You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

History

Herman Slatman f871f8135c Add full copy of mozilla/pkcs7 module as internal dependency The full contents of the git repository @432b2356ecb... was copied. Only go.mod was removed from it.		4 years ago
..
.gitignore	Add full copy of mozilla/pkcs7 module as internal dependency	4 years ago
.travis.yml	Add full copy of mozilla/pkcs7 module as internal dependency	4 years ago
LICENSE	Add full copy of mozilla/pkcs7 module as internal dependency	4 years ago
Makefile	Add full copy of mozilla/pkcs7 module as internal dependency	4 years ago
README.md	Add full copy of mozilla/pkcs7 module as internal dependency	4 years ago
ber.go	Add full copy of mozilla/pkcs7 module as internal dependency	4 years ago
ber_test.go	Add full copy of mozilla/pkcs7 module as internal dependency	4 years ago
decrypt.go	Add full copy of mozilla/pkcs7 module as internal dependency	4 years ago
decrypt_test.go	Add full copy of mozilla/pkcs7 module as internal dependency	4 years ago
encrypt.go	Add full copy of mozilla/pkcs7 module as internal dependency	4 years ago
encrypt_test.go	Add full copy of mozilla/pkcs7 module as internal dependency	4 years ago
pkcs7.go	Add full copy of mozilla/pkcs7 module as internal dependency	4 years ago
pkcs7_test.go	Add full copy of mozilla/pkcs7 module as internal dependency	4 years ago
sign.go	Add full copy of mozilla/pkcs7 module as internal dependency	4 years ago
sign_test.go	Add full copy of mozilla/pkcs7 module as internal dependency	4 years ago
verify.go	Add full copy of mozilla/pkcs7 module as internal dependency	4 years ago
verify_test.go	Add full copy of mozilla/pkcs7 module as internal dependency	4 years ago

README.md

pkcs7

pkcs7 implements parsing and creating signed and enveloped messages.

package main

import (
	"bytes"
	"crypto/rsa"
	"crypto/x509"
	"encoding/pem"
	"fmt"
	"os"

    "go.mozilla.org/pkcs7"
)

func SignAndDetach(content []byte, cert *x509.Certificate, privkey *rsa.PrivateKey) (signed []byte, err error) {
	toBeSigned, err := NewSignedData(content)
	if err != nil {
		err = fmt.Errorf("Cannot initialize signed data: %s", err)
		return
	}
	if err = toBeSigned.AddSigner(cert, privkey, SignerInfoConfig{}); err != nil {
		err = fmt.Errorf("Cannot add signer: %s", err)
		return
	}

	// Detach signature, omit if you want an embedded signature
	toBeSigned.Detach()

	signed, err = toBeSigned.Finish()
	if err != nil {
		err = fmt.Errorf("Cannot finish signing data: %s", err)
		return
	}

	// Verify the signature
	pem.Encode(os.Stdout, &pem.Block{Type: "PKCS7", Bytes: signed})
	p7, err := pkcs7.Parse(signed)
	if err != nil {
		err = fmt.Errorf("Cannot parse our signed data: %s", err)
		return
	}

	// since the signature was detached, reattach the content here
	p7.Content = content

	if bytes.Compare(content, p7.Content) != 0 {
		err = fmt.Errorf("Our content was not in the parsed data:\n\tExpected: %s\n\tActual: %s", content, p7.Content)
		return
	}
	if err = p7.Verify(); err != nil {
		err = fmt.Errorf("Cannot verify our signed data: %s", err)
		return
	}

	return signed, nil
}

Credits

This is a fork of fullsailor/pkcs7