Documentation ¶
Overview ¶
Package protocol implemets parts of cryptographic message syntax RFC 5652. This package is mostly for handling of the asn1 sturctures of cms. For de/encryption and signing/verfiying use to package cms.
Index ¶
- Variables
- func ANSIx963KDF(sharedSecret, sharedInfo []byte, keyLen int, hash crypto.Hash) (key []byte, err error)
- func ECDHsharedSecret(curve elliptic.Curve, priv []byte, pubX, pubY *big.Int) []byte
- func IASstring(cert *x509.Certificate) (iasString string, err error)
- func RawValue(val interface{}, params ...string) (rv asn1.RawValue, err error)
- type ASN1Error
- type Attribute
- type Attributes
- type AuthEnvelopedData
- type CertificateChoices
- type ContentInfo
- type ECCCMSSharedInfo
- type EncapsulatedContentInfo
- type EncryptedContentInfo
- type EnvelopedData
- type IssuerAndSerialNumber
- type KeyAgreeRecipientIdentifier
- type KeyAgreeRecipientInfo
- type KeyTransRecipientInfo
- type OriginatorIdentifierOrKey
- type OriginatorPublicKey
- type OtherCertificateFormat
- type OtherKeyAttribute
- type OtherRevocationInfoFormat
- type RSAESOAEPparams
- type RecipientEncryptedKey
- type RecipientIdentifier
- type RecipientInfo
- type RecipientKeyIdentifier
- type RevocationInfoChoice
- type SignedData
- func (sd *SignedData) AddCertificate(cert []byte) error
- func (sd *SignedData) AddSignerInfo(keypPair tls.Certificate, attrs []Attribute) (err error)
- func (sd *SignedData) ClearCertificates()
- func (sd *SignedData) ContentInfo() (ContentInfo, error)
- func (sd *SignedData) Verify(Opts x509.VerifyOptions, detached []byte) (chains [][][]*x509.Certificate, err error)
- func (sd *SignedData) X509Certificates() (map[string]*x509.Certificate, error)
- type SignerIdentifier
- type SignerInfo
- func (si SignerInfo) FindCertificate(certs []*x509.Certificate) (*x509.Certificate, error)
- func (si SignerInfo) GetContentTypeAttribute() (asn1.ObjectIdentifier, error)
- func (si SignerInfo) GetMessageDigestAttribute() ([]byte, error)
- func (si SignerInfo) GetSigningTimeAttribute() (time.Time, error)
- func (si SignerInfo) Hash() (crypto.Hash, error)
- func (si SignerInfo) X509SignatureAlgorithm() (sigAlg x509.SignatureAlgorithm, err error)
Constants ¶
This section is empty.
Variables ¶
var ( // ErrWrongType is returned by methods that make assumptions about types. // Helper methods are defined for accessing CHOICE and ANY feilds. These // helper methods get the value of the field, assuming it is of a given type. // This error is returned if that assumption is wrong and the field has a // different type. ErrWrongType = errors.New("cms/protocol: wrong choice or any type") // ErrNoCertificate is returned when a requested certificate cannot be found. ErrNoCertificate = errors.New("no certificate found") // ErrNoKeyFound is returned when a requested certificate cannot be found. ErrNoKeyFound = errors.New("no key for decryption found") // ErrUnsupported is returned when an unsupported type or version // is encountered. ErrUnsupported = ASN1Error{"unsupported type or version"} // ErrTrailingData is returned when extra data is found after parsing an ASN.1 // structure. ErrTrailingData = ASN1Error{"unexpected trailing data"} )
var ErrUnsupportedAlgorithm = errors.New("cms: cannot decrypt data: unsupported algorithm")
ErrUnsupportedAlgorithm is returned if the algorithm is unsupported.
Functions ¶
func ANSIx963KDF ¶
func ANSIx963KDF(sharedSecret, sharedInfo []byte, keyLen int, hash crypto.Hash) (key []byte, err error)
ANSIx963KDF implents ANSI X9.63 key derivation function
func ECDHsharedSecret ¶
ECDHsharedSecret computes shared secret with ephemeral static ECDH
Types ¶
type ASN1Error ¶
type ASN1Error struct {
Message string
}
ASN1Error is an error from parsing ASN.1 structures.
type Attribute ¶
type Attribute struct { Type asn1.ObjectIdentifier // This should be a SET OF ANY, but Go's asn1 parser can't handle slices of // RawValues. Use value() to get an AnySet of the value. RawValue []asn1.RawValue `asn1:"set"` }
Attribute ::= SEQUENCE { attrType OBJECT IDENTIFIER, attrValues SET OF AttributeValue }
AttributeValue ::= ANY
func NewAttribute ¶
func NewAttribute(attrType asn1.ObjectIdentifier, val interface{}) (attr Attribute, err error)
NewAttribute creates a single-value Attribute.
type Attributes ¶
type Attributes []Attribute
Attributes is a common Go type for SignedAttributes and UnsignedAttributes.
SignedAttributes ::= SET SIZE (1..MAX) OF Attribute
UnsignedAttributes ::= SET SIZE (1..MAX) OF Attribute
func (Attributes) GetOnlyAttributeValueBytes ¶
func (attrs Attributes) GetOnlyAttributeValueBytes(oid asn1.ObjectIdentifier) (rv asn1.RawValue, err error)
GetOnlyAttributeValueBytes gets an attribute value, returning an error if the attribute occurs multiple times or has multiple values.
func (Attributes) GetValues ¶
func (attrs Attributes) GetValues(oid asn1.ObjectIdentifier) ([][]asn1.RawValue, error)
GetValues retreives the attributes with the given OID. A nil value is returned if the OPTIONAL SET of Attributes is missing from the SignerInfo. An empty slice is returned if the specified attribute isn't in the set.
type AuthEnvelopedData ¶
type AuthEnvelopedData struct { Version int OriginatorInfo asn1.RawValue `asn1:"optional,tag:0"` RecipientInfos []RecipientInfo `asn1:"set,choice"` AECI EncryptedContentInfo AauthAttrs []Attribute `asn1:"set,optional,tag:1"` MAC []byte UnAauthAttrs []Attribute `asn1:"set,optional,tag:2"` }
AuthEnvelopedData ::= SEQUENCE { version CMSVersion, originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL, recipientInfos RecipientInfos, authEncryptedContentInfo EncryptedContentInfo,
/ authAttrs [1] IMPLICIT AuthAttributes OPTIONAL,
mac MessageAuthenticationCode, unauthAttrs [2] IMPLICIT UnauthAttributes OPTIONAL }
https://tools.ietf.org/html/rfc5083##section-2.1
func NewAuthEnvelopedData ¶
func NewAuthEnvelopedData(eci *EncryptedContentInfo, reciInfos []RecipientInfo, mac []byte) AuthEnvelopedData
NewAuthEnvelopedData creates AuthEnvelopedData from an EncryptedContentInfo with mac and given RecipientInfos.
func (AuthEnvelopedData) ContentInfo ¶
func (ed AuthEnvelopedData) ContentInfo() (ContentInfo, error)
ContentInfo marshals AuthEnvelopedData and returns ContentInfo.
func (*AuthEnvelopedData) Decrypt ¶
func (ed *AuthEnvelopedData) Decrypt(keyPair []tls.Certificate) (plain []byte, err error)
Decrypt decrypts AuthEnvelopedData and returns the plaintext.
type CertificateChoices ¶
type CertificateChoices struct { Cert x509.Certificate `asn1:"optional"` V2AttrCert asn1.RawValue `asn1:"optional,tag:2"` Other OtherCertificateFormat `asn1:"optional,tag:3"` }
CertificateChoices ::= CHOICE { certificate Certificate, extendedCertificate [0] IMPLICIT ExtendedCertificate, -- Obsolete v1AttrCert [1] IMPLICIT AttributeCertificateV1, -- Obsolete v2AttrCert [2] IMPLICIT AttributeCertificateV2, other [3] IMPLICIT OtherCertificateFormat }
type ContentInfo ¶
type ContentInfo struct { ContentType asn1.ObjectIdentifier Content asn1.RawValue `asn1:"explicit,tag:0"` }
ContentInfo ::= SEQUENCE { contentType ContentType, content [0] EXPLICIT ANY DEFINED BY contentType }
ContentType ::= OBJECT IDENTIFIER
func ParseContentInfo ¶
func ParseContentInfo(der []byte) (ci ContentInfo, err error)
ParseContentInfo parses DER-encoded ASN.1 data and returns ContentInfo.
func (ContentInfo) AuthEnvelopedDataContent ¶
func (ci ContentInfo) AuthEnvelopedDataContent() (*AuthEnvelopedData, error)
AuthEnvelopedDataContent unmarshals ContentInfo and returns AuthEnvelopedData if content type is AuthEnvelopedData.
func (ContentInfo) Base64 ¶
func (ci ContentInfo) Base64() ([]byte, error)
Base64 encodes the DER-encoded ASN.1 data in base64 for use in S/MIME.
func (ContentInfo) DER ¶
func (ci ContentInfo) DER() ([]byte, error)
DER returns the DER-encoded ASN.1 data.
func (ContentInfo) EnvelopedDataContent ¶
func (ci ContentInfo) EnvelopedDataContent() (*EnvelopedData, error)
EnvelopedDataContent returns EnvelopedData if ContentType is EnvelopedData.
func (ContentInfo) SignedDataContent ¶
func (ci ContentInfo) SignedDataContent() (*SignedData, error)
SignedDataContent returns SignedData if ContentType is SignedData.
type ECCCMSSharedInfo ¶
type ECCCMSSharedInfo struct {}
ECCCMSSharedInfo ECC-CMS-SharedInfo ::= SEQUENCE { keyInfo AlgorithmIdentifier, entityUInfo [0] EXPLICIT OCTET STRING OPTIONAL, suppPubInfo [2] EXPLICIT OCTET STRING }
type EncapsulatedContentInfo ¶
type EncapsulatedContentInfo struct { EContentType asn1.ObjectIdentifier `` // ContentType ::= OBJECT IDENTIFIER EContent []byte `asn1:"optional,explicit,tag:0"` // }
EncapsulatedContentInfo ::= SEQUENCE { eContentType ContentType, eContent [0] EXPLICIT OCTET STRING OPTIONAL }
func NewDataEncapsulatedContentInfo ¶
func NewDataEncapsulatedContentInfo(data []byte) (EncapsulatedContentInfo, error)
NewDataEncapsulatedContentInfo creates a new EncapsulatedContentInfo of type id-data.
func NewEncapsulatedContentInfo ¶
func NewEncapsulatedContentInfo(contentType asn1.ObjectIdentifier, content []byte) (EncapsulatedContentInfo, error)
NewEncapsulatedContentInfo creates a new EncapsulatedContentInfo.
func (EncapsulatedContentInfo) IsTypeData ¶
func (eci EncapsulatedContentInfo) IsTypeData() bool
IsTypeData checks if the EContentType is id-data.
type EncryptedContentInfo ¶
type EncryptedContentInfo struct { EContentType asn1.ObjectIdentifier ContentEncryptionAlgorithm pkix.AlgorithmIdentifier EContent []byte `asn1:"optional,implicit,tag:0"` }
EncryptedContentInfo ::= SEQUENCE { contentType ContentType, contentEncryptionAlgorithm ContentEncryptionAlgorithmIdentifier, encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL }
func NewEncryptedContentInfo ¶
func NewEncryptedContentInfo(contentType asn1.ObjectIdentifier, contentEncryptionAlg asn1.ObjectIdentifier, content []byte) (eci EncryptedContentInfo, key, mac []byte, err error)
NewEncryptedContentInfo encrypts the conent with the contentEncryptionAlgorithm and retuns the EncryptedContentInfo, the key and the MAC.
type EnvelopedData ¶
type EnvelopedData struct { Version int OriginatorInfo asn1.RawValue `asn1:"optional,tag:0"` RecipientInfos []RecipientInfo `asn1:"set,choice"` ECI EncryptedContentInfo `` UnprotectedAttrs []Attribute `asn1:"set,optional,tag:1"` }
EnvelopedData ::= SEQUENCE { version CMSVersion, originatorInfo [0] IMPLICIT OriginatorInfo OPTIONAL, recipientInfos RecipientInfos, encryptedContentInfo EncryptedContentInfo, unprotectedAttrs [1] IMPLICIT UnprotectedAttributes OPTIONAL }
func NewEnvelopedData ¶
func NewEnvelopedData(eci *EncryptedContentInfo, reciInfos []RecipientInfo) EnvelopedData
NewEnvelopedData creates a new EnvelopedData from the given data.
func (EnvelopedData) ContentInfo ¶
func (ed EnvelopedData) ContentInfo() (ContentInfo, error)
ContentInfo returns new ContentInfo with ContentType EnvelopedData.
func (*EnvelopedData) Decrypt ¶
func (ed *EnvelopedData) Decrypt(keyPairs []tls.Certificate) (plain []byte, err error)
Decrypt decrypts the EnvelopedData with the given keyPair and retuns the plaintext.
type IssuerAndSerialNumber ¶
IssuerAndSerialNumber ::= SEQUENCE { issuer Name, serialNumber CertificateSerialNumber }
CertificateSerialNumber ::= INTEGER
func NewIssuerAndSerialNumber ¶
func NewIssuerAndSerialNumber(cert *x509.Certificate) (sid IssuerAndSerialNumber, err error)
NewIssuerAndSerialNumber creates a IssuerAndSerialNumber SID for the given cert.
func (*IssuerAndSerialNumber) Equal ¶
func (ias *IssuerAndSerialNumber) Equal(ias2 IssuerAndSerialNumber) bool
Equal returns true if ias and ias2 agree.
type KeyAgreeRecipientIdentifier ¶
type KeyAgreeRecipientIdentifier struct { IAS IssuerAndSerialNumber `asn1:"optional"` RKeyID RecipientKeyIdentifier `asn1:"optional,tag:0"` }
KeyAgreeRecipientIdentifier ::= CHOICE { issuerAndSerialNumber IssuerAndSerialNumber, rKeyId [0] IMPLICIT RecipientKeyIdentifier }
type KeyAgreeRecipientInfo ¶
type KeyAgreeRecipientInfo struct { Version int Originator OriginatorIdentifierOrKey `asn1:"explicit,choice,tag:0"` UKM []byte `asn1:"explicit,optional,tag:1"` KeyEncryptionAlgorithm pkix.AlgorithmIdentifier `` RecipientEncryptedKeys []RecipientEncryptedKey `asn1:"sequence"` //RecipientEncryptedKeys ::= SEQUENCE OF RecipientEncryptedKey }
KeyAgreeRecipientInfo ::= SEQUENCE { version CMSVersion, -- always set to 3 originator [0] EXPLICIT OriginatorIdentifierOrKey, ukm [1] EXPLICIT UserKeyingMaterial OPTIONAL, keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, recipientEncryptedKeys RecipientEncryptedKeys }
type KeyTransRecipientInfo ¶
type KeyTransRecipientInfo struct { Version int Rid RecipientIdentifier `asn1:"choice"` KeyEncryptionAlgorithm pkix.AlgorithmIdentifier EncryptedKey []byte }
KeyTransRecipientInfo ::= SEQUENCE { version CMSVersion, -- always set to 0 or 2 rid RecipientIdentifier, keyEncryptionAlgorithm KeyEncryptionAlgorithmIdentifier, encryptedKey EncryptedKey }
type OriginatorIdentifierOrKey ¶
type OriginatorIdentifierOrKey struct { IAS IssuerAndSerialNumber `asn1:"optional"` SKI []byte `asn1:"optional,tag:0"` OriginatorKey OriginatorPublicKey `asn1:"optional,tag:1"` }
OriginatorIdentifierOrKey ::= CHOICE { issuerAndSerialNumber IssuerAndSerialNumber, subjectKeyIdentifier [0] SubjectKeyIdentifier, originatorKey [1] OriginatorPublicKey }
type OriginatorPublicKey ¶
type OriginatorPublicKey struct { Algorithm pkix.AlgorithmIdentifier PublicKey asn1.BitString }
OriginatorPublicKey ::= SEQUENCE { algorithm AlgorithmIdentifier, publicKey BIT STRING
type OtherCertificateFormat ¶
type OtherCertificateFormat struct { OtherCertFormat asn1.ObjectIdentifier OtherCert asn1.RawValue }
OtherCertificateFormat ::= SEQUENCE { otherCertFormat OBJECT IDENTIFIER, otherCert ANY DEFINED BY otherCertFormat }
type OtherKeyAttribute ¶
type OtherKeyAttribute struct { KeyAttrID asn1.ObjectIdentifier KeyAttr asn1.RawValue `asn1:"optional"` }
OtherKeyAttribute ::= SEQUENCE { keyAttrId OBJECT IDENTIFIER, keyAttr ANY DEFINED BY keyAttrId OPTIONAL }
type OtherRevocationInfoFormat ¶
type OtherRevocationInfoFormat struct { OtherRevInfoFormat asn1.ObjectIdentifier OtherRevInfo asn1.RawValue }
OtherRevocationInfoFormat ::= SEQUENCE { otherRevInfoFormat OBJECT IDENTIFIER, otherRevInfo ANY DEFINED BY otherRevInfoFormat }
type RSAESOAEPparams ¶
type RSAESOAEPparams struct { HashFunc pkix.AlgorithmIdentifier `asn1:"optional,explicit,tag:0"` MaskGenFunc pkix.AlgorithmIdentifier `asn1:"optional,explicit,tag:1"` PSourceFunc pkix.AlgorithmIdentifier `asn1:"optional,explicit,tag:2"` }
RSAESOAEPparams ::= SEQUENCE { hashFunc [0] AlgorithmIdentifier DEFAULT sha1Identifier, maskGenFunc [1] AlgorithmIdentifier DEFAULT mgf1SHA1Identifier, pSourceFunc [2] AlgorithmIdentifier DEFAULT pSpecifiedEmptyIdentifier }
type RecipientEncryptedKey ¶
type RecipientEncryptedKey struct { RID KeyAgreeRecipientIdentifier `asn1:"choice"` EncryptedKey []byte }
RecipientEncryptedKey ::= SEQUENCE { rid KeyAgreeRecipientIdentifier, encryptedKey EncryptedKey }
type RecipientIdentifier ¶
type RecipientIdentifier struct { IAS IssuerAndSerialNumber `asn1:"optional"` SKI []byte `asn1:"optional,tag:0"` }
RecipientIdentifier ::= CHOICE { issuerAndSerialNumber IssuerAndSerialNumber, subjectKeyIdentifier [0] SubjectKeyIdentifier }
type RecipientInfo ¶
type RecipientInfo struct { KTRI KeyTransRecipientInfo `asn1:"optional"` KARI KeyAgreeRecipientInfo `asn1:"optional,tag:1"` //KeyAgreeRecipientInfo KEKRI asn1.RawValue `asn1:"optional,tag:2"` PWRI asn1.RawValue `asn1:"optional,tag:3"` ORI asn1.RawValue `asn1:"optional,tag:4"` }
RecipientInfo ::= CHOICE { ktri KeyTransRecipientInfo, kari [1] KeyAgreeRecipientInfo, kekri [2] KEKRecipientInfo, pwri [3] PasswordRecipientInfo, ori [4] OtherRecipientInfo }
func NewRecipientInfo ¶
func NewRecipientInfo(recipient *x509.Certificate, key []byte) (info RecipientInfo, err error)
NewRecipientInfo creates RecipientInfo for giben recipient and key.
type RecipientKeyIdentifier ¶
type RecipientKeyIdentifier struct { SubjectKeyIdentifier []byte //SubjectKeyIdentifier ::= OCTET STRING Date time.Time `asn1:"optional"` Other OtherKeyAttribute `asn1:"optional"` }
RecipientKeyIdentifier ::= SEQUENCE { subjectKeyIdentifier SubjectKeyIdentifier, date GeneralizedTime OPTIONAL, other OtherKeyAttribute OPTIONAL }
type RevocationInfoChoice ¶
type RevocationInfoChoice struct { Crl pkix.CertificateList `asn1:"optional"` Other OtherRevocationInfoFormat `asn1:"optional,tag:1"` }
RevocationInfoChoice ::= CHOICE { crl CertificateList, other [1] IMPLICIT OtherRevocationInfoFormat }
type SignedData ¶
type SignedData struct { Version int `` // CMSVersion ::= INTEGER { v0(0), v1(1), v2(2), v3(3), v4(4), v5(5) } DigestAlgorithms []pkix.AlgorithmIdentifier `asn1:"set"` //DigestAlgorithmIdentifiers ::= SET OF DigestAlgorithmIdentifier //DigestAlgorithmIdentifier ::= AlgorithmIdentifier EncapContentInfo EncapsulatedContentInfo `` // Certificates []asn1.RawValue `asn1:"optional,set,tag:0"` // CertificateSet ::= SET OF CertificateChoices CRLs []RevocationInfoChoice `asn1:"optional,set,tag:1"` // RevocationInfoChoices ::= SET OF RevocationInfoChoice SignerInfos []SignerInfo `asn1:"set"` // SignerInfos ::= SET OF SignerInfo }
SignedData ::= SEQUENCE { version CMSVersion, digestAlgorithms DigestAlgorithmIdentifiers, encapContentInfo EncapsulatedContentInfo, certificates [0] IMPLICIT CertificateSet OPTIONAL, crls [1] IMPLICIT RevocationInfoChoices OPTIONAL, signerInfos SignerInfos }
func NewSignedData ¶
func NewSignedData(eci EncapsulatedContentInfo) (*SignedData, error)
NewSignedData creates a new SignedData.
func (*SignedData) AddCertificate ¶
func (sd *SignedData) AddCertificate(cert []byte) error
AddCertificate adds a *x509.Certificate.
func (*SignedData) AddSignerInfo ¶
func (sd *SignedData) AddSignerInfo(keypPair tls.Certificate, attrs []Attribute) (err error)
AddSignerInfo adds a SignerInfo to the SignedData.
func (*SignedData) ClearCertificates ¶
func (sd *SignedData) ClearCertificates()
ClearCertificates removes all certificates.
func (*SignedData) ContentInfo ¶
func (sd *SignedData) ContentInfo() (ContentInfo, error)
ContentInfo returns the SignedData wrapped in a ContentInfo packet.
func (*SignedData) Verify ¶
func (sd *SignedData) Verify(Opts x509.VerifyOptions, detached []byte) (chains [][][]*x509.Certificate, err error)
Verify checks the signature
func (*SignedData) X509Certificates ¶
func (sd *SignedData) X509Certificates() (map[string]*x509.Certificate, error)
X509Certificates gets the certificates, assuming that they're X.509 encoded.
type SignerIdentifier ¶
type SignerIdentifier struct { IAS IssuerAndSerialNumber `asn1:"optional"` SKI []byte `asn1:"optional,tag:0"` }
SignerIdentifier ::= CHOICE { issuerAndSerialNumber IssuerAndSerialNumber, subjectKeyIdentifier [0] SubjectKeyIdentifier }
type SignerInfo ¶
type SignerInfo struct { Version int `` // CMSVersion ::= INTEGER { v0(0), v1(1), v2(2), v3(3), v4(4), v5(5) } SID SignerIdentifier `asn1:"choice"` // DigestAlgorithm pkix.AlgorithmIdentifier `` // DigestAlgorithmIdentifier ::= AlgorithmIdentifier SignedAttrs []Attribute `asn1:"set,optional,tag:0"` // SignedAttributes ::= SET SIZE (1..MAX) OF Attribute SignatureAlgorithm pkix.AlgorithmIdentifier `` // SignatureAlgorithmIdentifier ::= AlgorithmIdentifier Signature []byte `` // SignatureValue ::= OCTET STRING UnsignedAttrs []Attribute `asn1:"set,optional,tag:1"` // UnsignedAttributes ::= SET SIZE (1..MAX) OF Attribute }
SignerInfo ::= SEQUENCE { version CMSVersion, sid SignerIdentifier, digestAlgorithm DigestAlgorithmIdentifier, signedAttrs [0] IMPLICIT SignedAttributes OPTIONAL, signatureAlgorithm SignatureAlgorithmIdentifier, signature SignatureValue, unsignedAttrs [1] IMPLICIT UnsignedAttributes OPTIONAL }
func (SignerInfo) FindCertificate ¶
func (si SignerInfo) FindCertificate(certs []*x509.Certificate) (*x509.Certificate, error)
FindCertificate finds this SignerInfo's certificate in a slice of certificates.
func (SignerInfo) GetContentTypeAttribute ¶
func (si SignerInfo) GetContentTypeAttribute() (asn1.ObjectIdentifier, error)
GetContentTypeAttribute gets the signed ContentType attribute from the SignerInfo.
func (SignerInfo) GetMessageDigestAttribute ¶
func (si SignerInfo) GetMessageDigestAttribute() ([]byte, error)
GetMessageDigestAttribute gets the signed MessageDigest attribute from the SignerInfo.
func (SignerInfo) GetSigningTimeAttribute ¶
func (si SignerInfo) GetSigningTimeAttribute() (time.Time, error)
GetSigningTimeAttribute gets the signed SigningTime attribute from the SignerInfo.
func (SignerInfo) Hash ¶
func (si SignerInfo) Hash() (crypto.Hash, error)
Hash gets the crypto.Hash associated with this SignerInfo's DigestAlgorithm. 0 is returned for unrecognized algorithms.
func (SignerInfo) X509SignatureAlgorithm ¶
func (si SignerInfo) X509SignatureAlgorithm() (sigAlg x509.SignatureAlgorithm, err error)
X509SignatureAlgorithm gets the x509.SignatureAlgorithm that should be used for verifying this SignerInfo's signature.