pkcs7

package
v0.0.0-...-0692a52 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 16, 2015 License: BSD-2-Clause Imports: 3 Imported by: 0

Documentation

Overview

Package pkcs7 implements the subset of the CMS PKCS #7 datatype that is typically used to package certificates and CRLs. Using openssl, every certificate converted to PKCS #7 format from another encoding such as PEM conforms to this implementation. reference: https://www.openssl.org/docs/apps/crl2pkcs7.html) 

PKCS #7 Data type, reference: https://tools.ietf.org/html/rfc2315

The full pkcs#7 cryptographic message syntax allows for cryptographic enhancements, for example data can be encrypted and signed and then packaged through pkcs#7 to be sent over a network and then verified and decrypted. It is asn1, and the type of PKCS #7 ContentInfo, which comprises the PKCS #7 structure, is: 

ContentInfo ::= SEQUENCE {
	contentType ContentType,
	content [0] EXPLICIT ANY DEFINED BY contentType OPTIONAL
}

There are 6 possible ContentTypes, data, signedData, envelopedData, signedAndEnvelopedData, digestedData, and encryptedData. Here onlysignedData is implemented, as the degenerate case of signedData without a signature is the typical format for transferring certificates and CRLS. The ContentType signedData has the form: 

signedData ::= SEQUENCE {
	version Version,
	digestAlgorithms DigestAlgorithmIdentifiers,
	contentInfo ContentInfo,
	certificates [0] IMPLICIT ExtendedCertificatesAndCertificates OPTIONAL
	crls [1] IMPLICIT CertificateRevocationLists OPTIONAL,
	signerInfos SignerInfos
}

As of yet signerInfos and digestAlgorithms are not parsed, as they are not relevant to this system's use of PKCS #7 data. Version is an integer type, note that PKCS #7 is recursive, this second layer of ContentInfo is similar ignored for our degenerate usage. The ExtendedCertificatesAndCertificates type consists of a sequence of choices between PKCS #6 extended certificates andx509 certificates. Any sequence consisting of any number of extended certificates is not yet supported in this implementation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type PKCS7 

type PKCS7 struct {
	Raw          asn1.RawContent
	Version      int
	Certificates []*x509.Certificate
	Crl          *pkix.CertificateList
}

PKCS7 represents the ASN1 PKCS7 degenerate signedData content type

func ParsePKCS7 

func ParsePKCS7(raw []byte) (msg *PKCS7, err error)

ParsePKCS7 attempts to parse the DER encoded bytes of a PKCS7 structure

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.