Documentation ¶
Index ¶
- Variables
- func AddKeySign(oid asn1.ObjectIdentifier, keySign func() KeySign)
- func AddSignHash(oid asn1.ObjectIdentifier, signHash func() SignHash)
- func AddkeyEncrypt(oid asn1.ObjectIdentifier, fn func() KeyEncrypt)
- func Decrypt(data []byte, cert *x509.Certificate, pkey crypto.PrivateKey) ([]byte, error)
- func DecryptUsingPSK(data []byte, key []byte) ([]byte, error)
- func DegenerateCertificate(cert []byte, mode ...Mode) ([]byte, error)
- func EncodePkcs7ToPem(data []byte, pemType string) []byte
- func Encrypt(rand io.Reader, content []byte, recipients []*x509.Certificate, opts ...Opts) ([]byte, error)
- func EncryptUsingPSK(rand io.Reader, content []byte, key []byte, cipher Cipher, mode ...Mode) ([]byte, error)
- func ParsePkcs7Pem(data []byte) ([]byte, error)
- type Attribute
- type Cipher
- type KeyEncrypt
- type KeyEncryptWithRSA
- func (this KeyEncryptWithRSA) Check(pkey any) bool
- func (this KeyEncryptWithRSA) Decrypt(ciphertext []byte, pkey crypto.PrivateKey) ([]byte, error)
- func (this KeyEncryptWithRSA) Encrypt(plaintext []byte, pkey crypto.PublicKey) ([]byte, error)
- func (this KeyEncryptWithRSA) OID() asn1.ObjectIdentifier
- type KeyEncryptWithSM2
- func (this KeyEncryptWithSM2) Check(pkey any) bool
- func (this KeyEncryptWithSM2) Decrypt(ciphertext []byte, pkey crypto.PrivateKey) ([]byte, error)
- func (this KeyEncryptWithSM2) Encrypt(plaintext []byte, pkey crypto.PublicKey) ([]byte, error)
- func (this KeyEncryptWithSM2) OID() asn1.ObjectIdentifier
- type KeySign
- type KeySignWithDSA
- func (this KeySignWithDSA) Check(pkey any) bool
- func (this KeySignWithDSA) HashOID() asn1.ObjectIdentifier
- func (this KeySignWithDSA) OID() asn1.ObjectIdentifier
- func (this KeySignWithDSA) Sign(pkey crypto.PrivateKey, data []byte) ([]byte, []byte, error)
- func (this KeySignWithDSA) Verify(pkey crypto.PublicKey, signed []byte, signature []byte) (bool, error)
- type KeySignWithECDSA
- func (this KeySignWithECDSA) Check(pkey any) bool
- func (this KeySignWithECDSA) HashOID() asn1.ObjectIdentifier
- func (this KeySignWithECDSA) OID() asn1.ObjectIdentifier
- func (this KeySignWithECDSA) Sign(pkey crypto.PrivateKey, data []byte) ([]byte, []byte, error)
- func (this KeySignWithECDSA) Verify(pkey crypto.PublicKey, signed []byte, signature []byte) (bool, error)
- type KeySignWithEdDSA
- func (this KeySignWithEdDSA) Check(pkey any) bool
- func (this KeySignWithEdDSA) HashOID() asn1.ObjectIdentifier
- func (this KeySignWithEdDSA) OID() asn1.ObjectIdentifier
- func (this KeySignWithEdDSA) Sign(pkey crypto.PrivateKey, data []byte) ([]byte, []byte, error)
- func (this KeySignWithEdDSA) Verify(pkey crypto.PublicKey, signed []byte, signature []byte) (bool, error)
- type KeySignWithRSA
- func (this KeySignWithRSA) Check(pkey any) bool
- func (this KeySignWithRSA) HashOID() asn1.ObjectIdentifier
- func (this KeySignWithRSA) OID() asn1.ObjectIdentifier
- func (this KeySignWithRSA) Sign(pkey crypto.PrivateKey, data []byte) ([]byte, []byte, error)
- func (this KeySignWithRSA) Verify(pkey crypto.PublicKey, data []byte, signature []byte) (bool, error)
- type KeySignWithSM2
- func (this KeySignWithSM2) Check(pkey any) bool
- func (this KeySignWithSM2) HashOID() asn1.ObjectIdentifier
- func (this KeySignWithSM2) OID() asn1.ObjectIdentifier
- func (this KeySignWithSM2) Sign(pkey crypto.PrivateKey, data []byte) ([]byte, []byte, error)
- func (this KeySignWithSM2) Verify(pkey crypto.PublicKey, signed []byte, signature []byte) (bool, error)
- type MessageDigestMismatchError
- type Mode
- func (this Mode) IsData(oid asn1.ObjectIdentifier) bool
- func (this Mode) IsEncryptedData(oid asn1.ObjectIdentifier) bool
- func (this Mode) IsEnvelopedData(oid asn1.ObjectIdentifier) bool
- func (this Mode) IsSignedData(oid asn1.ObjectIdentifier) bool
- func (this Mode) IsSignedEnvelopedData(oid asn1.ObjectIdentifier) bool
- func (this Mode) OidData() asn1.ObjectIdentifier
- func (this Mode) OidEncryptedData() asn1.ObjectIdentifier
- func (this Mode) OidEnvelopedData() asn1.ObjectIdentifier
- func (this Mode) OidSignedData() asn1.ObjectIdentifier
- func (this Mode) OidSignedEnvelopedData() asn1.ObjectIdentifier
- type Opts
- type PKCS7
- func (p7 *PKCS7) Decrypt(cert *x509.Certificate, pkey crypto.PrivateKey) (err error)
- func (p7 *PKCS7) DecryptOnlyOne(pkey crypto.PrivateKey) (err error)
- func (this *PKCS7) GetOnlySigner() *x509.Certificate
- func (this *PKCS7) UnmarshalSignedAttribute(attributeType asn1.ObjectIdentifier, out interface{}) error
- func (this *PKCS7) Verify() (err error)
- func (this *PKCS7) VerifyWithChain(truststore *x509.CertPool) (err error)
- func (this *PKCS7) VerifyWithChainAtTime(truststore *x509.CertPool, currentTime time.Time) (err error)
- type SignHash
- type SignHashWithFunc
- type SignedAndEnvelopedData
- func (saed *SignedAndEnvelopedData) AddCertificate(cert *x509.Certificate)
- func (saed *SignedAndEnvelopedData) AddRecipient(recipient *x509.Certificate) error
- func (saed *SignedAndEnvelopedData) AddSigner(ee *x509.Certificate, pkey crypto.PrivateKey) error
- func (saed *SignedAndEnvelopedData) AddSignerChain(ee *x509.Certificate, pkey crypto.PrivateKey, parents []*x509.Certificate) error
- func (saed *SignedAndEnvelopedData) Finish() ([]byte, error)
- func (saed *SignedAndEnvelopedData) SetDigestAlgorithm(oid asn1.ObjectIdentifier)
- func (saed *SignedAndEnvelopedData) SetMode(mode Mode)
- type SignedData
- func (this *SignedData) AddCertificate(cert *x509.Certificate)
- func (this *SignedData) AddSigner(ee *x509.Certificate, pkey crypto.PrivateKey, config SignerInfoConfig) error
- func (this *SignedData) AddSignerChain(ee *x509.Certificate, pkey crypto.PrivateKey, parents []*x509.Certificate, ...) error
- func (this *SignedData) Detach()
- func (this *SignedData) Finish() ([]byte, error)
- func (this *SignedData) GetSignedData() *signedData
- func (this *SignedData) RemoveAuthenticatedAttributes()
- func (this *SignedData) RemoveUnauthenticatedAttributes()
- func (this *SignedData) SetContentType(contentType asn1.ObjectIdentifier)
- func (this *SignedData) SetDigestAlgorithm(oid asn1.ObjectIdentifier)
- func (this *SignedData) SetEncryptionAlgorithm(oid asn1.ObjectIdentifier)
- func (this *SignedData) SetMode(mode Mode)
- func (this *SignedData) SignWithoutAttr(ee *x509.Certificate, pkey crypto.PrivateKey, config SignerInfoConfig) error
- type SignerInfoConfig
- type VerifyFunc
Examples ¶
Constants ¶
This section is empty.
Variables ¶
var ( AddCipher = pbes2.AddCipher GetCipher = pbes2.GetCipher // 帮助函数 GetCipherFromName = pbes2.GetCipherFromName CheckCipherFromName = pbes2.CheckCipherFromName )
var ( DESCBC = pbes2.DESCBC DESEDE3CBC = pbes2.DESEDE3CBC RC2CBC = pbes2.RC2CBC RC2_40CBC = pbes2.RC2_40CBC RC2_64CBC = pbes2.RC2_64CBC RC2_128CBC = pbes2.RC2_128CBC RC5CBC = pbes2.RC5CBC RC5_128CBC = pbes2.RC5_128CBC RC5_192CBC = pbes2.RC5_192CBC RC5_256CBC = pbes2.RC5_256CBC AES128ECB = pbes2.AES128ECB AES128CBC = pbes2.AES128CBC AES128OFB = pbes2.AES128OFB AES128CFB = pbes2.AES128CFB AES128GCM = pbes2.AES128GCM AES128CCM = pbes2.AES128CCM AES192ECB = pbes2.AES192ECB AES192CBC = pbes2.AES192CBC AES192OFB = pbes2.AES192OFB AES192CFB = pbes2.AES192CFB AES192GCM = pbes2.AES192GCM AES192CCM = pbes2.AES192CCM AES256ECB = pbes2.AES256ECB AES256CBC = pbes2.AES256CBC AES256OFB = pbes2.AES256OFB AES256CFB = pbes2.AES256CFB AES256GCM = pbes2.AES256GCM AES256CCM = pbes2.AES256CCM SM4ECB = pbes2.SM4ECB SM4CBC = pbes2.SM4CBC SM4OFB = pbes2.SM4OFB SM4CFB = pbes2.SM4CFB SM4CFB1 = pbes2.SM4CFB1 SM4CFB8 = pbes2.SM4CFB8 SM4GCM = pbes2.SM4GCM SM4CCM = pbes2.SM4CCM GostCipher = pbes2.GostCipher )
加密方式
var ( // Digest Algorithms OidDigestAlgorithmMD5 = asn1.ObjectIdentifier{1, 2, 840, 113549, 2, 5} OidDigestAlgorithmSHA1 = asn1.ObjectIdentifier{1, 3, 14, 3, 2, 26} OidDigestAlgorithmSHA224 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 4} OidDigestAlgorithmSHA256 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 1} OidDigestAlgorithmSHA384 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 2} OidDigestAlgorithmSHA512 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 2, 3} OidDigestAlgorithmSM3 = asn1.ObjectIdentifier{1, 2, 156, 10197, 1, 401} )
var ( // dsa 签名 OidEncryptionAlgorithmDSA = asn1.ObjectIdentifier{1, 2, 840, 10040, 4, 1} OidEncryptionAlgorithmDSASHA1 = asn1.ObjectIdentifier{1, 2, 840, 10040, 4, 3} OidEncryptionAlgorithmDSASHA224 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 3, 1} OidEncryptionAlgorithmDSASHA256 = asn1.ObjectIdentifier{2, 16, 840, 1, 101, 3, 4, 3, 2} // ecdsa 签名 OidEncryptionAlgorithmECDSASHA1 = asn1.ObjectIdentifier{1, 2, 840, 10045, 4, 1} OidEncryptionAlgorithmECDSASHA224 = asn1.ObjectIdentifier{1, 2, 840, 10045, 4, 3, 1} OidEncryptionAlgorithmECDSASHA256 = asn1.ObjectIdentifier{1, 2, 840, 10045, 4, 3, 2} OidEncryptionAlgorithmECDSASHA384 = asn1.ObjectIdentifier{1, 2, 840, 10045, 4, 3, 3} OidEncryptionAlgorithmECDSASHA512 = asn1.ObjectIdentifier{1, 2, 840, 10045, 4, 3, 4} OidEncryptionAlgorithmECDSAP256 = asn1.ObjectIdentifier{1, 2, 840, 10045, 3, 1, 7} OidEncryptionAlgorithmECDSAP384 = asn1.ObjectIdentifier{1, 3, 132, 0, 34} OidEncryptionAlgorithmECDSAP521 = asn1.ObjectIdentifier{1, 3, 132, 0, 35} // rsa 签名 OidEncryptionAlgorithmRSA = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 1} OidEncryptionAlgorithmRSAMD5 = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 4} OidEncryptionAlgorithmRSASHA1 = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 5} OidEncryptionAlgorithmRSASHA224 = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 14} OidEncryptionAlgorithmRSASHA256 = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 11} OidEncryptionAlgorithmRSASHA384 = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 12} OidEncryptionAlgorithmRSASHA512 = asn1.ObjectIdentifier{1, 2, 840, 113549, 1, 1, 13} OidEncryptionAlgorithmRSASM3 = asn1.ObjectIdentifier{1, 2, 156, 10197, 1, 504} // eddsa 签名 OidEncryptionAlgorithmEd25519 = asn1.ObjectIdentifier{1, 3, 101, 112} // sm2 签名 OidEncryptionAlgorithmSM2SM3 = asn1.ObjectIdentifier{1, 2, 156, 10197, 1, 501} OidDigestEncryptionAlgorithmSM2 = asn1.ObjectIdentifier{1, 2, 156, 10197, 1, 301, 1} // sm9 签名 OidDigestAlgorithmSM9SM3 = asn1.ObjectIdentifier{1, 2, 156, 10197, 1, 502} OidDigestEncryptionAlgorithmSM9 = asn1.ObjectIdentifier{1, 2, 156, 10197, 1, 302, 1} )
var DefaultOpts = Opts{ Cipher: AES256CBC, KeyEncrypt: KeyEncryptRSA, Mode: DefaultMode, }
默认配置
var ErrPSKNotProvided = errors.New("pkcs7: cannot encrypt content: PSK not provided")
var ErrUnsupportedAlgorithm = errors.New("pkcs7: cannot decrypt data")
var ErrUnsupportedContentType = errors.New("pkcs7: cannot parse data: unimplemented content type")
ErrUnsupportedContentType is returned when a PKCS7 content is not supported. Currently only Data (1.2.840.113549.1.7.1), Signed Data (1.2.840.113549.1.7.2), and Enveloped Data are supported (1.2.840.113549.1.7.3)
var ErrUnsupportedEncryptionAlgorithm = errors.New("pkcs7: cannot encrypt content: only DES-CBC, AES-CBC, and AES-GCM supported")
var KeyEncryptRSA = KeyEncryptWithRSA{ // contains filtered or unexported fields }
KeyEncryptRSA
var KeyEncryptRSAESOAEP = KeyEncryptWithRSA{ // contains filtered or unexported fields }
KeyEncryptRSAESOAEP
var KeyEncryptRSASHA1 = KeyEncryptWithRSA{ // contains filtered or unexported fields }
KeyEncryptRSASHA1
var KeyEncryptRSASHA256 = KeyEncryptWithRSA{ // contains filtered or unexported fields }
KeyEncryptRSASHA256
var KeyEncryptRSASHA384 = KeyEncryptWithRSA{ // contains filtered or unexported fields }
KeyEncryptRSASHA384
var KeyEncryptRSASHA512 = KeyEncryptWithRSA{ // contains filtered or unexported fields }
KeyEncryptRSASHA512
var KeyEncryptSM2 = KeyEncryptWithSM2{ // contains filtered or unexported fields }
KeyEncryptSM2
var KeySignWithDSASHA1 = KeySignWithDSA{ // contains filtered or unexported fields }
var KeySignWithDSASHA224 = KeySignWithDSA{ // contains filtered or unexported fields }
var KeySignWithDSASHA256 = KeySignWithDSA{ // contains filtered or unexported fields }
var KeySignWithECDSASHA1 = KeySignWithECDSA{ // contains filtered or unexported fields }
var KeySignWithECDSASHA224 = KeySignWithECDSA{ // contains filtered or unexported fields }
var KeySignWithECDSASHA256 = KeySignWithECDSA{ // contains filtered or unexported fields }
var KeySignWithECDSASHA384 = KeySignWithECDSA{ // contains filtered or unexported fields }
var KeySignWithECDSASHA512 = KeySignWithECDSA{ // contains filtered or unexported fields }
var KeySignWithEdDSASHA1 = KeySignWithEdDSA{ // contains filtered or unexported fields }
var KeySignWithRSAMD5 = KeySignWithRSA{ // contains filtered or unexported fields }
var KeySignWithRSASHA1 = KeySignWithRSA{ // contains filtered or unexported fields }
var KeySignWithRSASHA224 = KeySignWithRSA{ // contains filtered or unexported fields }
var KeySignWithRSASHA256 = KeySignWithRSA{ // contains filtered or unexported fields }
var KeySignWithRSASHA384 = KeySignWithRSA{ // contains filtered or unexported fields }
var KeySignWithRSASHA512 = KeySignWithRSA{ // contains filtered or unexported fields }
var KeySignWithSM2SM3 = KeySignWithSM2{ // contains filtered or unexported fields }
var KeySignWithSM2WithSM3 = KeySignWithSM2{ // contains filtered or unexported fields }
var SM2Opts = Opts{ Cipher: SM4CBC, KeyEncrypt: KeyEncryptSM2, Mode: SM2Mode, }
默认配置
var SignHashWithMD5 = SignHashWithFunc{ // contains filtered or unexported fields }
var SignHashWithSHA1 = SignHashWithFunc{ // contains filtered or unexported fields }
var SignHashWithSHA224 = SignHashWithFunc{ // contains filtered or unexported fields }
var SignHashWithSHA256 = SignHashWithFunc{ // contains filtered or unexported fields }
var SignHashWithSHA384 = SignHashWithFunc{ // contains filtered or unexported fields }
var SignHashWithSHA512 = SignHashWithFunc{ // contains filtered or unexported fields }
var SignHashWithSM3 = SignHashWithFunc{ // contains filtered or unexported fields }
Functions ¶
func AddKeySign ¶ added in v1.0.2061
func AddKeySign(oid asn1.ObjectIdentifier, keySign func() KeySign)
添加签名
func AddSignHash ¶ added in v1.0.2061
func AddSignHash(oid asn1.ObjectIdentifier, signHash func() SignHash)
添加 hash
func AddkeyEncrypt ¶ added in v1.0.2061
func AddkeyEncrypt(oid asn1.ObjectIdentifier, fn func() KeyEncrypt)
添加 key 加密方式
func Decrypt ¶
func Decrypt(data []byte, cert *x509.Certificate, pkey crypto.PrivateKey) ([]byte, error)
解析
func DecryptUsingPSK ¶
DecryptUsingPSK decrypts encrypted data using caller provided pre-shared secret
func DegenerateCertificate ¶
DegenerateCertificate creates a signed data structure containing only the provided certificate or certificate chain.
func EncodePkcs7ToPem ¶
编码到 pem pemType = [PKCS7 | ENCRYPTED PKCS7]
func Encrypt ¶
func Encrypt(rand io.Reader, content []byte, recipients []*x509.Certificate, opts ...Opts) ([]byte, error)
加密
Types ¶
type Attribute ¶ added in v1.0.2061
type Attribute struct { Type asn1.ObjectIdentifier Value interface{} }
Attribute represents a key value pair attribute. Value must be marshalable byte `encoding/asn1`
type KeyEncrypt ¶ added in v1.0.2061
type KeyEncrypt interface { // oid OID() asn1.ObjectIdentifier // 加密, 返回: [加密后数据, error] Encrypt(plaintext []byte, pkey crypto.PublicKey) ([]byte, error) // 解密 Decrypt(ciphertext []byte, pkey crypto.PrivateKey) ([]byte, error) // 检测证书 Check(pkey any) bool }
非对称加密
type KeyEncryptWithRSA ¶ added in v1.0.2061
type KeyEncryptWithRSA struct {
// contains filtered or unexported fields
}
key 用 rsa 加密
func (KeyEncryptWithRSA) Check ¶ added in v1.0.2061
func (this KeyEncryptWithRSA) Check(pkey any) bool
检测证书
func (KeyEncryptWithRSA) Decrypt ¶ added in v1.0.2061
func (this KeyEncryptWithRSA) Decrypt(ciphertext []byte, pkey crypto.PrivateKey) ([]byte, error)
解密
func (KeyEncryptWithRSA) OID ¶ added in v1.0.2061
func (this KeyEncryptWithRSA) OID() asn1.ObjectIdentifier
oid
type KeyEncryptWithSM2 ¶ added in v1.0.2061
type KeyEncryptWithSM2 struct {
// contains filtered or unexported fields
}
key 用 sm2 加密
func (KeyEncryptWithSM2) Check ¶ added in v1.0.2061
func (this KeyEncryptWithSM2) Check(pkey any) bool
检测证书
func (KeyEncryptWithSM2) Decrypt ¶ added in v1.0.2061
func (this KeyEncryptWithSM2) Decrypt(ciphertext []byte, pkey crypto.PrivateKey) ([]byte, error)
解密
func (KeyEncryptWithSM2) OID ¶ added in v1.0.2061
func (this KeyEncryptWithSM2) OID() asn1.ObjectIdentifier
oid
type KeySign ¶ added in v1.0.2061
type KeySign interface { // oid OID() asn1.ObjectIdentifier // HashOID HashOID() asn1.ObjectIdentifier // 签名 Sign(pkey crypto.PrivateKey, data []byte) (hashData []byte, signData []byte, err error) // 解密 Verify(pkey crypto.PublicKey, signed []byte, signature []byte) (bool, error) // 检测证书 Check(pkey any) bool }
签名接口
type KeySignWithDSA ¶ added in v1.0.2061
type KeySignWithDSA struct {
// contains filtered or unexported fields
}
rsa 签名
func (KeySignWithDSA) Check ¶ added in v1.0.2061
func (this KeySignWithDSA) Check(pkey any) bool
检测证书
func (KeySignWithDSA) HashOID ¶ added in v1.0.2061
func (this KeySignWithDSA) HashOID() asn1.ObjectIdentifier
oid
func (KeySignWithDSA) OID ¶ added in v1.0.2061
func (this KeySignWithDSA) OID() asn1.ObjectIdentifier
oid
func (KeySignWithDSA) Sign ¶ added in v1.0.2061
func (this KeySignWithDSA) Sign(pkey crypto.PrivateKey, data []byte) ([]byte, []byte, error)
签名
type KeySignWithECDSA ¶ added in v1.0.2061
type KeySignWithECDSA struct {
// contains filtered or unexported fields
}
ecdsa 签名
func (KeySignWithECDSA) Check ¶ added in v1.0.2061
func (this KeySignWithECDSA) Check(pkey any) bool
检测证书
func (KeySignWithECDSA) HashOID ¶ added in v1.0.2061
func (this KeySignWithECDSA) HashOID() asn1.ObjectIdentifier
oid
func (KeySignWithECDSA) OID ¶ added in v1.0.2061
func (this KeySignWithECDSA) OID() asn1.ObjectIdentifier
oid
func (KeySignWithECDSA) Sign ¶ added in v1.0.2061
func (this KeySignWithECDSA) Sign(pkey crypto.PrivateKey, data []byte) ([]byte, []byte, error)
签名
type KeySignWithEdDSA ¶ added in v1.0.2061
type KeySignWithEdDSA struct {
// contains filtered or unexported fields
}
EdDsa 签名
func (KeySignWithEdDSA) Check ¶ added in v1.0.2061
func (this KeySignWithEdDSA) Check(pkey any) bool
检测证书
func (KeySignWithEdDSA) HashOID ¶ added in v1.0.2061
func (this KeySignWithEdDSA) HashOID() asn1.ObjectIdentifier
oid
func (KeySignWithEdDSA) OID ¶ added in v1.0.2061
func (this KeySignWithEdDSA) OID() asn1.ObjectIdentifier
oid
func (KeySignWithEdDSA) Sign ¶ added in v1.0.2061
func (this KeySignWithEdDSA) Sign(pkey crypto.PrivateKey, data []byte) ([]byte, []byte, error)
签名
type KeySignWithRSA ¶ added in v1.0.2061
type KeySignWithRSA struct {
// contains filtered or unexported fields
}
rsa 签名
func (KeySignWithRSA) Check ¶ added in v1.0.2061
func (this KeySignWithRSA) Check(pkey any) bool
检测证书
func (KeySignWithRSA) HashOID ¶ added in v1.0.2061
func (this KeySignWithRSA) HashOID() asn1.ObjectIdentifier
oid
func (KeySignWithRSA) OID ¶ added in v1.0.2061
func (this KeySignWithRSA) OID() asn1.ObjectIdentifier
oid
func (KeySignWithRSA) Sign ¶ added in v1.0.2061
func (this KeySignWithRSA) Sign(pkey crypto.PrivateKey, data []byte) ([]byte, []byte, error)
签名
type KeySignWithSM2 ¶ added in v1.0.2061
type KeySignWithSM2 struct {
// contains filtered or unexported fields
}
sm2 签名
func (KeySignWithSM2) Check ¶ added in v1.0.2061
func (this KeySignWithSM2) Check(pkey any) bool
检测证书
func (KeySignWithSM2) HashOID ¶ added in v1.0.2061
func (this KeySignWithSM2) HashOID() asn1.ObjectIdentifier
oid
func (KeySignWithSM2) OID ¶ added in v1.0.2061
func (this KeySignWithSM2) OID() asn1.ObjectIdentifier
oid
func (KeySignWithSM2) Sign ¶ added in v1.0.2061
func (this KeySignWithSM2) Sign(pkey crypto.PrivateKey, data []byte) ([]byte, []byte, error)
签名
type MessageDigestMismatchError ¶ added in v1.0.2061
MessageDigestMismatchError is returned when the signer data digest does not match the computed digest for the contained content
func (*MessageDigestMismatchError) Error ¶ added in v1.0.2061
func (err *MessageDigestMismatchError) Error() string
type Mode ¶ added in v1.0.2061
type Mode uint
模式 Mode list
func (Mode) IsEncryptedData ¶ added in v1.0.2061
func (this Mode) IsEncryptedData(oid asn1.ObjectIdentifier) bool
func (Mode) IsEnvelopedData ¶ added in v1.0.2061
func (this Mode) IsEnvelopedData(oid asn1.ObjectIdentifier) bool
func (Mode) IsSignedData ¶ added in v1.0.2061
func (this Mode) IsSignedData(oid asn1.ObjectIdentifier) bool
func (Mode) IsSignedEnvelopedData ¶ added in v1.0.2061
func (this Mode) IsSignedEnvelopedData(oid asn1.ObjectIdentifier) bool
func (Mode) OidData ¶ added in v1.0.2061
func (this Mode) OidData() asn1.ObjectIdentifier
func (Mode) OidEncryptedData ¶ added in v1.0.2061
func (this Mode) OidEncryptedData() asn1.ObjectIdentifier
func (Mode) OidEnvelopedData ¶ added in v1.0.2061
func (this Mode) OidEnvelopedData() asn1.ObjectIdentifier
func (Mode) OidSignedData ¶ added in v1.0.2061
func (this Mode) OidSignedData() asn1.ObjectIdentifier
func (Mode) OidSignedEnvelopedData ¶ added in v1.0.2061
func (this Mode) OidSignedEnvelopedData() asn1.ObjectIdentifier
type Opts ¶ added in v1.0.2061
type Opts struct { Cipher Cipher KeyEncrypt KeyEncrypt Mode Mode }
配置
type PKCS7 ¶ added in v1.0.2061
type PKCS7 struct { Content []byte Certificates []*x509.Certificate CRLs []pkix.CertificateList Signers []signerInfo // contains filtered or unexported fields }
PKCS7 Represents a PKCS7 structure
func (*PKCS7) Decrypt ¶ added in v1.0.2061
func (p7 *PKCS7) Decrypt(cert *x509.Certificate, pkey crypto.PrivateKey) (err error)
Decrypt decrypts encrypted content info for recipient cert and private key.
func (*PKCS7) DecryptOnlyOne ¶ added in v1.0.2061
func (p7 *PKCS7) DecryptOnlyOne(pkey crypto.PrivateKey) (err error)
DecryptOnlyOne decrypts encrypted content info for the only recipient private key.
func (*PKCS7) GetOnlySigner ¶ added in v1.0.2061
func (this *PKCS7) GetOnlySigner() *x509.Certificate
GetOnlySigner returns an x509.Certificate for the first signer of the signed data payload. If there are more or less than one signer, nil is returned
func (*PKCS7) UnmarshalSignedAttribute ¶ added in v1.0.2061
func (this *PKCS7) UnmarshalSignedAttribute(attributeType asn1.ObjectIdentifier, out interface{}) error
UnmarshalSignedAttribute decodes a single attribute from the signer info
func (*PKCS7) Verify ¶ added in v1.0.2061
Verify is a wrapper around VerifyWithChain() that initializes an empty trust store, effectively disabling certificate verification when validating a signature.
func (*PKCS7) VerifyWithChain ¶ added in v1.0.2061
VerifyWithChain checks the signatures of a PKCS7 object.
If truststore is not nil, it also verifies the chain of trust of the end-entity signer cert to one of the roots in the truststore. When the PKCS7 object includes the signing time authenticated attr verifies the chain at that time and UTC now otherwise.
func (*PKCS7) VerifyWithChainAtTime ¶ added in v1.0.2061
func (this *PKCS7) VerifyWithChainAtTime(truststore *x509.CertPool, currentTime time.Time) (err error)
VerifyWithChainAtTime checks the signatures of a PKCS7 object.
If truststore is not nil, it also verifies the chain of trust of the end-entity signer cert to a root in the truststore at currentTime. It does not use the signing time authenticated attribute.
type SignHash ¶ added in v1.0.2061
type SignHash interface { // oid OID() asn1.ObjectIdentifier // 加密 Sum(data []byte) []byte }
hash 接口
type SignHashWithFunc ¶ added in v1.0.2061
type SignHashWithFunc struct {
// contains filtered or unexported fields
}
hash
func (SignHashWithFunc) OID ¶ added in v1.0.2061
func (this SignHashWithFunc) OID() asn1.ObjectIdentifier
oid
func (SignHashWithFunc) Sum ¶ added in v1.0.2061
func (this SignHashWithFunc) Sum(data []byte) []byte
hash checksum
type SignedAndEnvelopedData ¶ added in v1.0.2061
type SignedAndEnvelopedData struct {
// contains filtered or unexported fields
}
func NewSMSignedAndEnvelopedData ¶ added in v1.0.2061
func NewSMSignedAndEnvelopedData(data []byte, cipher Cipher) (*SignedAndEnvelopedData, error)
func NewSignedAndEnvelopedData ¶ added in v1.0.2061
func NewSignedAndEnvelopedData(data []byte, cipher Cipher) (*SignedAndEnvelopedData, error)
func (*SignedAndEnvelopedData) AddCertificate ¶ added in v1.0.2061
func (saed *SignedAndEnvelopedData) AddCertificate(cert *x509.Certificate)
AddCertificate adds the certificate to the payload. Useful for parent certificates
func (*SignedAndEnvelopedData) AddRecipient ¶ added in v1.0.2061
func (saed *SignedAndEnvelopedData) AddRecipient(recipient *x509.Certificate) error
func (*SignedAndEnvelopedData) AddSigner ¶ added in v1.0.2061
func (saed *SignedAndEnvelopedData) AddSigner(ee *x509.Certificate, pkey crypto.PrivateKey) error
AddSigner is a wrapper around AddSignerChain() that adds a signer without any parent.
func (*SignedAndEnvelopedData) AddSignerChain ¶ added in v1.0.2061
func (saed *SignedAndEnvelopedData) AddSignerChain(ee *x509.Certificate, pkey crypto.PrivateKey, parents []*x509.Certificate) error
func (*SignedAndEnvelopedData) Finish ¶ added in v1.0.2061
func (saed *SignedAndEnvelopedData) Finish() ([]byte, error)
Finish marshals the content and its signers
func (*SignedAndEnvelopedData) SetDigestAlgorithm ¶ added in v1.0.2061
func (saed *SignedAndEnvelopedData) SetDigestAlgorithm(oid asn1.ObjectIdentifier)
SetDigestAlgorithm sets the digest algorithm to be used in the signing process.
This should be called before adding signers
func (*SignedAndEnvelopedData) SetMode ¶ added in v1.0.2061
func (saed *SignedAndEnvelopedData) SetMode(mode Mode)
This should be called before adding signers
type SignedData ¶ added in v1.0.2061
type SignedData struct {
// contains filtered or unexported fields
}
SignedData is an opaque data structure for creating signed data payloads
Example ¶
// generate a signing cert or load a key pair cert, err := createTestCertificate(cryptobin_x509.SHA256WithRSA) if err != nil { fmt.Printf("Cannot create test certificates: %s", err) } // Initialize a SignedData struct with content to be signed signedData, err := NewSignedData([]byte("Example data to be signed")) if err != nil { fmt.Printf("Cannot initialize signed data: %s", err) } // Add the signing cert and private key if err := signedData.AddSigner(cert.Certificate, cert.PrivateKey, SignerInfoConfig{}); err != nil { fmt.Printf("Cannot add signer: %s", err) } // Call Detach() is you want to remove content from the signature // and generate an S/MIME detached signature signedData.Detach() // Finish() to obtain the signature bytes detachedSignature, err := signedData.Finish() if err != nil { fmt.Printf("Cannot finish signing data: %s", err) } if len(detachedSignature) == 0 { fmt.Println("Cannot finish signing data: Finish fail") } // pem.Encode(os.Stdout, &pem.Block{Type: "PKCS7", Bytes: detachedSignature})
Output:
func NewSMSignedData ¶ added in v1.0.2061
func NewSMSignedData(data []byte) (*SignedData, error)
NewSMSignedData takes data and initializes a PKCS7 SignedData struct that is ready to be signed via AddSigner. The digest algorithm is set to SM3 by default and can be changed by calling SetDigestAlgorithm.
func NewSignedData ¶
func NewSignedData(data []byte) (*SignedData, error)
NewSignedData takes data and initializes a PKCS7 SignedData struct that is ready to be signed via AddSigner. The digest algorithm is set to SHA1 by default and can be changed by calling SetDigestAlgorithm.
func (*SignedData) AddCertificate ¶ added in v1.0.2061
func (this *SignedData) AddCertificate(cert *x509.Certificate)
AddCertificate adds the certificate to the payload. Useful for parent certificates
func (*SignedData) AddSigner ¶ added in v1.0.2061
func (this *SignedData) AddSigner(ee *x509.Certificate, pkey crypto.PrivateKey, config SignerInfoConfig) error
AddSigner is a wrapper around AddSignerChain() that adds a signer without any parent.
func (*SignedData) AddSignerChain ¶ added in v1.0.2061
func (this *SignedData) AddSignerChain(ee *x509.Certificate, pkey crypto.PrivateKey, parents []*x509.Certificate, config SignerInfoConfig) error
AddSignerChain signs attributes about the content and adds certificates and signers infos to the Signed Data. The certificate and private key of the end-entity signer are used to issue the signature, and any parent of that end-entity that need to be added to the list of certifications can be specified in the parents slice.
The signature algorithm used to hash the data is the one of the end-entity certificate.
func (*SignedData) Detach ¶ added in v1.0.2061
func (this *SignedData) Detach()
Detach removes content from the signed data struct to make it a detached signature. This must be called right before Finish()
func (*SignedData) Finish ¶ added in v1.0.2061
func (this *SignedData) Finish() ([]byte, error)
Finish marshals the content and its signers
func (*SignedData) GetSignedData ¶ added in v1.0.2061
func (this *SignedData) GetSignedData() *signedData
GetSignedData returns the private Signed Data
func (*SignedData) RemoveAuthenticatedAttributes ¶ added in v1.0.2061
func (this *SignedData) RemoveAuthenticatedAttributes()
RemoveAuthenticatedAttributes removes authenticated attributes from signedData similar to OpenSSL's PKCS7_NOATTR or -noattr flags
func (*SignedData) RemoveUnauthenticatedAttributes ¶ added in v1.0.2061
func (this *SignedData) RemoveUnauthenticatedAttributes()
RemoveUnauthenticatedAttributes removes unauthenticated attributes from signedData
func (*SignedData) SetContentType ¶ added in v1.0.2061
func (this *SignedData) SetContentType(contentType asn1.ObjectIdentifier)
SetContentType sets the content type of the SignedData. For example to specify the content type of a time-stamp token according to RFC 3161 section 2.4.2.
func (*SignedData) SetDigestAlgorithm ¶ added in v1.0.2061
func (this *SignedData) SetDigestAlgorithm(oid asn1.ObjectIdentifier)
SetDigestAlgorithm sets the digest algorithm to be used in the signing process.
This should be called before adding signers
func (*SignedData) SetEncryptionAlgorithm ¶ added in v1.0.2061
func (this *SignedData) SetEncryptionAlgorithm(oid asn1.ObjectIdentifier)
SetEncryptionAlgorithm sets the encryption algorithm to be used in the signing process.
This should be called before adding signers
func (*SignedData) SetMode ¶ added in v1.0.2061
func (this *SignedData) SetMode(mode Mode)
This should be called before adding signers
func (*SignedData) SignWithoutAttr ¶ added in v1.0.2061
func (this *SignedData) SignWithoutAttr(ee *x509.Certificate, pkey crypto.PrivateKey, config SignerInfoConfig) error
SignWithoutAttr issues a signature on the content of the pkcs7 SignedData. Unlike AddSigner/AddSignerChain, it calculates the digest on the data alone and does not include any signed attributes like timestamp and so on.
This function is needed to sign old Android APKs, something you probably shouldn't do unless you're maintaining backward compatibility for old applications.
type SignerInfoConfig ¶
type SignerInfoConfig struct { ExtraSignedAttributes []Attribute ExtraUnsignedAttributes []Attribute SkipCertificates bool }
SignerInfoConfig are optional values to include when adding a signer
type VerifyFunc ¶ added in v1.0.2061
type VerifyFunc func() error