Categorygithub.com/digitorus/pkcs7
modulepackage
0.0.0-20230818184609-3a137a874352
Repository: https://github.com/digitorus/pkcs7.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
25
Dependents
18
Files
1.9k SLOC

# README

pkcs7

GoDoc Build Status

pkcs7 implements parsing and creating signed and enveloped messages.

package main

import (
	"bytes"
	"crypto/rsa"
	"crypto/x509"
	"encoding/pem"
	"fmt"
	"os"

    "go.mozilla.org/pkcs7"
)

func SignAndDetach(content []byte, cert *x509.Certificate, privkey *rsa.PrivateKey) (signed []byte, err error) {
	toBeSigned, err := NewSignedData(content)
	if err != nil {
		err = fmt.Errorf("Cannot initialize signed data: %s", err)
		return
	}
	if err = toBeSigned.AddSigner(cert, privkey, SignerInfoConfig{}); err != nil {
		err = fmt.Errorf("Cannot add signer: %s", err)
		return
	}

	// Detach signature, omit if you want an embedded signature
	toBeSigned.Detach()

	signed, err = toBeSigned.Finish()
	if err != nil {
		err = fmt.Errorf("Cannot finish signing data: %s", err)
		return
	}

	// Verify the signature
	pem.Encode(os.Stdout, &pem.Block{Type: "PKCS7", Bytes: signed})
	p7, err := pkcs7.Parse(signed)
	if err != nil {
		err = fmt.Errorf("Cannot parse our signed data: %s", err)
		return
	}

	// since the signature was detached, reattach the content here
	p7.Content = content

	if bytes.Compare(content, p7.Content) != 0 {
		err = fmt.Errorf("Our content was not in the parsed data:\n\tExpected: %s\n\tActual: %s", content, p7.Content)
		return
	}
	if err = p7.Verify(); err != nil {
		err = fmt.Errorf("Cannot verify our signed data: %s", err)
		return
	}

	return signed, nil
}

Credits

This is a fork of fullsailor/pkcs7

# Functions

DegenerateCertificate creates a signed data structure containing only the provided certificate or certificate chain.
Encrypt creates and returns an envelope data PKCS7 structure with encrypted recipient keys for each recipient public key.
EncryptUsingPSK creates and returns an encrypted data PKCS7 structure, encrypted using caller provided pre-shared secret.
GetDigestOIDForSignatureAlgorithm takes an x509.SignatureAlgorithm and returns the corresponding OID digest algorithm.
NewSignedData takes data and initializes a PKCS7 SignedData struct that is ready to be signed via AddSigner.
Parse decodes a DER encoded PKCS7 package.
No description provided by the author
No description provided by the author
No description provided by the author

# Constants

EncryptionAlgorithmAES128CBC is the AES 128 bits with CBC encryption algorithm Avoid this algorithm unless required for interoperability; use AES GCM instead.
EncryptionAlgorithmAES128GCM is the AES 128 bits with GCM encryption algorithm.
EncryptionAlgorithmAES256CBC is the AES 256 bits with CBC encryption algorithm Avoid this algorithm unless required for interoperability; use AES GCM instead.
EncryptionAlgorithmAES256GCM is the AES 256 bits with GCM encryption algorithm.
EncryptionAlgorithmDESCBC is the DES CBC encryption algorithm.

# Variables

ContentEncryptionAlgorithm determines the algorithm used to encrypt the plaintext message.
No description provided by the author
ErrNotEncryptedContent is returned when attempting to Decrypt data that is not encrypted data.
ErrPSKNotProvided is returned when attempting to encrypt using a PSK without actually providing the PSK.
ErrUnsupportedAlgorithm tells you when our quick dev assumptions have failed.
ErrUnsupportedContentType is returned when a PKCS7 content is not supported.
ErrUnsupportedEncryptionAlgorithm is returned when attempting to encrypt content with an unsupported algorithm.
No description provided by the author
No description provided by the author
No description provided by the author
Signed Data OIDs.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
Digest Algorithms.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
Encryption Algorithms.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
Signature Algorithms.
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author

# Structs

Attribute represents a key value pair attribute.
No description provided by the author
MessageDigestMismatchError is returned when the signer data digest does not match the computed digest for the contained content.
PKCS7 Represents a PKCS7 structure.
SignedData is an opaque data structure for creating signed data payloads.
SignerInfoConfig are optional values to include when adding a signer.