diff --git a/go.mod b/go.mod
index d8f3ce0..79b6f1c 100644
--- a/go.mod
+++ b/go.mod
@@ -6,7 +6,7 @@ require (
 	github.com/golang/protobuf v1.5.3
 	github.com/jhump/protoreflect v1.15.3
 	github.com/square/certigo v1.16.0
-	golang.org/x/crypto v0.14.0
+	golang.org/x/crypto v0.16.0
 	google.golang.org/grpc v1.57.1
 	google.golang.org/protobuf v1.31.0
 )
@@ -24,8 +24,8 @@ require (
 	golang.org/x/net v0.17.0 // indirect
 	golang.org/x/oauth2 v0.7.0 // indirect
 	golang.org/x/sync v0.3.0 // indirect
-	golang.org/x/sys v0.13.0 // indirect
-	golang.org/x/text v0.13.0 // indirect
+	golang.org/x/sys v0.15.0 // indirect
+	golang.org/x/text v0.14.0 // indirect
 	google.golang.org/appengine v1.6.7 // indirect
 	google.golang.org/genproto v0.0.0-20230526161137-0005af68ea54 // indirect
 	google.golang.org/genproto/googleapis/api v0.0.0-20230525234035-dd9d682886f9 // indirect
diff --git a/go.sum b/go.sum
index d097d2b..b1c9d26 100644
--- a/go.sum
+++ b/go.sum
@@ -68,8 +68,8 @@ github.com/stretchr/testify v1.7.5/go.mod h1:yNjHg4UonilssWZ8iaSj1OCr/vHnekPRkoO
 github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
 golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w=
 golang.org/x/crypto v0.0.0-20220214200702-86341886e292/go.mod h1:IxCIyHEi3zRg3s0A5j5BB6A9Jmi73HwBIUl50j+osU4=
-golang.org/x/crypto v0.14.0 h1:wBqGXzWJW6m1XrIKlAH0Hs1JJ7+9KBwnIO8v66Q9cHc=
-golang.org/x/crypto v0.14.0/go.mod h1:MVFd36DqK4CsrnJYDkBA3VC4m2GkXAM0PvzMCn4JQf4=
+golang.org/x/crypto v0.16.0 h1:mMMrFzRSCF0GvB7Ne27XVtVAaXLrPmgPC7/v0tkwHaY=
+golang.org/x/crypto v0.16.0/go.mod h1:gCAAfMLgwOJRpTjQ2zCCt2OcSfYMTeZVSRtQlPC7Nq4=
 golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA=
 golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE=
 golang.org/x/lint v0.0.0-20190227174305-5b3e6a55c961/go.mod h1:wehouNa3lNwaWXcvxsM5YxQ5yQlVC4a0KAMCusXpPoU=
@@ -99,14 +99,14 @@ golang.org/x/sys v0.0.0-20210423082822-04245dca01da/go.mod h1:h1NjWce9XRLGQEsW7w
 golang.org/x/sys v0.0.0-20210615035016-665e8c7367d1/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210630005230-0f9fa26af87c/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
 golang.org/x/sys v0.0.0-20210927094055-39ccf1dd6fa6/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
-golang.org/x/sys v0.13.0 h1:Af8nKPmuFypiUBjVoU9V20FiaFXOcuZI21p0ycVYYGE=
-golang.org/x/sys v0.13.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg=
+golang.org/x/sys v0.15.0 h1:h48lPFYpsTvQJZF4EKyI4aLHaev3CxivZmv7yZig9pc=
+golang.org/x/sys v0.15.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA=
 golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo=
 golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ=
 golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk=
 golang.org/x/text v0.3.6/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ=
-golang.org/x/text v0.13.0 h1:ablQoSUd0tRdKxZewP80B+BaqeKJuVhuRxj/dkrun3k=
-golang.org/x/text v0.13.0/go.mod h1:TvPlkZtksWOMsz7fbANvkp4WM8x/WCo/om8BMLbz+aE=
+golang.org/x/text v0.14.0 h1:ScX5w1eTa3QqT8oi6+ziP7dTV1S2+ALU0bI+0zXKWiQ=
+golang.org/x/text v0.14.0/go.mod h1:18ZOQIKpY8NJVqYksKHtTdi31H5itFRjB5/qKTNYzSU=
 golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190114222345-bf090417da8b/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ=
 golang.org/x/tools v0.0.0-20190226205152-f727befe758c/go.mod h1:9Yl7xja0Znq3iFh3HoIrodX9oNMXvdceNzlUR8zjMvY=
diff --git a/grpcurl.go b/grpcurl.go
index d0ee535..5ac07be 100644
--- a/grpcurl.go
+++ b/grpcurl.go
@@ -12,7 +12,6 @@ import (
 	"crypto/tls"
 	"crypto/x509"
 	"encoding/base64"
-	"encoding/pem"
 	"errors"
 	"fmt"
 	"io/ioutil"
@@ -27,7 +26,6 @@ import (
 	"github.com/jhump/protoreflect/desc"
 	"github.com/jhump/protoreflect/desc/protoprint"
 	"github.com/jhump/protoreflect/dynamic"
-	"golang.org/x/crypto/pkcs12"
 	"google.golang.org/grpc"
 	"google.golang.org/grpc/credentials"
 	"google.golang.org/grpc/credentials/insecure"
@@ -534,42 +532,6 @@ func ClientTLSConfig(insecureSkipVerify bool, cacertFile, clientCertFile, client
 	return lib.ClientTLSConfigV2(insecureSkipVerify, cacertFile, lib.CertKeyFormatPEM, clientCertFile, lib.CertKeyFormatPEM, clientKeyFile, lib.CertKeyFormatPEM, "")
 }
 
-func inputFiles(fileNames []string) ([]*os.File, error) {
-	var files []*os.File
-	for _, filename := range fileNames {
-		if filename == "" {
-			continue
-		}
-		rawFile, err := os.Open(filename)
-		if err != nil {
-			return nil, fmt.Errorf("unable to open file: %s\n", err)
-		}
-		files = append(files, rawFile)
-	}
-	return files, nil
-}
-
-func loadClientCertP12(pfxFile, pfxPassword string) (tls.Certificate, error) {
-	b, err := os.ReadFile(pfxFile)
-	if err != nil {
-		return tls.Certificate{}, fmt.Errorf("os.ReadFile err: %w", err)
-	}
-	pemBlocks, err := pkcs12.ToPEM(b, pfxPassword)
-	if err != nil {
-		return tls.Certificate{}, fmt.Errorf("pkcs12.ToPEM err: %w", err)
-	}
-
-	var pemBytes []byte
-	for _, block := range pemBlocks {
-		pemBytes = append(pemBytes, pem.EncodeToMemory(block)...)
-	}
-	certificate, err := tls.X509KeyPair(pemBytes, pemBytes)
-	if err != nil {
-		return tls.Certificate{}, err
-	}
-	return certificate, nil
-}
-
 // ServerTransportCredentials builds transport credentials for a gRPC server using the
 // given properties. If cacertFile is blank, the server will not request client certs
 // unless requireClientCerts is true. When requireClientCerts is false and cacertFile is
diff --git a/internal/certigo/lib/certs.go b/internal/certigo/lib/certs.go
index 6732059..b6dcde4 100644
--- a/internal/certigo/lib/certs.go
+++ b/internal/certigo/lib/certs.go
@@ -149,7 +149,7 @@ func GuessFormatForFile(filename string, format CertificateKeyFormat) (Certifica
 
 	file, err := os.Open(filename)
 	if err != nil {
-		return CertKeyFormatNONE, fmt.Errorf("unable to open file: %s\n", err)
+		return CertKeyFormatNONE, fmt.Errorf("unable to open file: %v", err)
 	}
 	defer file.Close()
 	reader := bufio.NewReaderSize(file, 4)
@@ -157,7 +157,7 @@ func GuessFormatForFile(filename string, format CertificateKeyFormat) (Certifica
 	// Third, attempt to guess based on first 4 bytes of input
 	data, err := reader.Peek(4)
 	if err != nil {
-		return CertKeyFormatNONE, fmt.Errorf("unable to read file: %s\n", err)
+		return CertKeyFormatNONE, fmt.Errorf("unable to read file: %v", err)
 	}
 
 	// Heuristics for guessing -- best effort.
@@ -201,13 +201,13 @@ func readAsPEMEx(filename string, format CertificateKeyFormat, password string)
 
 	rawFile, err := os.Open(filename)
 	if err != nil {
-		return nil, fmt.Errorf("unable to open file: %s\n", err)
+		return nil, fmt.Errorf("unable to open file: %v", err)
 	}
 	defer rawFile.Close()
 
 	err = readCertsFromStream(rawFile, "", format, passwordFunc, pembufFunc)
 	if err != nil {
-		return nil, fmt.Errorf("could not read file: %s\n", err)
+		return nil, fmt.Errorf("could not read file: %v", err)
 	}
 	return pembuf.Bytes(), nil
 }
@@ -349,7 +349,7 @@ func readCertsFromStream(reader io.Reader, filename string, format CertificateKe
 	case CertKeyFormatDER:
 		data, err := ioutil.ReadAll(reader)
 		if err != nil {
-			return fmt.Errorf("unable to read input: %s\n", err)
+			return fmt.Errorf("unable to read input: %v", err)
 		}
 		x509Certs, err0 := x509.ParseCertificates(data)
 		if err0 == nil {
@@ -371,15 +371,15 @@ func readCertsFromStream(reader io.Reader, filename string, format CertificateKe
 			}
 			return nil
 		}
-		return fmt.Errorf("unable to parse certificates from DER data\n* X.509 parser gave: %s\n* PKCS7 parser gave: %s\n", err0, err1)
+		return fmt.Errorf("unable to parse certificates from DER data X.509 parser gave: [%v] PKCS7 parser gave: [%v]", err0, err1)
 	case CertKeyFormatPKCS12:
 		data, err := ioutil.ReadAll(reader)
 		if err != nil {
-			return fmt.Errorf("unable to read input: %s\n", err)
+			return fmt.Errorf("unable to read input: %v", err)
 		}
 		blocks, err := pkcs12.ToPEM(data, password(""))
 		if err != nil || len(blocks) == 0 {
-			return fmt.Errorf("keystore appears to be empty or password was incorrect\n")
+			return fmt.Errorf("keystore appears to be empty or password was incorrect")
 		}
 		for _, block := range blocks {
 			block.Headers = mergeHeaders(block.Headers, headers)
@@ -392,7 +392,7 @@ func readCertsFromStream(reader io.Reader, filename string, format CertificateKe
 	case CertKeyFormatJCEKS:
 		keyStore, err := jceks.LoadFromReader(reader, []byte(password("")))
 		if err != nil {
-			return fmt.Errorf("unable to parse keystore: %s\n", err)
+			return fmt.Errorf("unable to parse keystore: %v", err)
 		}
 		for _, alias := range keyStore.ListCerts() {
 			cert, _ := keyStore.GetCert(alias)
@@ -404,14 +404,14 @@ func readCertsFromStream(reader io.Reader, filename string, format CertificateKe
 		for _, alias := range keyStore.ListPrivateKeys() {
 			key, certs, err := keyStore.GetPrivateKeyAndCerts(alias, []byte(password(alias)))
 			if err != nil {
-				return fmt.Errorf("unable to parse keystore: %s\n", err)
+				return fmt.Errorf("unable to parse keystore: %v", err)
 			}
 
 			mergedHeaders := mergeHeaders(headers, map[string]string{nameHeader: alias})
 
 			block, err := keyToPem(key, mergedHeaders)
 			if err != nil {
-				return fmt.Errorf("problem reading key: %s\n", err)
+				return fmt.Errorf("problem reading key: %v", err)
 			}
 
 			if err := callback(block, format); err != nil {
@@ -426,7 +426,7 @@ func readCertsFromStream(reader io.Reader, filename string, format CertificateKe
 		}
 		return nil
 	}
-	return fmt.Errorf("unknown file type '%s'\n", format)
+	return fmt.Errorf("unknown file type '%s'", format)
 }
 
 func mergeHeaders(baseHeaders, extraHeaders map[string]string) (headers map[string]string) {
@@ -470,7 +470,7 @@ func keyToPem(key crypto.PrivateKey, headers map[string]string) (*pem.Block, err
 	case *ecdsa.PrivateKey:
 		raw, err := x509.MarshalECPrivateKey(k)
 		if err != nil {
-			return nil, fmt.Errorf("error marshaling key: %s\n", reflect.TypeOf(key))
+			return nil, fmt.Errorf("error marshaling key: %s", reflect.TypeOf(key))
 		}
 		return &pem.Block{
 			Type:    "EC PRIVATE KEY",
@@ -478,7 +478,7 @@ func keyToPem(key crypto.PrivateKey, headers map[string]string) (*pem.Block, err
 			Headers: headers,
 		}, nil
 	}
-	return nil, fmt.Errorf("unknown key type: %s\n", reflect.TypeOf(key))
+	return nil, fmt.Errorf("unknown key type: %s", reflect.TypeOf(key))
 }
 
 //// formatForFile returns the file format (either from flags or