Improve some error messages

crypto.go

@@ -116,7 +116,7 @@ func pbeCipherFor(algorithm pkix.AlgorithmIdentifier, password []byte) (cipher.B
 		utf8Password := []byte(originalPassword)
 		return pbes2CipherFor(algorithm, utf8Password)
 	default:
-		return nil, nil, NotImplementedError("algorithm " + algorithm.Algorithm.String() + " is not supported")
+		return nil, nil, NotImplementedError("pbe algorithm " + algorithm.Algorithm.String() + " is not supported")
 	}
 
 	var params pbeParams
@@ -211,15 +211,15 @@ func pbes2CipherFor(algorithm pkix.AlgorithmIdentifier, password []byte) (cipher
 	}
 
 	if !params.Kdf.Algorithm.Equal(oidPBKDF2) {
-		return nil, nil, NotImplementedError("kdf algorithm " + params.Kdf.Algorithm.String() + " is not supported")
+		return nil, nil, NotImplementedError("pbes2 kdf algorithm " + params.Kdf.Algorithm.String() + " is not supported")
 	}
 
 	var kdfParams pbkdf2Params
 	if err := unmarshal(params.Kdf.Parameters.FullBytes, &kdfParams); err != nil {
 		return nil, nil, err
 	}
 	if kdfParams.Salt.Tag != asn1.TagOctetString {
-		return nil, nil, errors.New("pkcs12: only octet string salts are supported for pbkdf2")
+		return nil, nil, NotImplementedError("only octet string salts are supported for pbes2/pbkdf2")
 	}
 
 	var prf func() hash.Hash

mac.go

@@ -47,7 +47,7 @@ func doMac(macData *macData, message, password []byte) ([]byte, error) {
 		hFn = sha512.New
 		key = pbkdf(sha512Sum, 64, 128, macData.MacSalt, password, macData.Iterations, 3, 64)
 	default:
-		return nil, NotImplementedError("unknown digest algorithm: " + macData.Mac.Algorithm.Algorithm.String())
+		return nil, NotImplementedError("MAC digest algorithm not supported: " + macData.Mac.Algorithm.Algorithm.String())
 	}
 
 	mac := hmac.New(hFn, key)

pkcs12.go

@@ -349,10 +349,10 @@ func convertBag(bag *safeBag, password []byte) (*pem.Block, error) {
 				return nil, err
 			}
 		default:
-			return nil, errors.New("found unknown private key type in PKCS#8 wrapping")
+			return nil, errors.New("pkcs12: found unknown private key type in PKCS#8 wrapping")
 		}
 	default:
-		return nil, errors.New("don't know how to convert a safe bag of type " + bag.Id.String())
+		return nil, errors.New("pkcs12: don't know how to convert a safe bag of type " + bag.Id.String())
 	}
 	return block, nil
 }
@@ -626,7 +626,7 @@ func Encode(rand io.Reader, privateKey interface{}, certificate *x509.Certificat
 // fingerprint of the end-entity certificate.
 func (enc *Encoder) Encode(privateKey interface{}, certificate *x509.Certificate, caCerts []*x509.Certificate, password string) (pfxData []byte, err error) {
 	if enc.macAlgorithm == nil && enc.certAlgorithm == nil && enc.keyAlgorithm == nil && password != "" {
-		return nil, errors.New("password must be empty")
+		return nil, errors.New("pkcs12: password must be empty")
 	}
 
 	encodedPassword, err := bmpStringZeroTerminated(password)
@@ -788,7 +788,7 @@ func EncodeTrustStoreEntries(rand io.Reader, entries []TrustStoreEntry, password
 // encrypted and contains the certificates.
 func (enc *Encoder) EncodeTrustStoreEntries(entries []TrustStoreEntry, password string) (pfxData []byte, err error) {
 	if enc.macAlgorithm == nil && enc.certAlgorithm == nil && password != "" {
-		return nil, errors.New("password must be empty")
+		return nil, errors.New("pkcs12: password must be empty")
 	}
 
 	encodedPassword, err := bmpStringZeroTerminated(password)

safebags.go

@@ -91,7 +91,7 @@ func decodeCertBag(asn1Data []byte) (x509Certificates []byte, err error) {
 		return nil, errors.New("pkcs12: error decoding cert bag: " + err.Error())
 	}
 	if !bag.Id.Equal(oidCertTypeX509Certificate) {
-		return nil, NotImplementedError("only X509 certificates are supported")
+		return nil, NotImplementedError("only X509 certificates are supported in cert bags")
 	}
 	return bag.Data, nil
 }