certificates alternatives and similar packages
Based on the "Security" category.
Alternatively, view certificates alternatives based on common mentions on social networks and blogs.
-
Lean and Mean Docker containers
Slim(toolkit): Don't change anything in your container image and minify it by up to 30x (and for compiled languages even more) making it secure too! (free and open source) -
age
A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability. -
CertMagic
Automatic HTTPS for any Go program: fully-managed TLS certificate issuance and renewal -
Cameradar
Cameradar hacks its way into RTSP videosurveillance cameras -
memguard
Secure software enclave for storage of sensitive information in memory. -
acmetool
:lock: acmetool, an automatic certificate acquisition tool for ACME (Let's Encrypt) -
secure
HTTP middleware for Go that facilitates some quick security wins. -
Themis by Cossack Labs
Easy to use cryptographic framework for data protection: secure messaging with forward secrecy and secure data storage. Has unified APIs across 14 platforms. -
acra
Database security suite. Database proxy with field-level encryption, search through encrypted data, SQL injections prevention, intrusion detection, honeypots. Supports client-side and proxy-side ("transparent") encryption. SQL, NoSQL. -
Coraza
OWASP Coraza WAF is a golang modsecurity compatible web application firewall library -
ToRat
ToRat is a Remote Administation tool written in Go using Tor as a transport mechanism and RPC for communication -
dongle
A simple, semantic and developer-friendly golang package for encoding&decoding and encryption&decryption -
go-password-validator
Validate the Strength of a Password in Go -
firewalld-rest
A rest application to update firewalld rules on a linux server -
passlib
:key: Idiotproof golang password validation library inspired by Python's passlib -
BadActor
BadActor.org An in-memory application driven jailer written in Go -
simple-scrypt
A convenience library for generating, comparing and inspecting password hashes using the scrypt KDF in Go ๐ -
teler-waf
teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. -
argon2pw
Argon2 password hashing package for go with constant time hash comparison -
goSecretBoxPassword
A probably paranoid Golang utility library for securely hashing and encrypting passwords based on the Dropbox method. This implementation uses Blake2b, Scrypt and XSalsa20-Poly1305 (via NaCl SecretBox) to create secure password hashes that are also encrypted using a master passphrase. -
Credman
Simple and secure credential/password management with extra steps in Go! -
secureio
An easy-to-use XChaCha20-encryption wrapper for io.ReadWriteCloser (even lossy UDP) using ECDH key exchange algorithm, ED25519 signatures and Blake3+Poly1305 checksums/message-authentication for Go (golang). Also a multiplexer. -
sslmgr
A layer of abstraction the around acme/autocert certificate manager (Golang) -
goArgonPass
goArgonPass is a Argon2 Password utility package for Go using the crypto library package Argon2 designed to be compatible with Passlib for Python and Argon2 PHP. Argon2 was the winner of the most recent Password Hashing Competition. This is designed for use anywhere password hashing and verification might be needed and is intended to replace implementations using bcrypt or Scrypt. -
argon2-hashing
A light package for generating and comparing password hashing with argon2 in Go -
Go random string generator
Flexible and customizable random string generator -
Interpol
Rule-based data generator for fuzzing and penetration testing.
Access the most powerful time series database as a service
* Code Quality Rankings and insights are calculated and provided by Lumnify.
They vary from L1 to L5 with "L5" being the highest.
Do you think we are missing an alternative of certificates or a related project?
README
Certificates helper
This is an opinionated helper for generating tls certificates. It outputs only in PEM format but this enables you easily generate certificate chains for MA TLS.
cert package
The cert package can be used directly in your application without the need of the command line interface, underlying database layer or external dependencies. This way certificate generation can be easily embedded.
Documentation can be found here.
CLI Tool
Installation
Currently you can use it by building it locally, checking the releases or with docker:
docker run mvmaasakkers/certificates cert gen-ca --cn=*.test.domain --stdout
Usage
Generate a CA set
You can generate a CA set by using the generate-ca subcommand like the following example:
certificates cert gen-ca --cn=*.test.domain --stdout
This will output the key and certificate directly to stdout like this (parts are omitted for readability):
-----BEGIN RSA PRIVATE KEY-----
MIIJJwIBAAKCAgEA0txN/brNlBcGrU8mAxL8V19pS1dWEVVTF82LDahI7FMsPPkM
sg5iBCLwYJhnVRPucUmcGC1NyljCy/yW0Cbwl5aNWozAfEkiUpWsukn/ZcMuXvac
qsPRK0Xswbr305NDRnlphoeutyzXAhW2P4FQGCwSfx/Mlaezphc7AreLKg==
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIE3zCCAsegAwIBAgIFANHEYb4wDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAxME
P9g8SpNaf6jNS0ULG8+DJ7dwdHes7IWA0BtjDkur4Ya+ey/FwowgMeEnc/h10Adc
az7b
-----END CERTIFICATE-----
By default the certificates are written to files ca.key
and ca.crt
.
Generate a certificate
This needs a pregenerated CA certificate and key (see "Generate a CA set").
To generate a signed certificate pair you can use the following example:
certificates cert gen --cn=local.test.domain --stdout
This will output the key and certificate directly to stdout like this (parts are omitted for readability):
-----BEGIN RSA PRIVATE KEY-----
MIIJFAIBAAKCAf0Z7/5ZYgOo4gHfAPAPN0vKWEVJ5D97wvnYUq00DcaRPCZZopXl
XUcctgAb3kw27ohTm31KnVEnN8ibeUg2fz+LO/xYVvhD2BMkoe1gk/2JAogPUi1l
jWjI7fuKGwlyHimeYnUx1ADRlShBgHGr
-----END RSA PRIVATE KEY-----
-----BEGIN CERTIFICATE-----
MIIE/TCCAuWgAwIBAgIFFPmGQ70wDQYJKoZIhvcNAQELBQAwDzENMAsGA1UEAxME
V964wCgh6TgfUtt9RabcM3MWtAR18N0vedYg46jhxDa1b+/brQWLuxXDsKIVHrRP
M6ZzVSUF1PH+Ok2Fm7EP26Yax3RkoPrgmlLqL/1fRJaJ
-----END CERTIFICATE-----
By default a file (file.db) database is created to keep track of unique certificate serialnumbers. This is advised only for dev and test environments. The CA database can be one of the following flavours of sql: mysql, postgresql or mssql.
To change key generation bitsize use the --bitsize
flag (default is 4096, options are 2048 and 4096).
To use a pre-existing csr to use during the generation give the path to the csr file using the --csr
flag.
Development setup
This module uses Go modules for dependency management. To run:
go run main.go
And this will output:
NAME:
Certificates - An opinionated TLS certificate generator.
USAGE:
main [global options] command [command options] [arguments...]
VERSION:
v...
DESCRIPTION:
An opinionated TLS certificate generator.
COMMANDS:
certificate, cert certificate commands
help, h Shows a list of commands or help for one command
GLOBAL OPTIONS:
--help, -h show help
--version, -v print the version
*Note that all licence references and agreements mentioned in the certificates README section above
are relevant to that project's source code only.