pkcs7

package

v0.0.0-...-0692a52 Latest Latest Go to latest Published: Apr 16, 2015 License: BSD-2-Clause Imports: 3 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/jsha/cfssl

Links

Open Source Insights

Documentation ¶

Overview ¶

Package pkcs7 implements the subset of the CMS PKCS #7 datatype that is typically used to package certificates and CRLs. Using openssl, every certificate converted to PKCS #7 format from another encoding such as PEM conforms to this implementation. reference: https://www.openssl.org/docs/apps/crl2pkcs7.html)

PKCS #7 Data type, reference: https://tools.ietf.org/html/rfc2315

The full pkcs#7 cryptographic message syntax allows for cryptographic enhancements, for example data can be encrypted and signed and then packaged through pkcs#7 to be sent over a network and then verified and decrypted. It is asn1, and the type of PKCS #7 ContentInfo, which comprises the PKCS #7 structure, is:

ContentInfo ::= SEQUENCE {
	contentType ContentType,
	content [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL
}

There are 6 possible ContentTypes, data, signedData, envelopedData, signedAndEnvelopedData, digestedData, and encryptedData. Here onlysignedData is implemented, as the degenerate case of signedData without a signature is the typical format for transferring certificates and CRLS. The ContentType signedData has the form:

signedData ::= SEQUENCE {
	version Version,
	digestAlgorithms DigestAlgorithmIdentifiers,
	contentInfo ContentInfo,
	certificates [0] IMPLICIT ExtendedCertificatesAndCertificates OPTIONAL
	crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
	signerInfos SignerInfos
}

As of yet signerInfos and digestAlgorithms are not parsed, as they are not relevant to this system's use of PKCS #7 data. Version is an integer type, note that PKCS #7 is recursive, this second layer of ContentInfo is similar ignored for our degenerate usage. The ExtendedCertificatesAndCertificates type consists of a sequence of choices between PKCS #6 extended certificates andx509 certificates. Any sequence consisting of any number of extended certificates is not yet supported in this implementation

Index ¶

type PKCS7
- func ParsePKCS7(raw []byte) (msg *PKCS7, err error)

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type PKCS7 ¶

type PKCS7 struct {
	Raw          asn1.RawContent
	Version      int
	Certificates []*x509.Certificate
	Crl          *pkix.CertificateList
}

PKCS7 represents the ASN1 PKCS7 degenerate signedData content type

func ParsePKCS7 ¶

func ParsePKCS7(raw []byte) (msg *PKCS7, err error)

ParsePKCS7 attempts to parse the DER encoded bytes of a PKCS7 structure

Source Files ¶

View all Source files

pkcs7.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL