Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

proposal: crypto/x509: writing certificates in PKCS12 format #14125

Closed
boumenot opened this issue Jan 27, 2016 · 4 comments
Closed

proposal: crypto/x509: writing certificates in PKCS12 format #14125

boumenot opened this issue Jan 27, 2016 · 4 comments

Comments

@boumenot
Copy link

@boumenot boumenot commented Jan 27, 2016

The code contributed to the go-pkcs12 repo for reading PKCS12 format had a pull request for writing PKCS12 format too, but it was decided to hold off on write support until after read support was merged. I propose that this change now be included.

@AGWA is the original author, but I am happy to bring his changes over too.

@AGWA
Copy link

@AGWA AGWA commented Jan 27, 2016

An updated version of my PKCS#12 writing code can be found here: https://github.com/AGWA-forks/golang-crypto

I believe it's in good shape, but I haven't had chance to deal with the CLA yet.

@mikioh mikioh added the Proposal label Feb 26, 2016
@gopherbot
Copy link

@gopherbot gopherbot commented Mar 1, 2016

CL https://golang.org/cl/20075 mentions this issue.

@bradfitz bradfitz modified the milestone: Unplanned Apr 7, 2016
@adg
Copy link
Contributor

@adg adg commented Aug 15, 2016

Given @agl's objections on the CL, I am declining and closing this proposal. Thanks.

@nathany
Copy link
Contributor

@nathany nathany commented Aug 16, 2016

Also, while parsing PKCS#12 files is a plausible use since they do exist, they should be strongly discouraged. Supporting their serialisation seems counter to this.

There are plenty of other cryptography packages in Go who's use is discouraged. #14395

It's a bit unfortunate that after Microsoft made an effort to add pkcs12 to x/crypto, they are left forking it to support writing, which will likely leave x/crypto outdated compared to a more complete implementation elsewhere.

In my particular case, Apple appears to be moving away from pkcs12 certificates, at least in the case of push notifications, so I don't have a strong argument to support them.

@golang golang locked and limited conversation to collaborators Aug 16, 2017
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
7 participants
You can’t perform that action at this time.