Friendly name for Encode()

[deitch]

EncodeTrustStore() supports using the CN as the friendly name. Encode() does not. Is there a chance it can be added?

If you use openssl, you can do it for key+cert, not just truststore (cert-only); actually you can provide the friendly name separately, which might be an even easier solution:

openssl pkcs12 -export -in cert.pem -inkey key.pem -name "friendlyName" -out new.p12

So perhaps:

func EncodeTrustStore(rand Reader, certs []*x509Certificate, password, friendlyName string) (pfxData []byte, err error)
func Encode(rand Reader, privateKey interface{}, certs []*x509Certificate, password, friendlyName string) (pfxData []byte, err error)

[pstackle]

I'll put in a vote for adding support for a customizable friendly name (alias) as part of the Encode() function.

While in general, as long as there is only one entry, the alias (friendly name) of the key doesn't matter, there are at least some use cases where it does matter.

For example, the PostgreSQL JDBC driver (used for Java applications to communicate with a PostgreSQL database) requires that the entry in the PKCS#12 file has a name/alias of user or else it won't find the key/cert.

When you create the key the alias or the name must be user. The test codes uses the following to create a .p12 key openssl pkcs12 -export -in $< -inkey $*.key -out $@ -name user -CAfile $(SERVER_CRT_DIR)root.crt -caname local -passout pass:$(P12_PASSWORD)

Source: https://jdbc.postgresql.org/documentation/use/#connection-parameters