godss

module
v0.0.6 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 25, 2026 License: Apache-2.0

README

godss

First comprehensive solution in Go for creating XAdES-compliant XML signatures using PKCS#11 tokens or keystores. This library enables seamless signing of XML documents, supporting cryptographic devices for secure digital signatures.

GoDoc Go Report Card Go Reference

Build Status

Usage

package main

import (
	"fmt"
	"os"

	"github.com/alapierre/godss/keystore"
	"github.com/alapierre/godss/xades"
)

func main() {
	privateKeyPath := "test_data/private_key.pem"
	certPath := "test_data/certificate.pem"
	xml := []byte(`<invoice><Number>12345</Number></invoice>`)

	sig, err := keystore.NewX509KeyStoreSigner(privateKeyPath, certPath)

	if err != nil {
		panic(err)
	}

	defer sig.Close()

	x := xades.NewDefault(sig)

	signedXML, err := x.SignBytes(xml)
	if err != nil {
		panic(err)
	}

	fmt.Println(string(signedXML))
}

Check cmd/godss/main.go for an example

CLI

SIG_PIN='.....' ./godss keystore -k ../../test_data/auth-cert.key -c ../../test_data/auth-cert.crt ../../test_data/authv2_20260216072211.xml

./godss card -d /opt/proCertumSmartSign/libcryptoCertum3PKCS.so -s 0 ../../test_data/authv2_20260216072211.xml

Will ask for PIN, but you can also use SIG_PIN env variable.

Generating test sign certyficate

openssl req -x509 -newkey rsa:4096 -keyout private_key.pem -out certificate.pem -days 365 -nodes

or:

openssl genpkey -algorithm RSA -out private_key.pem -pkeyopt rsa_keygen_bits:3072
openssl req -new -key private_key.pem -out cert_request.csr
openssl x509 -req -in cert_request.csr -signkey private_key.pem -out certificate.pem -days 365

optionally you can pack it in .p12 file:

openssl pkcs12 -export -inkey private_key.pem -in certificate.pem -out certificate.p12 -name "My Certificate"

Acknowledgments

This project was inspired by and partially based on [goxades], which is licensed under the Apache License, Version 2.0. Some constants and types are copied from [goxmldsig], which is also licensed under the Apache License, Version 2.0.

Significant portions of codebase have been modified or rewritten to better fit the needs of this project.

Other implementations

Tools

Directories

Path Synopsis
cmd
godss command

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.