Closed gcg closed 8 years ago
nathany
commented
8 years ago It's using tls.X509KeyPair under the hood to load PEM files, which afaik doesn't support pass phrases.
If you prefer to use a .p12 file, take a look at this certificate package which does support passwords. https://godoc.org/github.com/RobotsAndPencils/buford/certificate
gcg
commented
8 years ago I exported the key file again from p12 without adding a passphrase for now.
But I think it is kind of a should have feature because all the popular tutorials about creating pem files for apns directs you to create a key.pem with a pass phrase.
If you don't think that its necessary we can close this issue.
Thank you again for this lib. Cheers.
taylortrimble
commented
8 years ago Yes, currently key files must be unencrypted. For server applications, this makes sense; passwords only hold power if they are entered from memory by a user and are cleared from memory after use, which is hard to do in a server environment where reloading is probably going to be transparent. If the password is part of a config, then it's as easy to lift as the encrypted key. :stuck_out_tongue_winking_eye:
I'd guess wildly and irresponsibly that's why the Go team hasn't support encrypted key files themselves yet.
nathany
commented
8 years ago I'm closing this because afaik the issue is actually with Go's crypto package not supporting pem with a passphrase.
As mentioned previously, you can use .p12 files with a passphrase with Buford, which also provides support for Apple's new HTTP/2 API. https://github.com/timehop/apns/issues/66#issuecomment-171487326
Hey there,
Sorry if this is a stupid question but I did not see anywhere where I can enter the pass phrase for the key file.
Without it when I try to use NewClientWithFiles method, it just gives me the following error.
I tried my cert and key file with openssl client and they worked fine. I am also using the same files on the production with my api (php).