The highest tagged major version is v3.

pkcs7

package

v1.0.0 Latest Latest Go to latest Published: Mar 17, 2017 License: MIT, MIT Imports: 17 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/cruiz1391/scep

Links

Open Source Insights

README ¶

pkcs7

Original at https://github.com/fullsailor/pkcs7
This package is internal to the scep repo and is meant to be replaced with the upstream version at a later time.

pkcs7 implements parsing and creating signed and enveloped messages.

Documentation on GoDoc

Documentation ¶

Overview ¶

Package pkcs7 implements parsing and generation of some PKCS#7 structures.

Index ¶

Variables
func DegenerateCertificate(cert []byte) ([]byte, error)
func Encrypt(content []byte, recipients []*x509.Certificate) ([]byte, error)
type Attribute
type MessageDigestMismatchError
- func (err *MessageDigestMismatchError) Error() string
type PKCS7
- func Parse(data []byte) (p7 *PKCS7, err error)
type SignedData
- func NewSignedData(data []byte) (*SignedData, error)
type SignerInfoConfig

Constants ¶

This section is empty.

Variables ¶

View Source

var ErrNotEncryptedContent = errors.New("pkcs7: content data is a decryptable data type")

ErrNotEncryptedContent is returned when attempting to Decrypt data that is not encrypted data

View Source

var ErrUnsupportedAlgorithm = errors.New("pkcs7: cannot decrypt data: only RSA, DES, DES-EDE3 and AES-256-CBC supported")

ErrUnsupportedAlgorithm tells you when our quick dev assumptions have failed

View Source

var ErrUnsupportedContentType = errors.New("pkcs7: cannot parse data: unimplemented content type")

ErrUnsupportedContentType is returned when a PKCS7 content is not supported. Currently only Data (1.2.840.113549.1.7.1), Signed Data (1.2.840.113549.1.7.2), and Enveloped Data are supported (1.2.840.113549.1.7.3)

Functions ¶

func DegenerateCertificate ¶

func DegenerateCertificate(cert []byte) ([]byte, error)

DegenerateCertificate creates a signed data structure containing only the provided certificate or certificate chain.

func Encrypt ¶

func Encrypt(content []byte, recipients []*x509.Certificate) ([]byte, error)

Encrypt creates and returns an envelope data PKCS7 structure with encrypted recipient keys for each recipient public key TODO(fullsailor): Add support for encrypting content with other algorithms

Types ¶

type Attribute ¶

type Attribute struct {
	Type  asn1.ObjectIdentifier
	Value interface{}
}

Attribute represents a key value pair attribute. Value must be marshalable byte `encoding/asn1`

type MessageDigestMismatchError ¶

type MessageDigestMismatchError struct {
	ExpectedDigest []byte
	ActualDigest   []byte
}

MessageDigestMismatchError is returned when the signer data digest does not match the computed digest for the contained content

func (*MessageDigestMismatchError) Error ¶

func (err *MessageDigestMismatchError) Error() string

type PKCS7 ¶

type PKCS7 struct {
	Content      []byte
	Certificates []*x509.Certificate
	CRLs         []pkix.CertificateList
	Signers      []signerInfo
	// contains filtered or unexported fields
}

PKCS7 Represents a PKCS7 structure

func Parse ¶

func Parse(data []byte) (p7 *PKCS7, err error)

Parse decodes a DER encoded PKCS7 package

func (*PKCS7) Decrypt ¶

func (p7 *PKCS7) Decrypt(cert *x509.Certificate, pk crypto.PrivateKey) ([]byte, error)

Decrypt decrypts encrypted content info for recipient cert and private key

func (*PKCS7) GetOnlySigner ¶

func (p7 *PKCS7) GetOnlySigner() *x509.Certificate

GetOnlySigner returns an x509.Certificate for the first signer of the signed data payload. If there are more or less than one signer, nil is returned

func (*PKCS7) UnmarshalSignedAttribute ¶

func (p7 *PKCS7) UnmarshalSignedAttribute(attributeType asn1.ObjectIdentifier, out interface{}) error

UnmarshalSignedAttribute decodes a single attribute from the signer info

func (*PKCS7) Verify ¶

func (p7 *PKCS7) Verify() (err error)

Verify checks the signatures of a PKCS7 object WARNING: Verify does not check signing time or verify certificate chains at this time.

type SignedData ¶

type SignedData struct {
	// contains filtered or unexported fields
}

SignedData is an opaque data structure for creating signed data payloads

func NewSignedData ¶

func NewSignedData(data []byte) (*SignedData, error)

NewSignedData initializes a SignedData with content

func (*SignedData) AddCertificate ¶

func (sd *SignedData) AddCertificate(cert *x509.Certificate)

AddCertificate adds the certificate to the payload. Useful for parent certificates

func (*SignedData) AddSigner ¶

func (sd *SignedData) AddSigner(cert *x509.Certificate, pkey crypto.PrivateKey, config SignerInfoConfig) error

AddSigner signs attributes about the content and adds certificate to payload

func (*SignedData) Finish ¶

func (sd *SignedData) Finish() ([]byte, error)

Finish marshals the content and its signers

type SignerInfoConfig ¶

type SignerInfoConfig struct {
	ExtraSignedAttributes []Attribute
}

SignerInfoConfig are optional values to include when adding a signer

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL