512.go?name=release#190" title="View Source">Sum384</a> </h2>
<pre class="funcdecl">func Sum384(data []<a href="builtin.htm#byte">byte</a>) (sum384 [<a href="#Size384">Size384</a>]<a href="builtin.htm#byte">byte</a>)</pre>
<p>返回数据的SHA384校验和。</p>
<h2 id="New384">func <a href="https://github.com/golang/go/blob/master/src/crypto/sha512/sha512.go?name=release#89" title="View Source">New384</a> </h2>
<pre class="funcdecl">func New384() <a href="hash.htm">hash</a>.<a href="hash.htm#Hash">Hash</a></pre>
<p>返回一个新的使用SHA384校验算法的hash.Hash接口。</p>
</div>

34
src/docs/go/crypto/subtle.html Normal file
View File

@@ -0,0 +1,34 @@
<div class="container">
<h1 id="pkg-overview">package subtle</h1>
<p><code>import "crypto/subtle"</code>
</p><p>Package subtle implements functions that are often useful in cryptographic
code but require careful thought to use correctly.</p>
<h2 id="ConstantTimeByteEq">func <a href="https://github.com/golang/go/blob/master/src/crypto/subtle/constant_time.go?name=release#31" title="View Source">ConstantTimeByteEq</a> </h2>
<pre class="funcdecl">func ConstantTimeByteEq(x, y <a href="builtin.htm#uint8">uint8</a>) <a href="builtin.htm#int">int</a></pre>
<p>如果x == y返回1否则返回0。</p>
<h2 id="ConstantTimeEq">func <a href="https://github.com/golang/go/blob/master/src/crypto/subtle/constant_time.go?name=release#41" title="View Source">ConstantTimeEq</a> </h2>
<pre class="funcdecl">func ConstantTimeEq(x, y <a href="builtin.htm#int32">int32</a>) <a href="builtin.htm#int">int</a></pre>
<p>如果x == y返回1否则返回0。</p>
<h2 id="ConstantTimeLessOrEq">func <a href="https://github.com/golang/go/blob/master/src/crypto/subtle/constant_time.go?name=release#70" title="View Source">ConstantTimeLessOrEq</a> </h2>
<pre class="funcdecl">func ConstantTimeLessOrEq(x, y <a href="builtin.htm#int">int</a>) <a href="builtin.htm#int">int</a></pre>
<p>如果x &lt;= y返回1否则返回0如果x或y为负数或者大于2**31-1函数行为是未定义的。</p>
<h2 id="ConstantTimeCompare">func <a href="https://github.com/golang/go/blob/master/src/crypto/subtle/constant_time.go?name=release#12" title="View Source">ConstantTimeCompare</a> </h2>
<pre class="funcdecl">func ConstantTimeCompare(x, y []<a href="builtin.htm#byte">byte</a>) <a href="builtin.htm#int">int</a></pre>
<p>如果x、y的长度和内容都相同返回1否则返回0。消耗的时间正比于切片长度而与内容无关。</p>
<h2 id="ConstantTimeCopy">func <a href="https://github.com/golang/go/blob/master/src/crypto/subtle/constant_time.go?name=release#55" title="View Source">ConstantTimeCopy</a> </h2>
<pre class="funcdecl">func ConstantTimeCopy(v <a href="builtin.htm#int">int</a>, x, y []<a href="builtin.htm#byte">byte</a>)</pre>
<p>如果v == 1,则将y的内容拷贝到x如果v == 0x不作修改其他情况的行为是未定义并应避免的。</p>
<h2 id="ConstantTimeSelect">func <a href="https://github.com/golang/go/blob/master/src/crypto/subtle/constant_time.go?name=release#28" title="View Source">ConstantTimeSelect</a> </h2>
<pre class="funcdecl">func ConstantTimeSelect(v, x, y <a href="builtin.htm#int">int</a>) <a href="builtin.htm#int">int</a></pre>
<p>如果v == 1返回x如果v == 0返回y其他情况的行为是未定义并应避免的。</p>
</div>

291
src/docs/go/crypto/tls.html Normal file
View File

@@ -0,0 +1,291 @@
<div class="container">
<h1 id="pkg-overview">package tls</h1>
<p><code>import "crypto/tls"</code>
</p><p>tls包实现了TLS 1.2,细节参见<a href="http://tools.ietf.org/html/rfc5246">RFC 5246</a></p>
<h2 id="pkg-constants">Constants </h2>
<pre>const (
<span id="TLS_RSA_WITH_RC4_128_SHA">TLS_RSA_WITH_RC4_128_SHA</span> <a href="builtin.htm#uint16">uint16</a> = 0x0005
<span id="TLS_RSA_WITH_3DES_EDE_CBC_SHA">TLS_RSA_WITH_3DES_EDE_CBC_SHA</span> <a href="builtin.htm#uint16">uint16</a> = 0x000a
<span id="TLS_RSA_WITH_AES_128_CBC_SHA">TLS_RSA_WITH_AES_128_CBC_SHA</span> <a href="builtin.htm#uint16">uint16</a> = 0x002f
<span id="TLS_RSA_WITH_AES_256_CBC_SHA">TLS_RSA_WITH_AES_256_CBC_SHA</span> <a href="builtin.htm#uint16">uint16</a> = 0x0035
<span id="TLS_ECDHE_ECDSA_WITH_RC4_128_SHA">TLS_ECDHE_ECDSA_WITH_RC4_128_SHA</span> <a href="builtin.htm#uint16">uint16</a> = 0xc007
<span id="TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA">TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA</span> <a href="builtin.htm#uint16">uint16</a> = 0xc009
<span id="TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA">TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA</span> <a href="builtin.htm#uint16">uint16</a> = 0xc00a
<span id="TLS_ECDHE_RSA_WITH_RC4_128_SHA">TLS_ECDHE_RSA_WITH_RC4_128_SHA</span> <a href="builtin.htm#uint16">uint16</a> = 0xc011
<span id="TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA">TLS_ECDHE_RSA_WITH_3DES_EDE_CBC_SHA</span> <a href="builtin.htm#uint16">uint16</a> = 0xc012
<span id="TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA">TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA</span> <a href="builtin.htm#uint16">uint16</a> = 0xc013
<span id="TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA">TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA</span> <a href="builtin.htm#uint16">uint16</a> = 0xc014
<span id="TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256">TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</span> <a href="builtin.htm#uint16">uint16</a> = 0xc02f
<span id="TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256">TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</span> <a href="builtin.htm#uint16">uint16</a> = 0xc02b
)</pre>
<p align="left">可选的加密组的ID的列表。参见<a href="http://www.iana.org/assignments/tls-parameters/tls-parameters.xml">http://www.iana.org/assignments/tls-parameters/tls-parameters.xml</a></p>
<pre>const (
<span id="VersionSSL30">VersionSSL30</span> = 0x0300
<span id="VersionTLS10">VersionTLS10</span> = 0x0301
<span id="VersionTLS11">VersionTLS11</span> = 0x0302
<span id="VersionTLS12">VersionTLS12</span> = 0x0303
)</pre>
<h2 id="ClientAuthType">type <a href="https://github.com/golang/go/blob/master/src/crypto/tls/common.go?name=release#171" title="View Source">ClientAuthType</a> </h2>
<pre>type ClientAuthType <a href="builtin.htm#int">int</a></pre>
<p>ClientAuthType类型声明服务端将遵循的TLS客户端验证策略。</p>
<pre>const (
<span id="NoClientCert">NoClientCert</span> <a href="#ClientAuthType">ClientAuthType</a> = <a href="builtin.htm#iota">iota</a>
<span id="RequestClientCert">RequestClientCert</span>
<span id="RequireAnyClientCert">RequireAnyClientCert</span>
<span id="VerifyClientCertIfGiven">VerifyClientCertIfGiven</span>
<span id="RequireAndVerifyClientCert">RequireAndVerifyClientCert</span>
)</pre>
<h2 id="CurveID">type <a href="https://github.com/golang/go/blob/master/src/crypto/tls/common.go?name=release#87" title="View Source">CurveID</a> </h2>
<pre>type CurveID <a href="builtin.htm#uint16">uint16</a></pre>
<p>CurveID是TLS椭圆曲线的标识符的类型。</p>
<p>参见: <a href="http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-8">http://www.iana.org/assignments/tls-parameters/tls-parameters.xml#tls-parameters-8</a></p>
<pre>const (
<span id="CurveP256">CurveP256</span> <a href="#CurveID">CurveID</a> = 23
<span id="CurveP384">CurveP384</span> <a href="#CurveID">CurveID</a> = 24
<span id="CurveP521">CurveP521</span> <a href="#CurveID">CurveID</a> = 25
)</pre>
<h2 id="Certificate">type <a href="https://github.com/golang/go/blob/master/src/crypto/tls/common.go?name=release#440" title="View Source">Certificate</a> </h2>
<pre>type Certificate struct {
<span id="Certificate.Certificate">Certificate</span> [][]<a href="builtin.htm#byte">byte</a>
<span id="Certificate.PrivateKey">PrivateKey</span> <a href="crypto.htm">crypto</a>.<a href="crypto.htm#PrivateKey">PrivateKey</a> <span class="com">// 只支持rsa.PrivateKey和*ecdsa.PrivateKey类型</span>
<span class="com">// OCSPStaple包含一个可选的OCSP staple的回复当客户端要求时用于回复客户端</span>
<span id="Certificate.OCSPStaple">OCSPStaple</span> []<a href="builtin.htm#byte">byte</a>
<span class="com">// Leaf是解析后的叶证书可以使用x509.ParseCertificate初始化</span>
<span class="com">// 以简化每次TLS客户端进行客户端认证时握手的过程。如果Leaf是nil叶证书会根据需要解析。</span>
<span id="Certificate.Leaf">Leaf</span> *<a href="crypto/x509.htm">x509</a>.<a href="crypto/x509.htm#Certificate">Certificate</a>
}</pre>
<p>Certificate是一个或多个证书的链条叶证书在最前面。</p>
<h3 id="LoadX509KeyPair">func <a href="https://github.com/golang/go/blob/master/src/crypto/tls/tls.go?name=release#170" title="View Source">LoadX509KeyPair</a> </h3>
<pre class="funcdecl">func LoadX509KeyPair(certFile, keyFile <a href="builtin.htm#string">string</a>) (cert <a href="#Certificate">Certificate</a>, err <a href="builtin.htm#error">error</a>)</pre>
<p>LoadX509KeyPair读取并解析一对文件获取公钥和私钥。这些文件必须是PEM编码的。</p>
<h3 id="X509KeyPair">func <a href="https://github.com/golang/go/blob/master/src/crypto/tls/tls.go?name=release#184" title="View Source">X509KeyPair</a> </h3>
<pre class="funcdecl">func X509KeyPair(certPEMBlock, keyPEMBlock []<a href="builtin.htm#byte">byte</a>) (cert <a href="#Certificate">Certificate</a>, err <a href="builtin.htm#error">error</a>)</pre>
<p>X509KeyPair解析一对PEM编码的数据获取公钥和私钥。</p>
<h2 id="ClientSessionState">type <a href="https://github.com/golang/go/blob/master/src/crypto/tls/common.go?name=release#183" title="View Source">ClientSessionState</a> </h2>
<pre>type ClientSessionState struct {
<span class="com">// 内含隐藏或非导出字段</span>
}</pre>
<p>ClientSessionState包含客户端所需的用于恢复TLS会话的状态。</p>
<h2 id="ClientSessionCache">type <a href="https://github.com/golang/go/blob/master/src/crypto/tls/common.go?name=release#195" title="View Source">ClientSessionCache</a> </h2>
<pre>type ClientSessionCache interface {
<span class="com">// Get搜索与给出的键相关联的*ClientSessionState并用ok说明是否找到</span>
<span id="ClientSessionCache.Get">Get</span>(sessionKey <a href="builtin.htm#string">string</a>) (session *<a href="#ClientSessionState">ClientSessionState</a>, ok <a href="builtin.htm#bool">bool</a>)
<span class="com">// Put将*ClientSessionState与给出的键关联并写入缓存中</span>
<span id="ClientSessionCache.Put">Put</span>(sessionKey <a href="builtin.htm#string">string</a>, cs *<a href="#ClientSessionState">ClientSessionState</a>)
}</pre>
<p>ClientSessionCache是ClientSessionState对象的缓存可以被客户端用于恢复与某个服务端的TLS会话。本类型的实现期望被不同线程并行的调用。</p>
<h3 id="NewLRUClientSessionCache">func <a href="https://github.com/golang/go/blob/master/src/crypto/tls/common.go?name=release#483" title="View Source">NewLRUClientSessionCache</a> </h3>
<pre class="funcdecl">func NewLRUClientSessionCache(capacity <a href="builtin.htm#int">int</a>) <a href="#ClientSessionCache">ClientSessionCache</a></pre>
<p>函数使用给出的容量创建一个采用LRU策略的ClientSessionState如果capacity&lt;1会采用默认容量。</p>
<h2 id="Config">type <a href="https://github.com/golang/go/blob/master/src/crypto/tls/common.go?name=release#208" title="View Source">Config</a> </h2>
<pre>type Config struct {
<span class="com">// Rand提供用于生成随机数和RSA盲签名的熵源该接口必须能安全的用于并发。</span>
<span class="com">// 如果Rand是nil会使用crypto/rand包的密码用随机数读取器。</span>
<span id="Config.Rand">Rand</span> <a href="io.htm">io</a>.<a href="io.htm#Reader">Reader</a>
<span class="com">// Time返回当前时间如果是nil会使用time.Now。</span>
<span id="Config.Time">Time</span> func() <a href="time.htm">time</a>.<a href="time.htm#Time">Time</a>
<span class="com">// 不少于一个证书的链,用于提供给连接的另一端,服务端必须保证至少有一个证书。</span>
<span id="Config.Certificates">Certificates</span> []<a href="#Certificate">Certificate</a>
<span class="com">// NameToCertificate映射证书名到证书。</span>
<span class="com">// 注意证书名可以是"*.example.com "的格式,因此证书名不是必须为域名。</span>
<span class="com">// 参见Config.BuildNameToCertificate方法。</span>
<span class="com">// 如本字段为nilCertificates字段的第一个成员会被用于所有连接。</span>
<span id="Config.NameToCertificate">NameToCertificate</span> map[<a href="builtin.htm#string">string</a>]*<a href="#Certificate">Certificate</a>
<span class="com">// RootCAs定义权威根证书客户端会在验证服务端证书时用到本字段。</span>
<span class="com">// 如果RootCAs是nilTLS会使用主机的根CA池。</span>
<span id="Config.RootCAs">RootCAs</span> *<a href="crypto/x509.htm">x509</a>.<a href="crypto/x509.htm#CertPool">CertPool</a>
<span class="com">// 可以支持的应用层协议的列表</span>
<span id="Config.NextProtos">NextProtos</span> []<a href="builtin.htm#string">string</a>
<span class="com">// 用于认证返回证书的主机名除非设置了InsecureSkipVerify</span>
<span class="com">// 也被用在客户端的握手里,以支持虚拟主机。</span>
<span id="Config.ServerName">ServerName</span> <a href="builtin.htm#string">string</a>
<span class="com">// ClientAuth决定服务端的认证策略默认是NoClientCert。</span>
<span id="Config.ClientAuth">ClientAuth</span> <a href="#ClientAuthType">ClientAuthType</a>
<span class="com">// ClientCAs定义权威根证书服务端会在采用ClientAuth策略时使用它来认证客户端证书。</span>
<span id="Config.ClientCAs">ClientCAs</span> *<a href="crypto/x509.htm">x509</a>.<a href="crypto/x509.htm#CertPool">CertPool</a>
<span class="com">// InsecureSkipVerify控制客户端是否认证服务端的证书链和主机名。</span>
<span class="com">// 如果InsecureSkipVerify为真TLS连接会接受服务端提供的任何证书和该证书中的任何主机名。</span>
<span class="com">// 此时TLS连接容易遭受中间人攻击这种设置只应用于测试。</span>
<span id="Config.InsecureSkipVerify">InsecureSkipVerify</span> <a href="builtin.htm#bool">bool</a>
<span class="com">// CipherSuites是支持的加密组合列表。如果CipherSuites为nil</span>
<span class="com">// TLS连接会使用本包的实现支持的密码组合列表。</span>
<span id="Config.CipherSuites">CipherSuites</span> []<a href="builtin.htm#uint16">uint16</a>
<span class="com">// 本字段控制服务端是选择客户端最期望的密码组合还是服务端最期望的密码组合。</span>
<span class="com">// 如果本字段为真服务端会优先选择CipherSuites字段中靠前的密码组合使用。</span>
<span id="Config.PreferServerCipherSuites">PreferServerCipherSuites</span> <a href="builtin.htm#bool">bool</a>
<span class="com">// SessionTicketsDisabled可以设为假以关闭会话恢复支持。</span>
<span id="Config.SessionTicketsDisabled">SessionTicketsDisabled</span> <a href="builtin.htm#bool">bool</a>
<span class="com">// SessionTicketKey被TLS服务端用于提供哦你会话恢复服务参见RFC 5077。</span>
<span class="com">// 如果本字段为零值,它会在第一次服务端握手之前填写上随机数据。</span>
<span class="com">//</span>
<span class="com">// 如果多个服务端都在终止和同一主机的连接它们应拥有相同的SessionTicketKey。</span>
<span class="com">// 如果SessionTicketKey泄露了使用该键的之前的记录和未来的TLS连接可能会被盗用。</span>
<span id="Config.SessionTicketKey">SessionTicketKey</span> [32]<a href="builtin.htm#byte">byte</a>
<span class="com">// SessionCache是ClientSessionState的缓存用于恢复TLS会话。</span><span class="com"></span>
<span id="Config.ClientSessionCache">ClientSessionCache</span> <a href="#ClientSessionCache">ClientSessionCache</a>
<span class="com">// MinVersion包含可接受的最低SSL/TLS版本。如果为0会将SSLv3作为最低版本。</span>
<span id="Config.MinVersion">MinVersion</span> <a href="builtin.htm#uint16">uint16</a>
<span class="com">// MaxVersion包含可接受的最高SSL/TLS版本。</span>
<span class="com">// 如果为0会将本包使用的版本作为最高版本目前是TLS 1.2。</span>
<span id="Config.MaxVersion">MaxVersion</span> <a href="builtin.htm#uint16">uint16</a>
<span class="com">// 本字段包含用于ECDHE握手的椭圆曲线的ID按优先度排序。如为空会使用默认值。</span>
<span id="Config.CurvePreferences">CurvePreferences</span> []<a href="#CurveID">CurveID</a>
<span class="com">// 内含隐藏或非导出字段</span>
}</pre>
<p>Config结构类型用于配置TLS客户端或服务端。在本类型的值提供给TLS函数后就不应再修改该值。Config类型值可能被重用tls包也不会修改它。</p>
<h3 id="Config.BuildNameToCertificate">func (*Config) <a href="https://github.com/golang/go/blob/master/src/crypto/tls/common.go?name=release#422" title="View Source">BuildNameToCertificate</a> </h3>
<pre class="funcdecl">func (c *<a href="#Config">Config</a>) BuildNameToCertificate()</pre>
<p>BuildNameToCertificate解析c.Certificates并将每一个叶证书的CommonName和SubjectAlternateName字段用于创建c.NameToCertificate。</p>
<h2 id="ConnectionState">type <a href="https://github.com/golang/go/blob/master/src/crypto/tls/common.go?name=release#157" title="View Source">ConnectionState</a> </h2>
<pre>type ConnectionState struct {
<span id="ConnectionState.Version">Version</span> <a href="builtin.htm#uint16">uint16</a> <span class="com">// 连接使用的TLS版本</span>
<span id="ConnectionState.HandshakeComplete">HandshakeComplete</span> <a href="builtin.htm#bool">bool</a> <span class="com">// TLS握手是否完成</span>
<span id="ConnectionState.DidResume">DidResume</span> <a href="builtin.htm#bool">bool</a> <span class="com">// 连接恢复了之前的TLS连接</span>
<span id="ConnectionState.CipherSuite">CipherSuite</span> <a href="builtin.htm#uint16">uint16</a> <span class="com">// 使用的加密程序组合</span>
<span id="ConnectionState.NegotiatedProtocol">NegotiatedProtocol</span> <a href="builtin.htm#string">string</a> <span class="com">// 商定的下一层协议</span>
<span id="ConnectionState.NegotiatedProtocolIsMutual">NegotiatedProtocolIsMutual</span> <a href="builtin.htm#bool">bool</a> <span class="com">// 商定的协议是服务端建议的</span>
<span id="ConnectionState.ServerName">ServerName</span> <a href="builtin.htm#string">string</a> <span class="com">// 服务端名(仅服务端有)</span>
<span id="ConnectionState.PeerCertificates">PeerCertificates</span> []*<a href="crypto/x509.htm">x509</a>.<a href="crypto/x509.htm#Certificate">Certificate</a> <span class="com">// 远端提供的证书链</span>
<span id="ConnectionState.VerifiedChains">VerifiedChains</span> [][]*<a href="crypto/x509.htm">x509</a>.<a href="crypto/x509.htm#Certificate">Certificate</a> <span class="com">// 从PeerCertificates建立的认证链</span>
}</pre>
<p>ConnectionState类型记录连接的基本TLS细节。</p>
<h2 id="Conn">type <a href="https://github.com/golang/go/blob/master/src/crypto/tls/conn.go?name=release#24" title="View Source">Conn</a> </h2>
<pre>type Conn struct {
<span class="com">// 内含隐藏或非导出字段</span>
}</pre>
<p>Conn代表一个安全连接。本类型实现了net.Conn接口。</p>
<h3 id="Conn.LocalAddr">func (*Conn) <a href="https://github.com/golang/go/blob/master/src/crypto/tls/conn.go?name=release#63" title="View Source">LocalAddr</a> </h3>
<pre class="funcdecl">func (c *<a href="#Conn">Conn</a>) LocalAddr() <a href="net.htm">net</a>.<a href="net.htm#Addr">Addr</a></pre>
<p>LocalAddr返回本地网络地址。</p>
<h3 id="Conn.RemoteAddr">func (*Conn) <a href="https://github.com/golang/go/blob/master/src/crypto/tls/conn.go?name=release#68" title="View Source">RemoteAddr</a> </h3>
<pre class="funcdecl">func (c *<a href="#Conn">Conn</a>) RemoteAddr() <a href="net.htm">net</a>.<a href="net.htm#Addr">Addr</a></pre>
<p>LocalAddr返回远端网络地址。</p>
<h3 id="Conn.ConnectionState">func (*Conn) <a href="https://github.com/golang/go/blob/master/src/crypto/tls/conn.go?name=release#982" title="View Source">ConnectionState</a> </h3>
<pre class="funcdecl">func (c *<a href="#Conn">Conn</a>) ConnectionState() <a href="#ConnectionState">ConnectionState</a></pre>
<p>ConnectionState返回该连接的基本TLS细节。</p>
<h3 id="Conn.SetDeadline">func (*Conn) <a href="https://github.com/golang/go/blob/master/src/crypto/tls/conn.go?name=release#75" title="View Source">SetDeadline</a> </h3>
<pre class="funcdecl">func (c *<a href="#Conn">Conn</a>) SetDeadline(t <a href="time.htm">time</a>.<a href="time.htm#Time">Time</a>) <a href="builtin.htm#error">error</a></pre>
<p>SetDeadline设置该连接的读写操作绝对期限。t为Time零值表示不设置超时。在一次Write/Read方法超时后TLS连接状态会被破坏之后所有的读写操作都会返回同一错误。</p>
<h3 id="Conn.SetReadDeadline">func (*Conn) <a href="https://github.com/golang/go/blob/master/src/crypto/tls/conn.go?name=release#81" title="View Source">SetReadDeadline</a> </h3>
<pre class="funcdecl">func (c *<a href="#Conn">Conn</a>) SetReadDeadline(t <a href="time.htm">time</a>.<a href="time.htm#Time">Time</a>) <a href="builtin.htm#error">error</a></pre>
<p>SetReadDeadline设置该连接的读操作绝对期限。t为Time零值表示不设置超时。</p>
<h3 id="Conn.SetWriteDeadline">func (*Conn) <a href="https://github.com/golang/go/blob/master/src/crypto/tls/conn.go?name=release#88" title="View Source">SetWriteDeadline</a> </h3>
<pre class="funcdecl">func (c *<a href="#Conn">Conn</a>) SetWriteDeadline(t <a href="time.htm">time</a>.<a href="time.htm#Time">Time</a>) <a href="builtin.htm#error">error</a></pre>
<p>SetReadDeadline设置该连接的写操作绝对期限。t为Time零值表示不设置超时。在一次Write方法超时后TLS连接状态会被破坏之后所有的写操作都会返回同一错误。</p>
<h3 id="Conn.Handshake">func (*Conn) <a href="https://github.com/golang/go/blob/master/src/crypto/tls/conn.go?name=release#963" title="View Source">Handshake</a> </h3>
<pre class="funcdecl">func (c *<a href="#Conn">Conn</a>) Handshake() <a href="builtin.htm#error">error</a></pre>
<p>Handshake执行客户端或服务端的握手协议如果还没有执行的话。本包的大多数应用不需要显式的调用Handsake方法第一次Read或Write方法会自动调用本方法。</p>
<h3 id="Conn.VerifyHostname">func (*Conn) <a href="https://github.com/golang/go/blob/master/src/crypto/tls/conn.go?name=release#1014" title="View Source">VerifyHostname</a> </h3>
<pre class="funcdecl">func (c *<a href="#Conn">Conn</a>) VerifyHostname(host <a href="builtin.htm#string">string</a>) <a href="builtin.htm#error">error</a></pre>
<p>VerifyHostname检查用于连接到host的对等实体证书链是否合法。如果合法它会返回nil否则会返回一个描述该问题的错误。</p>
<h3 id="Conn.OCSPResponse">func (*Conn) <a href="https://github.com/golang/go/blob/master/src/crypto/tls/conn.go?name=release#1004" title="View Source">OCSPResponse</a> </h3>
<pre class="funcdecl">func (c *<a href="#Conn">Conn</a>) OCSPResponse() []<a href="builtin.htm#byte">byte</a></pre>
<p>OCSPResponse返回来自服务端的OCSP staple回复如果有。只有客户端可以使用本方法。</p>
<h3 id="Conn.Read">func (*Conn) <a href="https://github.com/golang/go/blob/master/src/crypto/tls/conn.go?name=release#883" title="View Source">Read</a> </h3>
<pre class="funcdecl">func (c *<a href="#Conn">Conn</a>) Read(b []<a href="builtin.htm#byte">byte</a>) (n <a href="builtin.htm#int">int</a>, err <a href="builtin.htm#error">error</a>)</pre>
<p>Read从连接读取数据可设置超时参见SetDeadline和SetReadDeadline。</p>
<h3 id="Conn.Write">func (*Conn) <a href="https://github.com/golang/go/blob/master/src/crypto/tls/conn.go?name=release#841" title="View Source">Write</a> </h3>
<pre class="funcdecl">func (c *<a href="#Conn">Conn</a>) Write(b []<a href="builtin.htm#byte">byte</a>) (<a href="builtin.htm#int">int</a>, <a href="builtin.htm#error">error</a>)</pre>
<p>Write将数据写入连接可设置超时参见SetDeadline和SetWriteDeadline。</p>
<h3 id="Conn.Close">func (*Conn) <a href="https://github.com/golang/go/blob/master/src/crypto/tls/conn.go?name=release#944" title="View Source">Close</a> </h3>
<pre class="funcdecl">func (c *<a href="#Conn">Conn</a>) Close() <a href="builtin.htm#error">error</a></pre>
<p>Close关闭连接。</p>
<h2 id="Client">func <a href="https://github.com/golang/go/blob/master/src/crypto/tls/tls.go?name=release#33" title="View Source">Client</a> </h2>
<pre class="funcdecl">func Client(conn <a href="net.htm">net</a>.<a href="net.htm#Conn">Conn</a>, config *<a href="#Config">Config</a>) *<a href="#Conn">Conn</a></pre>
<p>Client使用conn作为下层传输接口返回一个TLS连接的客户端侧。配置参数config必须是非nil的且必须设置了ServerName或者InsecureSkipVerify字段。</p>
<h2 id="Server">func <a href="https://github.com/golang/go/blob/master/src/crypto/tls/tls.go?name=release#25" title="View Source">Server</a> </h2>
<pre class="funcdecl">func Server(conn <a href="net.htm">net</a>.<a href="net.htm#Conn">Conn</a>, config *<a href="#Config">Config</a>) *<a href="#Conn">Conn</a></pre>
<p>Server使用conn作为下层传输接口返回一个TLS连接的服务端侧。配置参数config必须是非nil的且必须含有至少一个证书。</p>
<h2 id="Dial">func <a href="https://github.com/golang/go/blob/master/src/crypto/tls/tls.go?name=release#164" title="View Source">Dial</a> </h2>
<pre class="funcdecl">func Dial(network, addr <a href="builtin.htm#string">string</a>, config *<a href="#Config">Config</a>) (*<a href="#Conn">Conn</a>, <a href="builtin.htm#error">error</a>)</pre>
<p>Dial使用net.Dial连接指定的网络和地址然后发起TLS握手返回生成的TLS连接。Dial会将nil的配置视为零值的配置参见Config类型的文档获取细节。</p>
<div class="panel-group">
<div class="panel panel-default" id="example-Dial">
<div class="panel-heading" onclick="document.getElementById('ex-Dial').style.display = document.getElementById('ex-Dial').style.display=='none'?'block':'none';">Example</div>
<div class="panel-collapse collapse" id="ex-Dial">
<div class="panel-body">
<pre><span class="com">// Connecting with a custom root-certificate set.</span>
const rootPEM = `
-----BEGIN CERTIFICATE-----
MIIEBDCCAuygAwIBAgIDAjppMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMTMwNDA1MTUxNTU1WhcNMTUwNDA0MTUxNTU1WjBJMQswCQYDVQQG
EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy
bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP
VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv
h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE
ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ
EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC
DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB+zCB+DAfBgNVHSMEGDAWgBTAephojYn7
qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wEgYD
VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMwMTAvoC2g
K4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9ndGdsb2JhbC5jcmwwPQYI
KwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vZ3RnbG9iYWwtb2NzcC5n
ZW90cnVzdC5jb20wFwYDVR0gBBAwDjAMBgorBgEEAdZ5AgUBMA0GCSqGSIb3DQEB
BQUAA4IBAQA21waAESetKhSbOHezI6B1WLuxfoNCunLaHtiONgaX4PCVOzf9G0JY
/iLIa704XtE7JW4S615ndkZAkNoUyHgN7ZVm2o6Gb4ChulYylYbc3GrKBIxbf/a/
zG+FA1jDaFETzf3I93k9mTXwVqO94FntT0QJo544evZG0R0SnU++0ED8Vf4GXjza
HFa9llF7b1cq26KqltyMdMKVvvBulRP/F/A8rLIQjcxz++iPAsbw+zOzlTvjwsto
WHPbqCRiOwY1nQ2pM714A5AuTHhdUDqB1O6gyHA43LL5Z/qHQF1hwFGPa4NrzQU6
yuGnBXj8ytqU0CwIPX4WecigUCAkVDNx
-----END CERTIFICATE-----`
<span class="com">// First, create the set of root certificates. For this example we only</span>
<span class="com">// have one. It's also possible to omit this in order to use the</span>
<span class="com">// default root set of the current operating system.</span>
roots := x509.NewCertPool()
ok := roots.AppendCertsFromPEM([]byte(rootPEM))
if !ok {
panic("failed to parse root certificate")
}
conn, err := tls.Dial("tcp", "mail.google.com:443", &amp;tls.Config{
RootCAs: roots,
})
if err != nil {
panic("failed to connect: " + err.Error())
}
conn.Close()
</pre>
</div>
</div>
</div>
</div>
<h2 id="DialWithDialer">func <a href="https://github.com/golang/go/blob/master/src/crypto/tls/tls.go?name=release#93" title="View Source">DialWithDialer</a> </h2>
<pre class="funcdecl">func DialWithDialer(dialer *<a href="net.htm">net</a>.<a href="net.htm#Dialer">Dialer</a>, network, addr <a href="builtin.htm#string">string</a>, config *<a href="#Config">Config</a>) (*<a href="#Conn">Conn</a>, <a href="builtin.htm#error">error</a>)</pre>
<p align="left">DialWithDialer使用dialer.Dial连接指定的网络和地址然后发起TLS握手返回生成的TLS连接。dialer中的超时和期限设置会将连接和TLS握手作为一个整体来应用。</p>
<p align="left">DialWithDialer会将nil的配置视为零值的配置参见Config类型的文档获取细节。</p>
<h2 id="Listen">func <a href="https://github.com/golang/go/blob/master/src/crypto/tls/tls.go?name=release#69" title="View Source">Listen</a> </h2>
<pre class="funcdecl">func Listen(network, laddr <a href="builtin.htm#string">string</a>, config *<a href="#Config">Config</a>) (<a href="net.htm">net</a>.<a href="net.htm#Listener">Listener</a>, <a href="builtin.htm#error">error</a>)</pre>
<p>函数创建一个TLS监听器使用net.Listen函数接收给定地址上的连接。配置参数config必须是非nil的且必须含有至少一个证书。</p>
<h2 id="NewListener">func <a href="https://github.com/golang/go/blob/master/src/crypto/tls/tls.go?name=release#58" title="View Source">NewListener</a> </h2>
<pre class="funcdecl">func NewListener(inner <a href="net.htm">net</a>.<a href="net.htm#Listener">Listener</a>, config *<a href="#Config">Config</a>) <a href="net.htm">net</a>.<a href="net.htm#Listener">Listener</a></pre>
<p>函数创建一个TLS监听器该监听器接受inner接收到的每一个连接并调用Server函数包装这些连接。配置参数config必须是非nil的且必须含有至少一个证书。</p>
</div>

447
src/docs/go/crypto/x509.html Normal file
View File

@@ -0,0 +1,447 @@
<div class="container">
<h1 id="pkg-overview">package x509</h1>
<p><code>import "crypto/x509"</code>
</p><p>x509包解析X.509编码的证书和密钥。</p>
<h2 id="pkg-constants">Constants </h2>
<pre>const (
<span id="PEMCipherDES">PEMCipherDES</span>
<span id="PEMCipher3DES">PEMCipher3DES</span>
<span id="PEMCipherAES128">PEMCipherAES128</span>
<span id="PEMCipherAES192">PEMCipherAES192</span>
<span id="PEMCipherAES256">PEMCipherAES256</span>
)</pre>
<p>可能会被EncryptPEMBlock加密算法使用的值。</p>
<h2 id="pkg-variables">Variables </h2>
<pre>var <span id="ErrUnsupportedAlgorithm">ErrUnsupportedAlgorithm</span> = <a href="errors.htm">errors</a>.<a href="errors.htm#New">New</a>("x509: cannot verify signature: algorithm unimplemented")</pre>
<p>当试图执行包含目前未实现的算法的操作时会返回ErrUnsupportedAlgorithm。</p>
<pre>var <span id="IncorrectPasswordError">IncorrectPasswordError</span> = <a href="errors.htm">errors</a>.<a href="errors.htm#New">New</a>("x509: decryption password incorrect")</pre>
<p>当检测到不正确的密码时会返回IncorrectPasswordError。</p>
<h2 id="PEMCipher">type <a href="https://github.com/golang/go/blob/master/src/crypto/x509/pem_decrypt.go?name=release#23" title="View Source">PEMCipher</a> </h2>
<pre>type PEMCipher <a href="builtin.htm#int">int</a></pre>
<h2 id="PublicKeyAlgorithm">type <a href="https://github.com/golang/go/blob/master/src/crypto/x509/x509.go?name=release#172" title="View Source">PublicKeyAlgorithm</a> </h2>
<pre>type PublicKeyAlgorithm <a href="builtin.htm#int">int</a></pre>
<pre>const (
<span id="UnknownPublicKeyAlgorithm">UnknownPublicKeyAlgorithm</span> <a href="#PublicKeyAlgorithm">PublicKeyAlgorithm</a> = <a href="builtin.htm#iota">iota</a>
<span id="RSA">RSA</span>
<span id="DSA">DSA</span>
<span id="ECDSA">ECDSA</span>
)</pre>
<h2 id="SignatureAlgorithm">type <a href="https://github.com/golang/go/blob/master/src/crypto/x509/x509.go?name=release#154" title="View Source">SignatureAlgorithm</a> </h2>
<pre>type SignatureAlgorithm <a href="builtin.htm#int">int</a></pre>
<pre>const (
<span id="UnknownSignatureAlgorithm">UnknownSignatureAlgorithm</span> <a href="#SignatureAlgorithm">SignatureAlgorithm</a> = <a href="builtin.htm#iota">iota</a>
<span id="MD2WithRSA">MD2WithRSA</span>
<span id="MD5WithRSA">MD5WithRSA</span>
<span id="SHA1WithRSA">SHA1WithRSA</span>
<span id="SHA256WithRSA">SHA256WithRSA</span>
<span id="SHA384WithRSA">SHA384WithRSA</span>
<span id="SHA512WithRSA">SHA512WithRSA</span>
<span id="DSAWithSHA1">DSAWithSHA1</span>
<span id="DSAWithSHA256">DSAWithSHA256</span>
<span id="ECDSAWithSHA1">ECDSAWithSHA1</span>
<span id="ECDSAWithSHA256">ECDSAWithSHA256</span>
<span id="ECDSAWithSHA384">ECDSAWithSHA384</span>
<span id="ECDSAWithSHA512">ECDSAWithSHA512</span>
)</pre>
<h2 id="SystemRootsError">type <a href="https://github.com/golang/go/blob/master/src/crypto/x509/verify.go?name=release#119" title="View Source">SystemRootsError</a> </h2>
<pre>type SystemRootsError struct {
}</pre>
<p>当从系统装载根证书失败时会返回SystemRootsError。</p>
<h3 id="SystemRootsError.Error">func (SystemRootsError) <a href="https://github.com/golang/go/blob/master/src/crypto/x509/verify.go?name=release#122" title="View Source">Error</a> </h3>
<pre class="funcdecl">func (e <a href="#SystemRootsError">SystemRootsError</a>) Error() <a href="builtin.htm#string">string</a></pre>
<h2 id="HostnameError">type <a href="https://github.com/golang/go/blob/master/src/crypto/x509/verify.go?name=release#62" title="View Source">HostnameError</a> </h2>
<pre>type HostnameError struct {
<span id="HostnameError.Certificate">Certificate</span> *<a href="#Certificate">Certificate</a>
<span id="HostnameError.Host">Host</span> <a href="builtin.htm#string">string</a>
}</pre>
<p>当认证的名字和请求的名字不匹配时会返回HostnameError。</p>
<h3 id="HostnameError.Error">func (HostnameError) <a href="https://github.com/golang/go/blob/master/src/crypto/x509/verify.go?name=release#67" title="View Source">Error</a> </h3>
<pre class="funcdecl">func (h <a href="#HostnameError">HostnameError</a>) Error() <a href="builtin.htm#string">string</a></pre>
<h2 id="UnknownAuthorityError">type <a href="https://github.com/golang/go/blob/master/src/crypto/x509/verify.go?name=release#93" title="View Source">UnknownAuthorityError</a> </h2>
<pre>type UnknownAuthorityError struct {
<span class="com">// 内含隐藏或非导出字段</span>
}</pre>
<p>当证书的发布者未知时会返回UnknownAuthorityError。</p>
<h3 id="UnknownAuthorityError.Error">func (UnknownAuthorityError) <a href="https://github.com/golang/go/blob/master/src/crypto/x509/verify.go?name=release#103" title="View Source">Error</a> </h3>
<pre class="funcdecl">func (e <a href="#UnknownAuthorityError">UnknownAuthorityError</a>) Error() <a href="builtin.htm#string">string</a></pre>
<h2 id="ConstraintViolationError">type <a href="https://github.com/golang/go/blob/master/src/crypto/x509/x509.go?name=release#527" title="View Source">ConstraintViolationError</a> </h2>
<pre>type ConstraintViolationError struct{}</pre>
<p>当请求的用途不被证书许可时会返回ConstraintViolationError。如当公钥不是证书的签名密钥时用它检查签名。</p>
<h3 id="ConstraintViolationError.Error">func (ConstraintViolationError) <a href="https://github.com/golang/go/blob/master/src/crypto/x509/x509.go?name=release#529" title="View Source">Error</a> </h3>
<pre class="funcdecl">func (<a href="#ConstraintViolationError">ConstraintViolationError</a>) Error() <a href="builtin.htm#string">string</a></pre>
<h2 id="UnhandledCriticalExtension">type <a href="https://github.com/golang/go/blob/master/src/crypto/x509/x509.go?name=release#677" title="View Source">UnhandledCriticalExtension</a> </h2>
<pre>type UnhandledCriticalExtension struct{}</pre>
<h3 id="UnhandledCriticalExtension.Error">func (UnhandledCriticalExtension) <a href="https://github.com/golang/go/blob/master/src/crypto/x509/x509.go?name=release#679" title="View Source">Error</a> </h3>
<pre class="funcdecl">func (h <a href="#UnhandledCriticalExtension">UnhandledCriticalExtension</a>) Error() <a href="builtin.htm#string">string</a></pre>
<h2 id="CertificateInvalidError">type <a href="https://github.com/golang/go/blob/master/src/crypto/x509/verify.go?name=release#39" title="View Source">CertificateInvalidError</a> </h2>
<pre>type CertificateInvalidError struct {
<span id="CertificateInvalidError.Cert">Cert</span> *<a href="#Certificate">Certificate</a>
<span id="CertificateInvalidError.Reason">Reason</span> <a href="#InvalidReason">InvalidReason</a>
}</pre>
<p>当发生其余的错误时会返回CertificateInvalidError。本包的使用者可能会想统一处理所有这类错误。</p>
<h3 id="CertificateInvalidError.Error">func (CertificateInvalidError) <a href="https://github.com/golang/go/blob/master/src/crypto/x509/verify.go?name=release#44" title="View Source">Error</a> </h3>
<pre class="funcdecl">func (e <a href="#CertificateInvalidError">CertificateInvalidError</a>) Error() <a href="builtin.htm#string">string</a></pre>
<h2 id="KeyUsage">type <a href="https://github.com/golang/go/blob/master/src/crypto/x509/x509.go?name=release#361" title="View Source">KeyUsage</a> </h2>
<pre>type KeyUsage <a href="builtin.htm#int">int</a></pre>
<p>KeyUsage代表给定密钥的合法操作集。用KeyUsage类型常数的位图表示。字位表示有无</p>
<pre>const (
<span id="KeyUsageDigitalSignature">KeyUsageDigitalSignature</span> <a href="#KeyUsage">KeyUsage</a> = 1 &lt;&lt; <a href="builtin.htm#iota">iota</a>
<span id="KeyUsageContentCommitment">KeyUsageContentCommitment</span>
<span id="KeyUsageKeyEncipherment">KeyUsageKeyEncipherment</span>
<span id="KeyUsageDataEncipherment">KeyUsageDataEncipherment</span>
<span id="KeyUsageKeyAgreement">KeyUsageKeyAgreement</span>
<span id="KeyUsageCertSign">KeyUsageCertSign</span>
<span id="KeyUsageCRLSign">KeyUsageCRLSign</span>
<span id="KeyUsageEncipherOnly">KeyUsageEncipherOnly</span>
<span id="KeyUsageDecipherOnly">KeyUsageDecipherOnly</span>
)</pre>
<h2 id="ExtKeyUsage">type <a href="https://github.com/golang/go/blob/master/src/crypto/x509/x509.go?name=release#404" title="View Source">ExtKeyUsage</a> </h2>
<pre>type ExtKeyUsage <a href="builtin.htm#int">int</a></pre>
<p>ExtKeyUsage代表给定密钥的合法操作扩展集。每一个ExtKeyUsage类型常数定义一个特定的操作。</p>
<pre>const (
<span id="ExtKeyUsageAny">ExtKeyUsageAny</span> <a href="#ExtKeyUsage">ExtKeyUsage</a> = <a href="builtin.htm#iota">iota</a>
<span id="ExtKeyUsageServerAuth">ExtKeyUsageServerAuth</span>
<span id="ExtKeyUsageClientAuth">ExtKeyUsageClientAuth</span>
<span id="ExtKeyUsageCodeSigning">ExtKeyUsageCodeSigning</span>
<span id="ExtKeyUsageEmailProtection">ExtKeyUsageEmailProtection</span>
<span id="ExtKeyUsageIPSECEndSystem">ExtKeyUsageIPSECEndSystem</span>
<span id="ExtKeyUsageIPSECTunnel">ExtKeyUsageIPSECTunnel</span>
<span id="ExtKeyUsageIPSECUser">ExtKeyUsageIPSECUser</span>
<span id="ExtKeyUsageTimeStamping">ExtKeyUsageTimeStamping</span>
<span id="ExtKeyUsageOCSPSigning">ExtKeyUsageOCSPSigning</span>
<span id="ExtKeyUsageMicrosoftServerGatedCrypto">ExtKeyUsageMicrosoftServerGatedCrypto</span>
<span id="ExtKeyUsageNetscapeServerGatedCrypto">ExtKeyUsageNetscapeServerGatedCrypto</span>
)</pre>
<h2 id="VerifyOptions">type <a href="https://github.com/golang/go/blob/master/src/crypto/x509/verify.go?name=release#128" title="View Source">VerifyOptions</a> </h2>
<pre>type VerifyOptions struct {
<span id="VerifyOptions.DNSName">DNSName</span> <a href="builtin.htm#string">string</a>
<span id="VerifyOptions.Intermediates">Intermediates</span> *<a href="#CertPool">CertPool</a>
<span id="VerifyOptions.Roots">Roots</span> *<a href="#CertPool">CertPool</a> <span class="com">// 如为nil将使用系统根证书池</span>
<span id="VerifyOptions.CurrentTime">CurrentTime</span> <a href="time.htm">time</a>.<a href="time.htm#Time">Time</a> <span class="com">// 如为零值,将使用当前时间</span>
<span class="com">// KeyUsage指定了可以接受哪些密钥扩展用途空列表代表ExtKeyUsageServerAuth。</span>
<span class="com">// 密钥用途被作为生成证书链的限制条件类似Windows加密应用程序接口的行为但不完全一样</span>
<span class="com">// 要接受任何密钥用途可以使本字段包含ExtKeyUsageAny。</span>
<span id="VerifyOptions.KeyUsages">KeyUsages</span> []<a href="#ExtKeyUsage">ExtKeyUsage</a>
}</pre>
<p>VerifyOptions包含提供给Certificate.Verify方法的参数。它是结构体类型因为其他PKIX认证API需要很长参数。</p>
<h2 id="InvalidReason">type <a href="https://github.com/golang/go/blob/master/src/crypto/x509/verify.go?name=release#16" title="View Source">InvalidReason</a> </h2>
<pre>type InvalidReason <a href="builtin.htm#int">int</a></pre>
<pre>const (
<span class="com">// NotAuthorizedToSign表示给本证书签名的证书不是CA证书</span>
<span id="NotAuthorizedToSign">NotAuthorizedToSign</span> <a href="#InvalidReason">InvalidReason</a> = <a href="builtin.htm#iota">iota</a>
<span class="com">// Expired表示证书已过期根据VerifyOptions.CurrentTime判断</span>
<span id="Expired">Expired</span>
<span class="com">// CANotAuthorizedForThisName表示中间证书或根证书具有名字限制且不包含被检查的名字</span>
<span id="CANotAuthorizedForThisName">CANotAuthorizedForThisName</span>
<span class="com">// TooManyIntermediates表示违反了路径长度限制</span>
<span id="TooManyIntermediates">TooManyIntermediates</span>
<span class="com">// IncompatibleUsage表示证书的密钥用途显示它只能用于其它目的</span>
<span id="IncompatibleUsage">IncompatibleUsage</span>
)</pre>
<h2 id="Certificate">type <a href="https://github.com/golang/go/blob/master/src/crypto/x509/x509.go?name=release#459" title="View Source">Certificate</a> </h2>
<pre>type Certificate struct {
<span id="Certificate.Raw">Raw</span> []<a href="builtin.htm#byte">byte</a> <span class="com">// 原始、完整的ASN.1 DER内容证书、签名算法、签名</span>
<span id="Certificate.RawTBSCertificate">RawTBSCertificate</span> []<a href="builtin.htm#byte">byte</a> <span class="com">// ASN.1 DER 内容的证书部分</span>
<span id="Certificate.RawSubjectPublicKeyInfo">RawSubjectPublicKeyInfo</span> []<a href="builtin.htm#byte">byte</a> <span class="com">// 原始DER编码的SubjectPublicKeyInfo</span>
<span id="Certificate.RawSubject">RawSubject</span> []<a href="builtin.htm#byte">byte</a> <span class="com">// 原始DER编码的Subject</span>
<span id="Certificate.RawIssuer">RawIssuer</span> []<a href="builtin.htm#byte">byte</a> <span class="com">// 原始DER编码的Issuer</span>
<span id="Certificate.Signature">Signature</span> []<a href="builtin.htm#byte">byte</a>
<span id="Certificate.SignatureAlgorithm">SignatureAlgorithm</span> <a href="#SignatureAlgorithm">SignatureAlgorithm</a>
<span id="Certificate.PublicKeyAlgorithm">PublicKeyAlgorithm</span> <a href="#PublicKeyAlgorithm">PublicKeyAlgorithm</a>
<span id="Certificate.PublicKey">PublicKey</span> interface{}
<span id="Certificate.Version">Version</span> <a href="builtin.htm#int">int</a>
<span id="Certificate.SerialNumber">SerialNumber</span> *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a>
<span id="Certificate.Issuer">Issuer</span> <a href="crypto/x509/pkix.htm">pkix</a>.<a href="crypto/x509/pkix.htm#Name">Name</a>
<span id="Certificate.Subject">Subject</span> <a href="crypto/x509/pkix.htm">pkix</a>.<a href="crypto/x509/pkix.htm#Name">Name</a>
<span id="Certificate.NotBefore">NotBefore</span>, <span id="Certificate.NotAfter">NotAfter</span> <a href="time.htm">time</a>.<a href="time.htm#Time">Time</a> <span class="com">// 有效期前后界,本时间段之外无效</span>
<span id="Certificate.KeyUsage">KeyUsage</span> <a href="#KeyUsage">KeyUsage</a>
<span class="com">// Extensions保管原始的X.509扩展。当解析证书时,本字段用于摘录本包未解析的不关键扩展。</span>
<span class="com">// 序列化证书时Extensions字段会被忽略参见ExtraExtensions。</span>
<span id="Certificate.Extensions">Extensions</span> []<a href="crypto/x509/pkix.htm">pkix</a>.<a href="crypto/x509/pkix.htm#Extension">Extension</a>
<span class="com">// ExtraExtensions包含应被直接拷贝到任何序列化的证书中的扩展。</span>
<span class="com">// 本字段保管的值会覆盖任何其它字段生成的扩展。</span>
<span class="com">// ExtraExtensions字段在解析证书时不会被填写参见Extensions。</span>
<span id="Certificate.ExtraExtensions">ExtraExtensions</span> []<a href="crypto/x509/pkix.htm">pkix</a>.<a href="crypto/x509/pkix.htm#Extension">Extension</a>
<span id="Certificate.ExtKeyUsage">ExtKeyUsage</span> []<a href="#ExtKeyUsage">ExtKeyUsage</a> <span class="com">// 密钥扩展用途的序列</span>
<span id="Certificate.UnknownExtKeyUsage">UnknownExtKeyUsage</span> []<a href="encoding/asn1.htm">asn1</a>.<a href="encoding/asn1.htm#ObjectIdentifier">ObjectIdentifier</a> <span class="com">// 遇到的本包不能识别的密钥扩展用途</span>
<span id="Certificate.BasicConstraintsValid">BasicConstraintsValid</span> <a href="builtin.htm#bool">bool</a> <span class="com">// 如果下两个字段合法,将为真</span>
<span id="Certificate.IsCA">IsCA</span> <a href="builtin.htm#bool">bool</a>
<span id="Certificate.MaxPathLen">MaxPathLen</span> <a href="builtin.htm#int">int</a>
<span id="Certificate.SubjectKeyId">SubjectKeyId</span> []<a href="builtin.htm#byte">byte</a>
<span id="Certificate.AuthorityKeyId">AuthorityKeyId</span> []<a href="builtin.htm#byte">byte</a>
<span class="com">// RFC 5280, 4.2.2.1(认证信息存取)</span>
<span id="Certificate.OCSPServer">OCSPServer</span> []<a href="builtin.htm#string">string</a>
<span id="Certificate.IssuingCertificateURL">IssuingCertificateURL</span> []<a href="builtin.htm#string">string</a>
<span class="com">// 证书持有者的替用名称</span>
<span id="Certificate.DNSNames">DNSNames</span> []<a href="builtin.htm#string">string</a>
<span id="Certificate.EmailAddresses">EmailAddresses</span> []<a href="builtin.htm#string">string</a>
<span id="Certificate.IPAddresses">IPAddresses</span> []<a href="net.htm">net</a>.<a href="net.htm#IP">IP</a>
<span class="com">// 名称的约束</span>
<span id="Certificate.PermittedDNSDomainsCritical">PermittedDNSDomainsCritical</span> <a href="builtin.htm#bool">bool</a> <span class="com">// 如为真则名称约束被标记为关键的</span>
<span id="Certificate.PermittedDNSDomains">PermittedDNSDomains</span> []<a href="builtin.htm#string">string</a>
<span class="com">// CRL配销点</span>
<span id="Certificate.CRLDistributionPoints">CRLDistributionPoints</span> []<a href="builtin.htm#string">string</a>
<span id="Certificate.PolicyIdentifiers">PolicyIdentifiers</span> []<a href="encoding/asn1.htm">asn1</a>.<a href="encoding/asn1.htm#ObjectIdentifier">ObjectIdentifier</a>
}</pre>
<p>Certificate代表一个X.509证书。</p>
<h3 id="Certificate.CheckSignatureFrom">func (*Certificate) <a href="https://github.com/golang/go/blob/master/src/crypto/x509/x509.go?name=release#588" title="View Source">CheckSignatureFrom</a> </h3>
<pre class="funcdecl">func (c *<a href="#Certificate">Certificate</a>) CheckSignatureFrom(parent *<a href="#Certificate">Certificate</a>) (err <a href="builtin.htm#error">error</a>)</pre>
<p>CheckSignatureFrom检查c中的签名是否是来自parent的合法签名。</p>
<h3 id="Certificate.CheckCRLSignature">func (*Certificate) <a href="https://github.com/golang/go/blob/master/src/crypto/x509/x509.go?name=release#672" title="View Source">CheckCRLSignature</a> </h3>
<pre class="funcdecl">func (c *<a href="#Certificate">Certificate</a>) CheckCRLSignature(crl *<a href="crypto/x509/pkix.htm">pkix</a>.<a href="crypto/x509/pkix.htm#CertificateList">CertificateList</a>) (err <a href="builtin.htm#error">error</a>)</pre>
<p>CheckCRLSignature检查crl中的签名是否来自c。</p>
<h3 id="Certificate.CheckSignature">func (*Certificate) <a href="https://github.com/golang/go/blob/master/src/crypto/x509/x509.go?name=release#616" title="View Source">CheckSignature</a> </h3>
<pre class="funcdecl">func (c *<a href="#Certificate">Certificate</a>) CheckSignature(algo <a href="#SignatureAlgorithm">SignatureAlgorithm</a>, signed, signature []<a href="builtin.htm#byte">byte</a>) (err <a href="builtin.htm#error">error</a>)</pre>
<p>CheckSignature检查signature是否是c的公钥生成的signed的合法签名。</p>
<h3 id="Certificate.CreateCRL">func (*Certificate) <a href="https://github.com/golang/go/blob/master/src/crypto/x509/x509.go?name=release#1556" title="View Source">CreateCRL</a> </h3>
<pre class="funcdecl">func (c *<a href="#Certificate">Certificate</a>) CreateCRL(rand <a href="io.htm">io</a>.<a href="io.htm#Reader">Reader</a>, priv interface{}, revokedCerts []<a href="crypto/x509/pkix.htm">pkix</a>.<a href="crypto/x509/pkix.htm#RevokedCertificate">RevokedCertificate</a>, now, expiry <a href="time.htm">time</a>.<a href="time.htm#Time">Time</a>) (crlBytes []<a href="builtin.htm#byte">byte</a>, err <a href="builtin.htm#error">error</a>)</pre>
<p>CreateCRL返回一个DER编码的CRL证书注销列表使用c签名并包含给出的已取消签名列表。</p>
<p>只支持RSA类型的密钥priv参数必须是*rsa.PrivateKey类型</p>
<h3 id="Certificate.Equal">func (*Certificate) <a href="https://github.com/golang/go/blob/master/src/crypto/x509/x509.go?name=release#533" title="View Source">Equal</a> </h3>
<pre class="funcdecl">func (c *<a href="#Certificate">Certificate</a>) Equal(other *<a href="#Certificate">Certificate</a>) <a href="builtin.htm#bool">bool</a></pre>
<h3 id="Certificate.Verify">func (*Certificate) <a href="https://github.com/golang/go/blob/master/src/crypto/x509/verify.go?name=release#210" title="View Source">Verify</a> </h3>
<pre class="funcdecl">func (c *<a href="#Certificate">Certificate</a>) Verify(opts <a href="#VerifyOptions">VerifyOptions</a>) (chains [][]*<a href="#Certificate">Certificate</a>, err <a href="builtin.htm#error">error</a>)</pre>
<p align="left">Verify通过创建一到多个从c到opts.Roots中的证书的链条来认证c如有必要会使用opts.Intermediates中的证书。如果成功它会返回一到多个证书链条每一条都以c开始以opts.Roots中的证书结束。</p>
<p align="left">警告:它不会做任何取消检查。</p>
<div class="panel-group">
<div class="panel panel-default" id="example-Certificate-Verify">
<div class="panel-heading" onclick="document.getElementById('ex-Certificate-Verify').style.display = document.getElementById('ex-Certificate-Verify').style.display=='none'?'block':'none';">Example</div>
<div class="panel-collapse collapse" id="ex-Certificate-Verify">
<div class="panel-body">
<pre><span class="com">// Verifying with a custom list of root certificates.</span>
const rootPEM = `
-----BEGIN CERTIFICATE-----
MIIEBDCCAuygAwIBAgIDAjppMA0GCSqGSIb3DQEBBQUAMEIxCzAJBgNVBAYTAlVT
MRYwFAYDVQQKEw1HZW9UcnVzdCBJbmMuMRswGQYDVQQDExJHZW9UcnVzdCBHbG9i
YWwgQ0EwHhcNMTMwNDA1MTUxNTU1WhcNMTUwNDA0MTUxNTU1WjBJMQswCQYDVQQG
EwJVUzETMBEGA1UEChMKR29vZ2xlIEluYzElMCMGA1UEAxMcR29vZ2xlIEludGVy
bmV0IEF1dGhvcml0eSBHMjCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEB
AJwqBHdc2FCROgajguDYUEi8iT/xGXAaiEZ+4I/F8YnOIe5a/mENtzJEiaB0C1NP
VaTOgmKV7utZX8bhBYASxF6UP7xbSDj0U/ck5vuR6RXEz/RTDfRK/J9U3n2+oGtv
h8DQUB8oMANA2ghzUWx//zo8pzcGjr1LEQTrfSTe5vn8MXH7lNVg8y5Kr0LSy+rE
ahqyzFPdFUuLH8gZYR/Nnag+YyuENWllhMgZxUYi+FOVvuOAShDGKuy6lyARxzmZ
EASg8GF6lSWMTlJ14rbtCMoU/M4iarNOz0YDl5cDfsCx3nuvRTPPuj5xt970JSXC
DTWJnZ37DhF5iR43xa+OcmkCAwEAAaOB+zCB+DAfBgNVHSMEGDAWgBTAephojYn7
qwVkDBF9qn1luMrMTjAdBgNVHQ4EFgQUSt0GFhu89mi1dvWBtrtiGrpagS8wEgYD
VR0TAQH/BAgwBgEB/wIBADAOBgNVHQ8BAf8EBAMCAQYwOgYDVR0fBDMwMTAvoC2g
K4YpaHR0cDovL2NybC5nZW90cnVzdC5jb20vY3Jscy9ndGdsb2JhbC5jcmwwPQYI
KwYBBQUHAQEEMTAvMC0GCCsGAQUFBzABhiFodHRwOi8vZ3RnbG9iYWwtb2NzcC5n
ZW90cnVzdC5jb20wFwYDVR0gBBAwDjAMBgorBgEEAdZ5AgUBMA0GCSqGSIb3DQEB
BQUAA4IBAQA21waAESetKhSbOHezI6B1WLuxfoNCunLaHtiONgaX4PCVOzf9G0JY
/iLIa704XtE7JW4S615ndkZAkNoUyHgN7ZVm2o6Gb4ChulYylYbc3GrKBIxbf/a/
zG+FA1jDaFETzf3I93k9mTXwVqO94FntT0QJo544evZG0R0SnU++0ED8Vf4GXjza
HFa9llF7b1cq26KqltyMdMKVvvBulRP/F/A8rLIQjcxz++iPAsbw+zOzlTvjwsto
WHPbqCRiOwY1nQ2pM714A5AuTHhdUDqB1O6gyHA43LL5Z/qHQF1hwFGPa4NrzQU6
yuGnBXj8ytqU0CwIPX4WecigUCAkVDNx
-----END CERTIFICATE-----`
const certPEM = `
-----BEGIN CERTIFICATE-----
MIIDujCCAqKgAwIBAgIIE31FZVaPXTUwDQYJKoZIhvcNAQEFBQAwSTELMAkGA1UE
BhMCVVMxEzARBgNVBAoTCkdvb2dsZSBJbmMxJTAjBgNVBAMTHEdvb2dsZSBJbnRl
cm5ldCBBdXRob3JpdHkgRzIwHhcNMTQwMTI5MTMyNzQzWhcNMTQwNTI5MDAwMDAw
WjBpMQswCQYDVQQGEwJVUzETMBEGA1UECAwKQ2FsaWZvcm5pYTEWMBQGA1UEBwwN
TW91bnRhaW4gVmlldzETMBEGA1UECgwKR29vZ2xlIEluYzEYMBYGA1UEAwwPbWFp
bC5nb29nbGUuY29tMFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEfRrObuSW5T7q
5CnSEqefEmtH4CCv6+5EckuriNr1CjfVvqzwfAhopXkLrq45EQm8vkmf7W96XJhC
7ZM0dYi1/qOCAU8wggFLMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjAa
BgNVHREEEzARgg9tYWlsLmdvb2dsZS5jb20wCwYDVR0PBAQDAgeAMGgGCCsGAQUF
BwEBBFwwWjArBggrBgEFBQcwAoYfaHR0cDovL3BraS5nb29nbGUuY29tL0dJQUcy
LmNydDArBggrBgEFBQcwAYYfaHR0cDovL2NsaWVudHMxLmdvb2dsZS5jb20vb2Nz
cDAdBgNVHQ4EFgQUiJxtimAuTfwb+aUtBn5UYKreKvMwDAYDVR0TAQH/BAIwADAf
BgNVHSMEGDAWgBRK3QYWG7z2aLV29YG2u2IaulqBLzAXBgNVHSAEEDAOMAwGCisG
AQQB1nkCBQEwMAYDVR0fBCkwJzAloCOgIYYfaHR0cDovL3BraS5nb29nbGUuY29t
L0dJQUcyLmNybDANBgkqhkiG9w0BAQUFAAOCAQEAH6RYHxHdcGpMpFE3oxDoFnP+
gtuBCHan2yE2GRbJ2Cw8Lw0MmuKqHlf9RSeYfd3BXeKkj1qO6TVKwCh+0HdZk283
TZZyzmEOyclm3UGFYe82P/iDFt+CeQ3NpmBg+GoaVCuWAARJN/KfglbLyyYygcQq
0SgeDh8dRKUiaW3HQSoYvTvdTuqzwK4CXsr3b5/dAOY8uMuG/IAR3FgwTbZ1dtoW
RvOTa8hYiU6A475WuZKyEHcwnGYe57u2I2KbMgcKjPniocj4QzgYsVAVKW3IwaOh
yE+vPxsiUkvQHdO2fojCkY8jg70jxM+gu59tPDNbw3Uh/2Ij310FgTHsnGQMyA==
-----END CERTIFICATE-----`
<span class="com">// First, create the set of root certificates. For this example we only</span>
<span class="com">// have one. It's also possible to omit this in order to use the</span>
<span class="com">// default root set of the current operating system.</span>
roots := x509.NewCertPool()
ok := roots.AppendCertsFromPEM([]byte(rootPEM))
if !ok {
panic("failed to parse root certificate")
}
block, _ := pem.Decode([]byte(certPEM))
if block == nil {
panic("failed to parse certificate PEM")
}
cert, err := x509.ParseCertificate(block.Bytes)
if err != nil {
panic("failed to parse certificate: " + err.Error())
}
opts := x509.VerifyOptions{
DNSName: "mail.google.com",
Roots: roots,
}
if _, err := cert.Verify(opts); err != nil {
panic("failed to verify certificate: " + err.Error())
}
</pre>
</div>
</div>
</div>
</div>
<h3 id="Certificate.VerifyHostname">func (*Certificate) <a href="https://github.com/golang/go/blob/master/src/crypto/x509/verify.go?name=release#381" title="View Source">VerifyHostname</a> </h3>
<pre class="funcdecl">func (c *<a href="#Certificate">Certificate</a>) VerifyHostname(h <a href="builtin.htm#string">string</a>) <a href="builtin.htm#error">error</a></pre>
<p>如果c是名为h的主机的合法证书VerifyHostname会返回真否则它返回一个描述该不匹配情况的错误。</p>
<h2 id="CertPool">type <a href="https://github.com/golang/go/blob/master/src/crypto/x509/cert_pool.go?name=release#12" title="View Source">CertPool</a> </h2>
<pre>type CertPool struct {
<span class="com">// 内含隐藏或非导出字段</span>
}</pre>
<p>CertPool代表一个证书集合/证书池。</p>
<h3 id="NewCertPool">func <a href="https://github.com/golang/go/blob/master/src/crypto/x509/cert_pool.go?name=release#19" title="View Source">NewCertPool</a> </h3>
<pre class="funcdecl">func NewCertPool() *<a href="#CertPool">CertPool</a></pre>
<p>NewCertPool创建一个新的、空的CertPool。</p>
<h3 id="CertPool.AddCert">func (*CertPool) <a href="https://github.com/golang/go/blob/master/src/crypto/x509/cert_pool.go?name=release#56" title="View Source">AddCert</a> </h3>
<pre class="funcdecl">func (s *<a href="#CertPool">CertPool</a>) AddCert(cert *<a href="#Certificate">Certificate</a>)</pre>
<p>AddCert向s中添加一个证书。</p>
<h3 id="CertPool.AppendCertsFromPEM">func (*CertPool) <a href="https://github.com/golang/go/blob/master/src/crypto/x509/cert_pool.go?name=release#85" title="View Source">AppendCertsFromPEM</a> </h3>
<pre class="funcdecl">func (s *<a href="#CertPool">CertPool</a>) AppendCertsFromPEM(pemCerts []<a href="builtin.htm#byte">byte</a>) (ok <a href="builtin.htm#bool">bool</a>)</pre>
<p align="left">AppendCertsFromPEM试图解析一系列PEM编码的证书。它将找到的任何证书都加入s中如果所有证书都成功被解析会返回真。</p>
<p align="left">在许多Linux系统中/etc/ssl/cert.pem会包含适合本函数的大量系统级根证书。</p>
<h3 id="CertPool.Subjects">func (*CertPool) <a href="https://github.com/golang/go/blob/master/src/crypto/x509/cert_pool.go?name=release#110" title="View Source">Subjects</a> </h3>
<pre class="funcdecl">func (s *<a href="#CertPool">CertPool</a>) Subjects() (res [][]<a href="builtin.htm#byte">byte</a>)</pre>
<p>Subjects返回池中所有证书的DER编码的持有者的列表。</p>
<h2 id="CertificateRequest">type <a href="https://github.com/golang/go/blob/master/src/crypto/x509/x509.go?name=release#1596" title="View Source">CertificateRequest</a> </h2>
<pre>type CertificateRequest struct {
<span id="CertificateRequest.Raw">Raw</span> []<a href="builtin.htm#byte">byte</a> <span class="com">// 原始、完整的ASN.1 DER内容CSR、签名算法、签名</span>
<span id="CertificateRequest.RawTBSCertificateRequest">RawTBSCertificateRequest</span> []<a href="builtin.htm#byte">byte</a> <span class="com">// ASN.1 DER 内容的证书请求信息</span>
<span id="CertificateRequest.RawSubjectPublicKeyInfo">RawSubjectPublicKeyInfo</span> []<a href="builtin.htm#byte">byte</a> <span class="com">// 原始DER编码的SubjectPublicKeyInfo</span>
<span id="CertificateRequest.RawSubject">RawSubject</span> []<a href="builtin.htm#byte">byte</a> <span class="com">// 原始DER编码的Subject</span>
<span id="CertificateRequest.Version">Version</span> <a href="builtin.htm#int">int</a>
<span id="CertificateRequest.Signature">Signature</span> []<a href="builtin.htm#byte">byte</a>
<span id="CertificateRequest.SignatureAlgorithm">SignatureAlgorithm</span> <a href="#SignatureAlgorithm">SignatureAlgorithm</a>
<span id="CertificateRequest.PublicKeyAlgorithm">PublicKeyAlgorithm</span> <a href="#PublicKeyAlgorithm">PublicKeyAlgorithm</a>
<span id="CertificateRequest.PublicKey">PublicKey</span> interface{}
<span id="CertificateRequest.Subject">Subject</span> <a href="crypto/x509/pkix.htm">pkix</a>.<a href="crypto/x509/pkix.htm#Name">Name</a>
<span class="com">// Attributes提供关于证书持有者的额外信息参见RFC 2986 section 4.1。</span>
<span id="CertificateRequest.Attributes">Attributes</span> []<a href="crypto/x509/pkix.htm">pkix</a>.<a href="crypto/x509/pkix.htm#AttributeTypeAndValueSET">AttributeTypeAndValueSET</a>
<span class="com">// Extensions保管原始的X.509扩展。当解析CSR时本字段用于摘录本包未解析的不关键扩展。</span>
<span id="CertificateRequest.Extensions">Extensions</span> []<a href="crypto/x509/pkix.htm">pkix</a>.<a href="crypto/x509/pkix.htm#Extension">Extension</a>
<span class="com">// ExtraExtensions包含应被直接拷贝到任何序列化的CSR中的扩展。</span>
<span class="com">// 本字段保管的值会覆盖任何其它字段生成的扩展但会被Attributes字段指定的扩展覆盖。</span>
<span class="com">// ExtraExtensions字段在解析CSR时不会增加参见Extensions。</span>
<span id="CertificateRequest.ExtraExtensions">ExtraExtensions</span> []<a href="crypto/x509/pkix.htm">pkix</a>.<a href="crypto/x509/pkix.htm#Extension">Extension</a>
<span class="com">// 证书持有者的替用名称。</span>
<span id="CertificateRequest.DNSNames">DNSNames</span> []<a href="builtin.htm#string">string</a>
<span id="CertificateRequest.EmailAddresses">EmailAddresses</span> []<a href="builtin.htm#string">string</a>
<span id="CertificateRequest.IPAddresses">IPAddresses</span> []<a href="net.htm">net</a>.<a href="net.htm#IP">IP</a>
}</pre>
<p>CertificateRequest代表一个PKCS #10证书签名请求。</p>
<h2 id="MarshalECPrivateKey">func <a href="https://github.com/golang/go/blob/master/src/crypto/x509/sec1.go?name=release#37" title="View Source">MarshalECPrivateKey</a> </h2>
<pre class="funcdecl">func MarshalECPrivateKey(key *<a href="crypto/ecdsa.htm">ecdsa</a>.<a href="crypto/ecdsa.htm#PrivateKey">PrivateKey</a>) ([]<a href="builtin.htm#byte">byte</a>, <a href="builtin.htm#error">error</a>)</pre>
<p>MarshalECPrivateKey将ecdsa私钥序列化为ASN.1 DER编码。</p>
<h2 id="MarshalPKCS1PrivateKey">func <a href="https://github.com/golang/go/blob/master/src/crypto/x509/pkcs1.go?name=release#87" title="View Source">MarshalPKCS1PrivateKey</a> </h2>
<pre class="funcdecl">func MarshalPKCS1PrivateKey(key *<a href="crypto/rsa.htm">rsa</a>.<a href="crypto/rsa.htm#PrivateKey">PrivateKey</a>) []<a href="builtin.htm#byte">byte</a></pre>
<p>MarshalPKCS1PrivateKey将rsa私钥序列化为ASN.1 PKCS#1 DER编码。</p>
<h2 id="MarshalPKIXPublicKey">func <a href="https://github.com/golang/go/blob/master/src/crypto/x509/x509.go?name=release#85" title="View Source">MarshalPKIXPublicKey</a> </h2>
<pre class="funcdecl">func MarshalPKIXPublicKey(pub interface{}) ([]<a href="builtin.htm#byte">byte</a>, <a href="builtin.htm#error">error</a>)</pre>
<p>MarshalPKIXPublicKey将公钥序列化为PKIX格式DER编码。</p>
<h2 id="ParseECPrivateKey">func <a href="https://github.com/golang/go/blob/master/src/crypto/x509/sec1.go?name=release#32" title="View Source">ParseECPrivateKey</a> </h2>
<pre class="funcdecl">func ParseECPrivateKey(der []<a href="builtin.htm#byte">byte</a>) (key *<a href="crypto/ecdsa.htm">ecdsa</a>.<a href="crypto/ecdsa.htm#PrivateKey">PrivateKey</a>, err <a href="builtin.htm#error">error</a>)</pre>
<p>ParseECPrivateKey解析ASN.1 DER编码的ecdsa私钥。</p>
<h2 id="ParsePKCS1PrivateKey">func <a href="https://github.com/golang/go/blob/master/src/crypto/x509/pkcs1.go?name=release#39" title="View Source">ParsePKCS1PrivateKey</a> </h2>
<pre class="funcdecl">func ParsePKCS1PrivateKey(der []<a href="builtin.htm#byte">byte</a>) (key *<a href="crypto/rsa.htm">rsa</a>.<a href="crypto/rsa.htm#PrivateKey">PrivateKey</a>, err <a href="builtin.htm#error">error</a>)</pre>
<p>ParsePKCS1PrivateKey解析ASN.1 PKCS#1 DER编码的rsa私钥。</p>
<h2 id="ParsePKCS8PrivateKey">func <a href="https://github.com/golang/go/blob/master/src/crypto/x509/pkcs8.go?name=release#26" title="View Source">ParsePKCS8PrivateKey</a> </h2>
<pre class="funcdecl">func ParsePKCS8PrivateKey(der []<a href="builtin.htm#byte">byte</a>) (key interface{}, err <a href="builtin.htm#error">error</a>)</pre>
<p>ParsePKCS8PrivateKey解析一个未加密的PKCS#8私钥参见<a href="http://www.rsa.com/rsalabs/node.asp?id=2130">http://www.rsa.com/rsalabs/node.asp?id=2130</a>和RFC5208。</p>
<h2 id="ParsePKIXPublicKey">func <a href="https://github.com/golang/go/blob/master/src/crypto/x509/x509.go?name=release#38" title="View Source">ParsePKIXPublicKey</a> </h2>
<pre class="funcdecl">func ParsePKIXPublicKey(derBytes []<a href="builtin.htm#byte">byte</a>) (pub interface{}, err <a href="builtin.htm#error">error</a>)</pre>
<p>ParsePKIXPublicKey解析一个DER编码的公钥。这些公钥一般在以"BEGIN PUBLIC KEY"出现的PEM块中。</p>
<h2 id="EncryptPEMBlock">func <a href="https://github.com/golang/go/blob/master/src/crypto/x509/pem_decrypt.go?name=release#176" title="View Source">EncryptPEMBlock</a> </h2>
<pre class="funcdecl">func EncryptPEMBlock(rand <a href="io.htm">io</a>.<a href="io.htm#Reader">Reader</a>, blockType <a href="builtin.htm#string">string</a>, data, password []<a href="builtin.htm#byte">byte</a>, alg <a href="#PEMCipher">PEMCipher</a>) (*<a href="encoding/pem.htm">pem</a>.<a href="encoding/pem.htm#Block">Block</a>, <a href="builtin.htm#error">error</a>)</pre>
<p>EncryptPEMBlock使用指定的密码、加密算法加密data返回一个具有指定块类型保管加密后数据的PEM块。</p>
<h2 id="IsEncryptedPEMBlock">func <a href="https://github.com/golang/go/blob/master/src/crypto/x509/pem_decrypt.go?name=release#99" title="View Source">IsEncryptedPEMBlock</a> </h2>
<pre class="funcdecl">func IsEncryptedPEMBlock(b *<a href="encoding/pem.htm">pem</a>.<a href="encoding/pem.htm#Block">Block</a>) <a href="builtin.htm#bool">bool</a></pre>
<p>IsEncryptedPEMBlock返回PEM块b是否是用密码加密了的。</p>
<h2 id="DecryptPEMBlock">func <a href="https://github.com/golang/go/blob/master/src/crypto/x509/pem_decrypt.go?name=release#112" title="View Source">DecryptPEMBlock</a> </h2>
<pre class="funcdecl">func DecryptPEMBlock(b *<a href="encoding/pem.htm">pem</a>.<a href="encoding/pem.htm#Block">Block</a>, password []<a href="builtin.htm#byte">byte</a>) ([]<a href="builtin.htm#byte">byte</a>, <a href="builtin.htm#error">error</a>)</pre>
<p>DecryptPEMBlock接受一个加密后的PEM块和加密该块的密码password返回解密后的DER编码字节切片。它会检查DEK信息头域以确定用于解密的算法。如果b中没有DEK信息头域会返回错误。如果函数发现密码不正确会返回IncorrectPasswordError。</p>
<h2 id="ParseCRL">func <a href="https://github.com/golang/go/blob/master/src/crypto/x509/x509.go?name=release#1532" title="View Source">ParseCRL</a> </h2>
<pre class="funcdecl">func ParseCRL(crlBytes []<a href="builtin.htm#byte">byte</a>) (certList *<a href="crypto/x509/pkix.htm">pkix</a>.<a href="crypto/x509/pkix.htm#CertificateList">CertificateList</a>, err <a href="builtin.htm#error">error</a>)</pre>
<p>ParseCRL从crlBytes中解析CRL证书注销列表。因为经常有PEM编码的CRL出现在应该是DER编码的地方因此本函数可以透明的处理PEM编码只要没有前导的垃圾数据。</p>
<h2 id="ParseDERCRL">func <a href="https://github.com/golang/go/blob/master/src/crypto/x509/x509.go?name=release#1543" title="View Source">ParseDERCRL</a> </h2>
<pre class="funcdecl">func ParseDERCRL(derBytes []<a href="builtin.htm#byte">byte</a>) (certList *<a href="crypto/x509/pkix.htm">pkix</a>.<a href="crypto/x509/pkix.htm#CertificateList">CertificateList</a>, err <a href="builtin.htm#error">error</a>)</pre>
<p>ParseDERCRL从derBytes中解析DER编码的CRL。</p>
<h2 id="ParseCertificate">func <a href="https://github.com/golang/go/blob/master/src/crypto/x509/x509.go?name=release#1085" title="View Source">ParseCertificate</a> </h2>
<pre class="funcdecl">func ParseCertificate(asn1Data []<a href="builtin.htm#byte">byte</a>) (*<a href="#Certificate">Certificate</a>, <a href="builtin.htm#error">error</a>)</pre>
<p>ParseCertificate从ASN.1 DER数据解析单个证书。</p>
<h2 id="ParseCertificateRequest">func <a href="https://github.com/golang/go/blob/master/src/crypto/x509/x509.go?name=release#1824" title="View Source">ParseCertificateRequest</a> </h2>
<pre class="funcdecl">func ParseCertificateRequest(asn1Data []<a href="builtin.htm#byte">byte</a>) (*<a href="#CertificateRequest">CertificateRequest</a>, <a href="builtin.htm#error">error</a>)</pre>
<p>ParseCertificateRequest解析一个ASN.1 DER数据获取单个证书请求。</p>
<h2 id="ParseCertificates">func <a href="https://github.com/golang/go/blob/master/src/crypto/x509/x509.go?name=release#1100" title="View Source">ParseCertificates</a> </h2>
<pre class="funcdecl">func ParseCertificates(asn1Data []<a href="builtin.htm#byte">byte</a>) ([]*<a href="#Certificate">Certificate</a>, <a href="builtin.htm#error">error</a>)</pre>
<p>ParseCertificates从ASN.1 DER编码的asn1Data中解析一到多个证书。这些证书必须是串联的且中间没有填充。</p>
<h2 id="CreateCertificate">func <a href="https://github.com/golang/go/blob/master/src/crypto/x509/x509.go?name=release#1437" title="View Source">CreateCertificate</a> </h2>
<pre class="funcdecl">func CreateCertificate(rand <a href="io.htm">io</a>.<a href="io.htm#Reader">Reader</a>, template, parent *<a href="#Certificate">Certificate</a>, pub interface{}, priv interface{}) (cert []<a href="builtin.htm#byte">byte</a>, err <a href="builtin.htm#error">error</a>)</pre>
<p align="left">CreateCertificate基于模板创建一个新的证书。会用到模板的如下字段</p>
<p align="left">SerialNumber、Subject、NotBefore、NotAfter、KeyUsage、ExtKeyUsage、UnknownExtKeyUsage、</p>
<p align="left">BasicConstraintsValid、IsCA、MaxPathLen、SubjectKeyId、DNSNames、PermittedDNSDomainsCritical、</p>
<p align="left">PermittedDNSDomains、SignatureAlgorithm。</p>
<p align="left">该证书会使用parent签名。如果parent和template相同则证书是自签名的。Pub参数是被签名者的公钥而priv是签名者的私钥。</p>
<p align="left">返回的切片是DER编码的证书。</p>
<p align="left">只支持RSA和ECDSA类型的密钥。pub可以是*rsa.PublicKey或*ecdsa.PublicKeypriv可以是*rsa.PrivateKey或*ecdsa.PrivateKey</p>
<h2 id="CreateCertificateRequest">func <a href="https://github.com/golang/go/blob/master/src/crypto/x509/x509.go?name=release#1667" title="View Source">CreateCertificateRequest</a> </h2>
<pre class="funcdecl">func CreateCertificateRequest(rand <a href="io.htm">io</a>.<a href="io.htm#Reader">Reader</a>, template *<a href="#CertificateRequest">CertificateRequest</a>, priv interface{}) (csr []<a href="builtin.htm#byte">byte</a>, err <a href="builtin.htm#error">error</a>)</pre>
<p align="left">CreateCertificateRequest基于模板创建一个新的证书请求。会用到模板的如下字段</p>
<p align="left">Subject、Attributes、Extension、SignatureAlgorithm、DNSNames、EmailAddresses、IPAddresses。</p>
<p align="left">priv是签名者的私钥。返回的切片是DER编码的证书请求。</p>
<p align="left">只支持RSA*rsa.PrivateKey和ECDSA*ecdsa.PrivateKey类型的密钥。</p>
</div>

92
src/docs/go/crypto/x509/pkix.html Normal file
View File

@@ -0,0 +1,92 @@
<div class="container">
<h1 id="pkg-overview">package pkix</h1>
<p><code>import "crypto/x509/pkix"</code>
</p><p>pkix包提供了共享的、低层次的结构体用于ASN.1解析和X.509证书、CRL、OCSP的序列化。</p>
<h2 id="Extension">type <a href="https://github.com/golang/go/blob/master/src/crypto/x509/pkix/pkix.go?name=release#42" title="View Source">Extension</a> </h2>
<pre>type Extension struct {
<span id="Extension.Id">Id</span> <a href="encoding/asn1.htm">asn1</a>.<a href="encoding/asn1.htm#ObjectIdentifier">ObjectIdentifier</a>
<span id="Extension.Critical">Critical</span> <a href="builtin.htm#bool">bool</a> `asn1:"optional"`
<span id="Extension.Value">Value</span> []<a href="builtin.htm#byte">byte</a>
}</pre>
<p>Extension代表一个同名的ASN.1结构体,参见<a href="http://tools.ietf.org/html/rfc5280">RFC 5280</a>, section 4.2。</p>
<h2 id="AlgorithmIdentifier">type <a href="https://github.com/golang/go/blob/master/src/crypto/x509/pkix/pkix.go?name=release#17" title="View Source">AlgorithmIdentifier</a> </h2>
<pre>type AlgorithmIdentifier struct {
<span id="AlgorithmIdentifier.Algorithm">Algorithm</span> <a href="encoding/asn1.htm">asn1</a>.<a href="encoding/asn1.htm#ObjectIdentifier">ObjectIdentifier</a>
<span id="AlgorithmIdentifier.Parameters">Parameters</span> <a href="encoding/asn1.htm">asn1</a>.<a href="encoding/asn1.htm#RawValue">RawValue</a> `asn1:"optional"`
}</pre>
<p>AlgorithmIdentifier代表一个同名的ASN.1结构体,参见<a href="http://tools.ietf.org/html/rfc5280">RFC 5280</a>, section 4.1.1.2。</p>
<h2 id="RevokedCertificate">type <a href="https://github.com/golang/go/blob/master/src/crypto/x509/pkix/pkix.go?name=release#174" title="View Source">RevokedCertificate</a> </h2>
<pre>type RevokedCertificate struct {
<span id="RevokedCertificate.SerialNumber">SerialNumber</span> *<a href="math/big.htm">big</a>.<a href="math/big.htm#Int">Int</a>
<span id="RevokedCertificate.RevocationTime">RevocationTime</span> <a href="time.htm">time</a>.<a href="time.htm#Time">Time</a>
<span id="RevokedCertificate.Extensions">Extensions</span> []<a href="#Extension">Extension</a> `asn1:"optional"`
}</pre>
<p>RevokedCertificate代表一个同名的ASN.1结构体,参见<a href="http://tools.ietf.org/html/rfc5280">RFC 5280</a>, section 5.1。</p>
<h2 id="TBSCertificateList">type <a href="https://github.com/golang/go/blob/master/src/crypto/x509/pkix/pkix.go?name=release#161" title="View Source">TBSCertificateList</a> </h2>
<pre>type TBSCertificateList struct {
<span id="TBSCertificateList.Raw">Raw</span> <a href="encoding/asn1.htm">asn1</a>.<a href="encoding/asn1.htm#RawContent">RawContent</a>
<span id="TBSCertificateList.Version">Version</span> <a href="builtin.htm#int">int</a> `asn1:"optional,default:2"`
<span id="TBSCertificateList.Signature">Signature</span> <a href="#AlgorithmIdentifier">AlgorithmIdentifier</a>
<span id="TBSCertificateList.Issuer">Issuer</span> <a href="#RDNSequence">RDNSequence</a>
<span id="TBSCertificateList.ThisUpdate">ThisUpdate</span> <a href="time.htm">time</a>.<a href="time.htm#Time">Time</a>
<span id="TBSCertificateList.NextUpdate">NextUpdate</span> <a href="time.htm">time</a>.<a href="time.htm#Time">Time</a>
<span id="TBSCertificateList.RevokedCertificates">RevokedCertificates</span> []<a href="#RevokedCertificate">RevokedCertificate</a> `asn1:"optional"`
<span id="TBSCertificateList.Extensions">Extensions</span> []<a href="#Extension">Extension</a> `asn1:"tag:0,optional,explicit"`
}</pre>
<p>TBSCertificateList代表一个同名的ASN.1结构体,参见<a href="http://tools.ietf.org/html/rfc5280">RFC 5280</a>, section 5.1。</p>
<h2 id="AttributeTypeAndValue">type <a href="https://github.com/golang/go/blob/master/src/crypto/x509/pkix/pkix.go?name=release#28" title="View Source">AttributeTypeAndValue</a> </h2>
<pre>type AttributeTypeAndValue struct {
<span id="AttributeTypeAndValue.Type">Type</span> <a href="encoding/asn1.htm">asn1</a>.<a href="encoding/asn1.htm#ObjectIdentifier">ObjectIdentifier</a>
<span id="AttributeTypeAndValue.Value">Value</span> interface{}
}</pre>
<p>AttributeTypeAndValue代表一个同名的ASN.1结构体,参见<a href="http://tools.ietf.org/html/rfc5280#section-4.1.2.4">http://tools.ietf.org/html/rfc5280#section-4.1.2.4</a></p>
<h2 id="AttributeTypeAndValueSET">type <a href="https://github.com/golang/go/blob/master/src/crypto/x509/pkix/pkix.go?name=release#35" title="View Source">AttributeTypeAndValueSET</a> </h2>
<pre>type AttributeTypeAndValueSET struct {
<span id="AttributeTypeAndValueSET.Type">Type</span> <a href="encoding/asn1.htm">asn1</a>.<a href="encoding/asn1.htm#ObjectIdentifier">ObjectIdentifier</a>
<span id="AttributeTypeAndValueSET.Value">Value</span> [][]<a href="#AttributeTypeAndValue">AttributeTypeAndValue</a> `asn1:"set"`
}</pre>
<p>AttributeTypeAndValueSET代表AttributeTypeAndValue序列表示的ASN.1序列的集合,参见<a href="http://tools.ietf.org/html/rfc2986">RFC 2986</a> (PKCS #10)。</p>
<h2 id="CertificateList">type <a href="https://github.com/golang/go/blob/master/src/crypto/x509/pkix/pkix.go?name=release#148" title="View Source">CertificateList</a> </h2>
<pre>type CertificateList struct {
<span id="CertificateList.TBSCertList">TBSCertList</span> <a href="#TBSCertificateList">TBSCertificateList</a>
<span id="CertificateList.SignatureAlgorithm">SignatureAlgorithm</span> <a href="#AlgorithmIdentifier">AlgorithmIdentifier</a>
<span id="CertificateList.SignatureValue">SignatureValue</span> <a href="encoding/asn1.htm">asn1</a>.<a href="encoding/asn1.htm#BitString">BitString</a>
}</pre>
<p>CertificateList代表一个同名的ASN.1结构体,参见<a href="http://tools.ietf.org/html/rfc5280">RFC 5280</a>, section 5.1。用于认证签名。</p>
<h3 id="CertificateList.HasExpired">func (*CertificateList) <a href="https://github.com/golang/go/blob/master/src/crypto/x509/pkix/pkix.go?name=release#155" title="View Source">HasExpired</a> </h3>
<pre class="funcdecl">func (certList *<a href="#CertificateList">CertificateList</a>) HasExpired(now <a href="time.htm">time</a>.<a href="time.htm#Time">Time</a>) <a href="builtin.htm#bool">bool</a></pre>
<p>HasExpired报告证书列表是否已过期。</p>
<h2 id="RelativeDistinguishedNameSET">type <a href="https://github.com/golang/go/blob/master/src/crypto/x509/pkix/pkix.go?name=release#24" title="View Source">RelativeDistinguishedNameSET</a> </h2>
<pre>type RelativeDistinguishedNameSET []<a href="#AttributeTypeAndValue">AttributeTypeAndValue</a></pre>
<h2 id="RDNSequence">type <a href="https://github.com/golang/go/blob/master/src/crypto/x509/pkix/pkix.go?name=release#22" title="View Source">RDNSequence</a> </h2>
<pre>type RDNSequence []<a href="#RelativeDistinguishedNameSET">RelativeDistinguishedNameSET</a></pre>
<h2 id="Name">type <a href="https://github.com/golang/go/blob/master/src/crypto/x509/pkix/pkix.go?name=release#50" title="View Source">Name</a> </h2>
<pre>type Name struct {
<span id="Name.Country">Country</span>, <span id="Name.Organization">Organization</span>, <span id="Name.OrganizationalUnit">OrganizationalUnit</span> []<a href="builtin.htm#string">string</a>
<span id="Name.Locality">Locality</span>, <span id="Name.Province">Province</span> []<a href="builtin.htm#string">string</a>
<span id="Name.StreetAddress">StreetAddress</span>, <span id="Name.PostalCode">PostalCode</span> []<a href="builtin.htm#string">string</a>
<span id="Name.SerialNumber">SerialNumber</span>, <span id="Name.CommonName">CommonName</span> <a href="builtin.htm#string">string</a>
<span id="Name.Names">Names</span> []<a href="#AttributeTypeAndValue">AttributeTypeAndValue</a>
}</pre>
<p>Name代表一个X.509识别名。只包含识别名的公共属性,额外的属性被忽略。</p>
<h3 id="Name.FillFromRDNSequence">func (*Name) <a href="https://github.com/golang/go/blob/master/src/crypto/x509/pkix/pkix.go?name=release#59" title="View Source">FillFromRDNSequence</a> </h3>
<pre class="funcdecl">func (n *<a href="#Name">Name</a>) FillFromRDNSequence(rdns *<a href="#RDNSequence">RDNSequence</a>)</pre>
<h3 id="Name.ToRDNSequence">func (Name) <a href="https://github.com/golang/go/blob/master/src/crypto/x509/pkix/pkix.go?name=release#127" title="View Source">ToRDNSequence</a> </h3>
<pre class="funcdecl">func (n <a href="#Name">Name</a>) ToRDNSequence() (ret <a href="#RDNSequence">RDNSequence</a>)</pre>
</div>