Documentation
¶
Overview ¶
Package pkcs7 implements parsing and generation of some PKCS#7 structures.
Index ¶
- Variables
- func DegenerateCertificate(cert []byte) ([]byte, error)
- func Encrypt(content []byte, recipients []*x509.Certificate) ([]byte, error)
- func Unmarshal(b []byte, val interface{}) (rest []byte, err error)
- type Attribute
- type MessageDigestMismatchError
- type PKCS7
- type SignedData
- type SignerInfoConfig
Constants ¶
This section is empty.
Variables ¶
var ( // ErrBerIsEmpty is returned when BER structure is empty ErrBerIsEmpty = errors.New("ber2der: input ber is empty") // ErrTagLenTooLong is returned when BER tag length is too long ErrTagLenTooLong = errors.New("ber2der: BER tag length too long") // ErrTagLenNegative is returned when a BER tag has negative length ErrTagLenNegative = errors.New("ber2der: BER tag length is negative") // ErrTagLenHasLeadingZero is returned when a BER tag has a negative length ErrTagLenHasLeadingZero = errors.New("ber2der: BER tag length has leading zero") // ErrTagLenOverflow is returned when a BER tag has a length greater // then the whole data length. ErrTagLenOverflow = errors.New("ber2der: BER tag length is more than available data") // ErrInvalidFormat is returned when the given data does not have // correct BER format. ErrInvalidFormat = errors.New("ber2der: Invalid BER format") )
var ErrNotEncryptedContent = errors.New("pkcs7: content data is a decryptable data type")
ErrNotEncryptedContent is returned when attempting to Decrypt data that is not encrypted data
var ErrUnsupportedAlgorithm = errors.New("pkcs7: cannot decrypt data: only RSA, DES, DES-EDE3 and AES-256-CBC supported")
ErrUnsupportedAlgorithm tells you when our quick dev assumptions have failed
var ErrUnsupportedContentType = errors.New("pkcs7: cannot parse data: unimplemented content type")
ErrUnsupportedContentType is returned when a PKCS7 content is not supported. Currently only Data (1.2.840.113549.1.7.1), Signed Data (1.2.840.113549.1.7.2), and Enveloped Data are supported (1.2.840.113549.1.7.3)
Functions ¶
func DegenerateCertificate ¶
DegenerateCertificate creates a signed data structure containing only the provided certificate
func Encrypt ¶
func Encrypt(content []byte, recipients []*x509.Certificate) ([]byte, error)
Encrypt creates and returns an envelope data PKCS7 structure with encrypted recipient keys for each recipient public key TODO(fullsailor): Add support for encrypting content with other algorithms
func Unmarshal ¶
Unmarshal parses the DER-encoded ASN.1 data structure b and uses the reflect package to fill in an arbitrary value pointed at by val. Because Unmarshal uses the reflect package, the structs being written to must use upper case field names.
An ASN.1 INTEGER can be written to an int, int32, int64, or *big.Int (from the math/big package). If the encoded value does not fit in the Go type, Unmarshal returns a parse error.
An ASN.1 BIT STRING can be written to a asn1.BitString.
An ASN.1 OCTET STRING can be written to a []byte.
An ASN.1 OBJECT IDENTIFIER can be written to an asn1.ObjectIdentifier.
An ASN.1 ENUMERATED can be written to an asn1.Enumerated.
An ASN.1 UTCTIME or GENERALIZEDTIME can be written to a time.Time.
An ASN.1 PrintableString or IA5String can be written to a string.
Any of the above ASN.1 values can be written to an interface{}. The value stored in the interface has the corresponding Go type. For integers, that type is int64.
An ASN.1 SEQUENCE OF x or SET OF x can be written to a slice if an x can be written to the slice's element type.
An ASN.1 SEQUENCE or SET can be written to a struct if each of the elements in the sequence can be written to the corresponding element in the struct.
The following tags on struct fields have special meaning to Unmarshal:
application specifies that a APPLICATION tag is used default:x sets the default value for optional integer fields explicit specifies that an additional, explicit tag wraps the implicit one optional marks the field as ASN.1 OPTIONAL set causes a SET, rather than a SEQUENCE type to be expected tag:x specifies the ASN.1 tag number; implies ASN.1 CONTEXT SPECIFIC
If the type of the first field of a structure is asn1.RawContent then the raw ASN1 contents of the struct will be stored in it.
If the type name of a slice element ends with "SET" then it's treated as if the "set" tag was set on it. This can be used with nested slices where a struct tag cannot be given.
Other ASN.1 types are not supported; if it encounters them, Unmarshal returns a parse error.
Types ¶
type Attribute ¶
type Attribute struct { Type asn1.ObjectIdentifier Value interface{} }
Attribute represents a key value pair attribute. Value must be marshalable byte `encoding/asn1`
type MessageDigestMismatchError ¶
MessageDigestMismatchError is returned when the signer data digest does not match the computed digest for the contained content
func (*MessageDigestMismatchError) Error ¶
func (err *MessageDigestMismatchError) Error() string
type PKCS7 ¶
type PKCS7 struct { Content []byte Certificates []*x509.Certificate CRLs []pkix.CertificateList Signers []signerInfo // contains filtered or unexported fields }
PKCS7 Represents a PKCS7 structure
func (*PKCS7) Decrypt ¶
func (p7 *PKCS7) Decrypt(cert *x509.Certificate, pk crypto.PrivateKey) ([]byte, error)
Decrypt decrypts encrypted content info for recipient cert and private key
func (*PKCS7) GetOnlySigner ¶
func (p7 *PKCS7) GetOnlySigner() *x509.Certificate
GetOnlySigner returns an x509.Certificate for the first signer of the signed data payload. If there are more or less than one signer, nil is returned
func (*PKCS7) UnmarshalSignedAttribute ¶
func (p7 *PKCS7) UnmarshalSignedAttribute(attributeType asn1.ObjectIdentifier, out interface{}) error
UnmarshalSignedAttribute decodes a single attribute from the signer info
type SignedData ¶
type SignedData struct {
// contains filtered or unexported fields
}
SignedData is an opaque data structure for creating signed data payloads
func NewSignedData ¶
func NewSignedData(data []byte) (*SignedData, error)
NewSignedData initializes a SignedData with content
func (*SignedData) AddCertificate ¶
func (sd *SignedData) AddCertificate(cert *x509.Certificate)
AddCertificate adds the certificate to the payload. Useful for parent certificates
func (*SignedData) AddSigner ¶
func (sd *SignedData) AddSigner(cert *x509.Certificate, pkey crypto.PrivateKey, config SignerInfoConfig) error
AddSigner signs attributes about the content and adds certificate to payload
func (*SignedData) Finish ¶
func (sd *SignedData) Finish() ([]byte, error)
Finish marshals the content and its signers
type SignerInfoConfig ¶
type SignerInfoConfig struct {
ExtraSignedAttributes []Attribute
}
SignerInfoConfig are optional values to include when adding a signer