README
¶
pkcs7
Original at https://github.com/fullsailor/pkcs7
This package is internal to the scep repo and is meant to be replaced with the upstream version at a later time.
pkcs7 implements parsing and creating signed and enveloped messages.
- Documentation on GoDoc
Documentation
¶
Overview ¶
Package pkcs7 implements parsing and generation of some PKCS#7 structures.
Index ¶
Constants ¶
This section is empty.
Variables ¶
var ErrNotEncryptedContent = errors.New("pkcs7: content data is a decryptable data type")
ErrNotEncryptedContent is returned when attempting to Decrypt data that is not encrypted data
var ErrUnsupportedAlgorithm = errors.New("pkcs7: cannot decrypt data: only RSA, DES, DES-EDE3 and AES-256-CBC supported")
ErrUnsupportedAlgorithm tells you when our quick dev assumptions have failed
var ErrUnsupportedContentType = errors.New("pkcs7: cannot parse data: unimplemented content type")
ErrUnsupportedContentType is returned when a PKCS7 content is not supported. Currently only Data (1.2.840.113549.1.7.1), Signed Data (1.2.840.113549.1.7.2), and Enveloped Data are supported (1.2.840.113549.1.7.3)
Functions ¶
func DegenerateCertificate ¶
DegenerateCertificate creates a signed data structure containing only the provided certificate or certificate chain.
Types ¶
type Attribute ¶
type Attribute struct {
Type asn1.ObjectIdentifier
Value interface{}
}
Attribute represents a key value pair attribute. Value must be marshalable byte `encoding/asn1`
type MessageDigestMismatchError ¶
MessageDigestMismatchError is returned when the signer data digest does not match the computed digest for the contained content
func (*MessageDigestMismatchError) Error ¶
func (err *MessageDigestMismatchError) Error() string
type PKCS7 ¶
type PKCS7 struct {
Content []byte
Certificates []*x509.Certificate
CRLs []pkix.CertificateList
Signers []signerInfo
// contains filtered or unexported fields
}
PKCS7 Represents a PKCS7 structure
func (*PKCS7) Decrypt ¶
func (p7 *PKCS7) Decrypt(cert *x509.Certificate, pk crypto.PrivateKey) ([]byte, error)
Decrypt decrypts encrypted content info for recipient cert and private key
func (*PKCS7) GetOnlySigner ¶
func (p7 *PKCS7) GetOnlySigner() *x509.Certificate
GetOnlySigner returns an x509.Certificate for the first signer of the signed data payload. If there are more or less than one signer, nil is returned
func (*PKCS7) UnmarshalSignedAttribute ¶
func (p7 *PKCS7) UnmarshalSignedAttribute(attributeType asn1.ObjectIdentifier, out interface{}) error
UnmarshalSignedAttribute decodes a single attribute from the signer info
type SignedData ¶
type SignedData struct {
// contains filtered or unexported fields
}
SignedData is an opaque data structure for creating signed data payloads
func NewSignedData ¶
func NewSignedData(data []byte) (*SignedData, error)
NewSignedData initializes a SignedData with content
func (*SignedData) AddCertificate ¶
func (sd *SignedData) AddCertificate(cert *x509.Certificate)
AddCertificate adds the certificate to the payload. Useful for parent certificates
func (*SignedData) AddSigner ¶
func (sd *SignedData) AddSigner(cert *x509.Certificate, pkey crypto.PrivateKey, config SignerInfoConfig) error
AddSigner signs attributes about the content and adds certificate to payload
func (*SignedData) Finish ¶
func (sd *SignedData) Finish() ([]byte, error)
Finish marshals the content and its signers
type SignerInfoConfig ¶
type SignerInfoConfig struct {
ExtraSignedAttributes []Attribute
}
SignerInfoConfig are optional values to include when adding a signer
Source Files