certificates alternatives and similar packages
Based on the "Security" category.
Alternatively, view certificates alternatives based on common mentions on social networks and blogs.
-
Lean and Mean Docker containers
DockerSlim (docker-slim): Optimize and secure your Docker containers -
Themis by Cossack Labs
Crypto library for storage and messaging for Swift, ObjC, Android, С++, JS, Python, Ruby, PHP, Go -
acra
Network encryption proxy to protect database-based applications from data leaks: strong selective encryption, SQL injections prevention, intrusion detection system. -
ToRat
ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication -
go-yara
Go Bindings for YARA, the "pattern matching swiss knife for malware researchers (and everyone else)" -
go-password-validator
Password validator based on raw cryptographic entropy values. -
goSecretBoxPassword
A probably paranoid package for securely hashing and encrypting passwords. -
goArgonPass
Argon2 password hash and verification designed to be compatible with existing Python and PHP implementations. -
secureio
An keyexchanging+authenticating+encrypting wrapper and multiplexer for io.ReadWriteCloser based on XChaCha20-poly1305, ECDH and ED25519. -
go-generate-password
Password generator that can be used on the cli or as a library. -
argon2-hashing
light wrapper around Go's argon2 package that closely mirrors with Go's standard library Bcrypt and simple-scrypt package. -
Go random string generator
Flexible and customizable random string generator -
Interpol
Rule-based data generator for fuzzing and penetration testing.
Get performance insights in less than 4 minutes
* Code Quality Rankings and insights are calculated and provided by Lumnify.
They vary from L1 to L5 with "L5" being the highest. Visit our partner's website for more details.
Do you think we are missing an alternative of certificates or a related project?
README
Certificates helper
This is an opinionated helper for generating tls certificates. It outputs only in PEM format but this enables you easily generate certificate chains for MA TLS.
cert package
The cert package can be used directly in your application without the need of the command line interface, underlying database layer or external dependencies. This way certificate generation can be easily embedded.
Documentation can be found here.
CLI Tool
Installation
Currently you can use it by building it locally, checking the releases or with docker:
docker run mvmaasakkers/certificates cert gen-ca --cn=*.test.domain --stdout
Usage
Generate a CA set
You can generate a CA set by using the generate-ca subcommand like the following example:
certificates cert gen-ca --cn=*.test.domain --stdout
This will output the key and certificate directly to stdout like this (parts are omitted for readability):
-----BEGIN RSA PRIVATE KEY-----
MIIJJwIBAAKCAgEA0txN/brNlBcGrU8mAxL8V19pS1dWEVVTF82LDahI7FMsPPkM
sg5iBCLwYJhnVRPucUmcGC1NyljCy/yW0Cbwl5aNWozAfEkiUpWsukn/ZcMuXvac
qsPRK0Xswbr305NDRnlphoeutyzXAhW2P4FQGCwSfx/Mlaezphc7AreLKg==
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIE3zCCAsegAwIBAgIFANHEYb4wDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAxME
P9g8SpNaf6jNS0ULG8+DJ7dwdHes7IWA0BtjDkur4Ya+ey/FwowgMeEnc/h10Adc
az7b
-----END CERTIFICATE-----
By default the certificates are written to files ca.key
and ca.crt
.
Generate a certificate
This needs a pregenerated CA certificate and key (see "Generate a CA set").
To generate a signed certificate pair you can use the following example:
certificates cert gen --cn=local.test.domain --stdout
This will output the key and certificate directly to stdout like this (parts are omitted for readability):
-----BEGIN RSA PRIVATE KEY-----
MIIJFAIBAAKCAf0Z7/5ZYgOo4gHfAPAPN0vKWEVJ5D97wvnYUq00DcaRPCZZopXl
XUcctgAb3kw27ohTm31KnVEnN8ibeUg2fz+LO/xYVvhD2BMkoe1gk/2JAogPUi1l
jWjI7fuKGwlyHimeYnUx1ADRlShBgHGr
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIE/TCCAuWgAwIBAgIFFPmGQ70wDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAxME
V964wCgh6TgfUtt9RabcM3MWtAR18N0vedYg46jhxDa1b+/brQWLuxXDsKIVHrRP
M6ZzVSUF1PH+Ok2Fm7EP26Yax3RkoPrgmlLqL/1fRJaJ
-----END CERTIFICATE-----
By default a file (file.db) database is created to keep track of unique certificate serialnumbers. This is advised only for dev and test environments. The CA database can be one of the following flavours of sql: mysql, postgresql or mssql.
To change key generation bitsize use the --bitsize
flag (default is 4096, options are 2048 and 4096).
To use a pre-existing csr to use during the generation give the path to the csr file using the --csr
flag.
Development setup
This module uses Go modules for dependency management. To run:
go run main.go
And this will output:
NAME:
Certificates - An opinionated TLS certificate generator.
USAGE:
main [global options] command [command options] [arguments...]
VERSION:
v...
DESCRIPTION:
An opinionated TLS certificate generator.
COMMANDS:
certificate, cert certificate commands
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--help, -h show help
--version, -v print the version
*Note that all licence references and agreements mentioned in the certificates README section above
are relevant to that project's source code only.