Skip to content

Instantly share code, notes, and snippets.

@maditya
Created November 17, 2023 01:11
Show Gist options
  • Save maditya/732ee46c8e16cd762bcbd03e39b7bd7a to your computer and use it in GitHub Desktop.
Save maditya/732ee46c8e16cd762bcbd03e39b7bd7a to your computer and use it in GitHub Desktop.
package main
import (
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"crypto/x509"
"crypto/x509/pkix"
"encoding/asn1"
"encoding/pem"
"fmt"
"log"
"os"
)
func main() {
// generate a new ecdsa private key
privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
if err != nil {
log.Fatal(err)
}
publicKey := privateKey.Public()
timestampExtension, err := asn1.Marshal([]asn1.ObjectIdentifier{{1, 3, 6, 1, 5, 5, 7, 3, 8}})
if err != nil {
log.Fatalf("unable to Marshal OID: %v", err)
}
csrTemplate := &x509.CertificateRequest{
Subject: pkix.Name{
Country: []string{"US"},
Organization: []string{"Acme Inc."},
OrganizationalUnit: []string{"Foo"},
CommonName: "example.com.tsa",
},
PublicKey: publicKey,
// set EKU to x509.ExtKeyUsageTimeStamping with a critical bit
ExtraExtensions: []pkix.Extension{
{
Id: asn1.ObjectIdentifier{2, 5, 29, 37},
Critical: true,
Value: timestampExtension,
},
},
}
csrBytes, err := x509.CreateCertificateRequest(rand.Reader, csrTemplate, privateKey)
if err != nil {
log.Fatal(err)
}
// Encode the CSR to PEM format
csrPem := pem.EncodeToMemory(&pem.Block{
Type: "CERTIFICATE REQUEST",
Bytes: csrBytes,
})
// Save the CSR to a file
file, err := os.Create("tsa-csr.pem")
if err != nil {
fmt.Println("Failed to create file:", err)
return
}
defer file.Close()
_, err = file.Write(csrPem)
if err != nil {
fmt.Println("Failed to write to file:", err)
return
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment