Version: v0.0.15 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Jun 8, 2021 License: AGPL-3.0 Imports: 6 Imported by: 2



Package cert provides a cryptographic certicate library.



View Source
const (
	// CertVersion is the certificate format version.
	CertVersion = 0


View Source
var (
	// ErrImpossibleDecode is an impossible decoding error.
	ErrImpossibleDecode = errors.New("impossible to decode")

	// ErrImpossibleEncode is an impossible encoding error.
	ErrImpossibleEncode = errors.New("impossible to encode")

	// ErrImpossibleOutOfMemory is an impossible out of memory error.
	ErrImpossibleOutOfMemory = errors.New("impossible out of memory failure")

	// ErrBadSignature indicates that the given signature does not sign the certificate.
	ErrBadSignature = errors.New("signature does not sign certificate")

	// ErrDuplicateSignature indicates that the given signature is already present in the certificate.
	ErrDuplicateSignature = errors.New("signature must not be duplicate")

	// ErrInvalidCertified indicates that the certified field is invalid
	ErrInvalidCertified = errors.New("invalid certified field of certificate")

	// ErrKeyTypeMismatch indicates that the given signer's key type is different than the signatures present already.
	ErrKeyTypeMismatch = errors.New("certificate key type mismatch")

	// ErrInvalidKeyType indicates that the given signer's key type is different than the signatures present already.
	ErrInvalidKeyType = errors.New("invalid certificate key type")

	// ErrVersionMismatch indicates that the given certificate is the wrong format version.
	ErrVersionMismatch = errors.New("certificate version mismatch")

	// ErrCertificateExpired indicates that the given certificate has expired.
	ErrCertificateExpired = errors.New("certificate expired")

	// ErrIdentitySignatureNotFound indicates that for the given signer identity there was no signature present in the certificate.
	ErrIdentitySignatureNotFound = errors.New("failure to find signature associated with the given identity")

	// ErrInvalidThreshold indicated the given threshold cannot be used.
	ErrInvalidThreshold = errors.New("threshold must be equal or less than the number of verifiers")

	// ErrThresholdNotMet indicates that there were not enough valid signatures to meet the threshold.
	ErrThresholdNotMet = errors.New("threshold failure")


func AddSignature

func AddSignature(verifier Verifier, signature Signature, rawCert []byte) ([]byte, error)

AddSignature adds the signature to the certificate if the verifier can verify the signature signs the certificate.

func GetCertified

func GetCertified(rawCert []byte) ([]byte, error)

GetCertified returns the certified data.

func Sign

func Sign(signer Signer, data []byte, expiration int64) ([]byte, error)

Sign uses the given Signer to create a certificate which certifies the given data.

func SignMulti

func SignMulti(signer Signer, rawCert []byte) ([]byte, error)

SignMulti uses the given signer to create a signature and appends it to the certificate and returns it.

func Verify

func Verify(verifier Verifier, rawCert []byte) ([]byte, error)

Verify is used to verify one of the signatures attached to the certificate. It returns the certified data if the signature is valid.

func VerifyAll

func VerifyAll(verifiers []Verifier, rawCert []byte) ([]byte, error)

VerifyAll returns the certified data if all of the given verifiers can verify the certificate. Otherwise nil is returned along with an error.

func VerifyThreshold

func VerifyThreshold(verifiers []Verifier, threshold int, rawCert []byte) ([]byte, []Verifier, []Verifier, error)

VerifyThreshold returns the certified data, the succeeded verifiers and the failed verifiers if at least a threshold number of verifiers can verify the certificate. Otherwise nil is returned along with an error.


type Signature

type Signature struct {
	// Identity is the identity of the signer.
	Identity []byte
	// Payload is the actual signature value.
	Payload []byte

Signature is a cryptographic signature which has an associated signer ID.

func GetSignature

func GetSignature(identity []byte, rawCert []byte) (*Signature, error)

GetSignature returns a signature that signs the certificate if it matches with the given identity.

func GetSignatures

func GetSignatures(rawCert []byte) ([]Signature, error)

GetSignatures returns all the signatures.

type Signer

type Signer interface {
	// Sign signs the message and returns the signature.
	Sign(msg []byte) []byte

	// Identity returns the Signer identity.
	Identity() []byte

	// KeyType returns the key type string.
	KeyType() string

Signer signs messages.

type Verifier

type Verifier interface {
	// Verify verifies a signature.
	Verify(sig, msg []byte) bool

	// Identity returns the Verifier identity.
	Identity() []byte

Verifier is used to verify signatures.

Source Files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
t or T : Toggle theme light dark auto
y or Y : Canonical URL