pkcs12 - ActiveState ActiveGo 1.8

Package pkcs12

import ""

Overview ▾

Package pkcs12 implements some of PKCS#12.

This implementation is distilled from and referenced documents. It is intended for decoding P12/PFX-stored certificates and keys for use with the crypto/tls package.


var (
    // ErrDecryption represents a failure to decrypt the input.
    ErrDecryption = errors.New("pkcs12: decryption error, incorrect padding")

    // ErrIncorrectPassword is returned when an incorrect password is detected.
    // Usually, P12/PFX data is signed to be able to verify the password.
    ErrIncorrectPassword = errors.New("pkcs12: decryption password incorrect")

func Decode

func Decode(pfxData []byte, password string) (privateKey interface{}, certificate *x509.Certificate, err error)

Decode extracts a certificate and private key from pfxData. This function assumes that there is only one certificate and only one private key in the pfxData.

func ToPEM

func ToPEM(pfxData []byte, password string) ([]*pem.Block, error)

ConvertToPEM converts all "safe bags" contained in pfxData to PEM blocks.



p12, _ := base64.StdEncoding.DecodeString(`MIIJzgIBAzCCCZQGCS ... CA+gwggPk==`)

blocks, err := ToPEM(p12, "password")
if err != nil {

var pemData []byte
for _, b := range blocks {
    pemData = append(pemData, pem.EncodeToMemory(b)...)

// then use PEM data for tls to construct tls certificate:
cert, err := tls.X509KeyPair(pemData, pemData)
if err != nil {

config := &tls.Config{
    Certificates: []tls.Certificate{cert},

_ = config

type NotImplementedError

NotImplementedError indicates that the input is not currently supported.

type NotImplementedError string

func (NotImplementedError) Error

func (e NotImplementedError) Error() string


Name Synopsis