|
4 | 4 | "crypto" |
5 | 5 | "crypto/ecdsa" |
6 | 6 | "crypto/ed25519" |
| 7 | + "crypto/elliptic" |
7 | 8 | "crypto/rand" |
8 | 9 | "crypto/rsa" |
9 | 10 | "crypto/x509" |
@@ -91,10 +92,10 @@ func EncodeKey(key crypto.Signer) ([]byte, error) { |
91 | 92 |
|
92 | 93 | // GenerateSelfSigned 生成自签名证书 |
93 | 94 | func GenerateSelfSigned(names []string) (cert []byte, key []byte, err error) { |
94 | | - // 1) 生成 Ed25519 密钥对 |
95 | | - pub, priv, err := ed25519.GenerateKey(rand.Reader) |
| 95 | + // 1) 生成 ECDSA P-256 密钥对 |
| 96 | + priv, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) |
96 | 97 | if err != nil { |
97 | | - return nil, nil, err |
| 98 | + return nil, nil, fmt.Errorf("generate ecdsa key: %w", err) |
98 | 99 | } |
99 | 100 |
|
100 | 101 | // 2) 解析 SAN |
@@ -130,12 +131,12 @@ func GenerateSelfSigned(names []string) (cert []byte, key []byte, err error) { |
130 | 131 | DNSNames: dnsNames, |
131 | 132 | IPAddresses: ipAddrs, |
132 | 133 |
|
133 | | - KeyUsage: x509.KeyUsageDigitalSignature, |
| 134 | + KeyUsage: x509.KeyUsageDigitalSignature | x509.KeyUsageKeyEncipherment, |
134 | 135 | ExtKeyUsage: []x509.ExtKeyUsage{x509.ExtKeyUsageServerAuth}, |
135 | 136 | BasicConstraintsValid: true, |
136 | 137 | } |
137 | 138 |
|
138 | | - der, err := x509.CreateCertificate(rand.Reader, &tmpl, &tmpl, pub, priv) |
| 139 | + der, err := x509.CreateCertificate(rand.Reader, &tmpl, &tmpl, &priv.PublicKey, priv) |
139 | 140 | if err != nil { |
140 | 141 | return nil, nil, err |
141 | 142 | } |
|
0 commit comments