Version: v1.0.0 Latest Latest

This package is not in the latest version of its module.

Go to latest
Published: Mar 17, 2017 License: MIT Imports: 12 Imported by: 0



Package scep provides common functionality for encoding and decoding Simple Certificate Enrolment Protocol pki messages as defined by



View Source
const (
	CertRep    MessageType = "3"
	RenewalReq             = "17"
	UpdateReq              = "18"
	PKCSReq                = "19"
	CertPoll               = "20"
	GetCert                = "21"
	GetCRL                 = "22"

Undefined message types are treated as an error.

View Source
const (
	SUCCESS PKIStatus = "0"
	FAILURE           = "2"
	PENDING           = "3"

Undefined pkiStatus attributes are treated as an error

View Source
const (
	BadAlg          FailInfo = "0"
	BadMessageCheck          = "1"
	BadRequest               = "2"
	BadTime                  = "3"
	BadCertID                = "4"


This section is empty.


func CACerts

func CACerts(data []byte) ([]*x509.Certificate, error)

CACerts extract CA Certificate or chain from pkcs7 degenerate signed data

func DegenerateCertificates

func DegenerateCertificates(certs []*x509.Certificate) ([]byte, error)

DegenerateCertificates creates degenerate certificates pkcs#7 type


type CSRReqMessage

type CSRReqMessage struct {
	// PKCS#10 Certificate request inside the envelope
	CSR *x509.CertificateRequest

	ChallengePassword string

CSRReqMessage can be of the type PKCSReq/RenewalReq/UpdateReq and includes a PKCS#10 CSR request. The content of this message is protected by the recipient public key(example CA)

type CertRepMessage

type CertRepMessage struct {

	Certificate *x509.Certificate
	// contains filtered or unexported fields

CertRepMessage is a type of PKIMessage

type FailInfo

type FailInfo string

FailInfo is a SCEP failInfo attribute

The FailInfo attribute MUST contain one of the following failure reasons:

type MessageType

type MessageType string

The MessageType attribute specifies the type of operation performed by the transaction. This attribute MUST be included in all PKI messages.

The following message types are defined:

type PKIMessage

type PKIMessage struct {

	// DER Encoded PKIMessage
	Raw []byte

	// Used to sign message
	Recipients []*x509.Certificate

	// Signer info
	SignerKey  *rsa.PrivateKey
	SignerCert *x509.Certificate
	// contains filtered or unexported fields

PKIMessage defines the possible SCEP message types

func NewCSRRequest

func NewCSRRequest(csr *x509.CertificateRequest, tmpl *PKIMessage) (*PKIMessage, error)

NewCSRRequest creates a scep PKI PKCSReq/UpdateReq message

func ParsePKIMessage

func ParsePKIMessage(data []byte) (*PKIMessage, error)

ParsePKIMessage unmarshals a PKCS#7 signed data into a PKI message struct

func (*PKIMessage) DecryptPKIEnvelope

func (msg *PKIMessage) DecryptPKIEnvelope(cert *x509.Certificate, key *rsa.PrivateKey) error

DecryptPKIEnvelope decrypts the pkcs envelopedData inside the SCEP PKIMessage

func (*PKIMessage) SignCSR

func (msg *PKIMessage) SignCSR(crtAuth *x509.Certificate, keyAuth *rsa.PrivateKey, template *x509.Certificate) (*PKIMessage, error)

SignCSR creates an x509.Certificate based on a template and Cert Authority credentials returns a new PKIMessage with CertRep data

type PKIStatus

type PKIStatus string

PKIStatus is a SCEP pkiStatus attribute which holds transaction status information. All SCEP responses MUST include a pkiStatus.

The following pkiStatuses are defined:

type RecipientNonce

type RecipientNonce []byte

The RecipientNonce MUST be copied from the SenderNonce and included in the reply.

type SenderNonce

type SenderNonce []byte

SenderNonce is a random 16 byte number. A sender must include the senderNonce in each transaction to a recipient.

type TransactionID

type TransactionID string

The TransactionID is a text string generated by the client when starting a transaction. The client MUST generate a unique string as the transaction identifier, which MUST be used for all PKI messages exchanged for a given enrolment, encoded as a PrintableString.

Source Files


Path Synopsis
Package pkcs7 implements parsing and generation of some PKCS#7 structures.
Package pkcs7 implements parsing and generation of some PKCS#7 structures.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL