cms

package
v0.0.0-...-3ee5e26 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 22, 2022 License: MIT Imports: 8 Imported by: 1

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func Sign 

func Sign(data []byte, chain []*x509.Certificate, signer crypto.Signer) ([]byte, error)

Sign creates a CMS SignedData from the content and signs it with signer. At minimum, chain must contain the leaf certificate associated with the signer. Any additional intermediates will also be added to the SignedData. The DER encoded CMS message is returned.

func SignCrossCertAttr 

func SignCrossCertAttr(data []byte, chain []*x509.Certificate, signer crypto.Signer, time []byte, vid []byte, challeange []byte) ([]byte, error)

func SignDetached 

func SignDetached(data []byte, chain []*x509.Certificate, signer crypto.Signer) ([]byte, error)

SignDetached creates a detached CMS SignedData from the content and signs it with signer. At minimum, chain must contain the leaf certificate associated with the signer. Any additional intermediates will also be added to the SignedData. The DER encoded CMS message is returned.

func SignSetDateAttr 

func SignSetDateAttr(data []byte, hashFunc *crypto.Hash, chain []*x509.Certificate, signer crypto.Signer, time string) ([]byte, error)

func SignUseUnSignedAttr 

func SignUseUnSignedAttr(data []byte, chain []*x509.Certificate, signer crypto.Signer, vidSrc []byte) ([]byte, error)

func SignWithHashAlgorithmAndSignature 

func SignWithHashAlgorithmAndSignature(data []byte, chain []*x509.Certificate, signer crypto.Signer, hashAlogrithm *crypto.Hash, signature []byte, attributeOption int) ([]byte, error)

func SignWithHashAlgorithmAndSignatureWithoutSigner 

func SignWithHashAlgorithmAndSignatureWithoutSigner(data []byte, cert *x509.Certificate, hashAlogrithm *crypto.Hash, signature []byte) ([]byte, error)

func Signature 

func Signature(data []byte, chain []*x509.Certificate, signer crypto.Signer, hash *crypto.Hash) ([]byte, error)

Types

type Attributes 

type Attributes []protocol.SignedData

type SignedData 

type SignedData struct {
	// psd *protocol.SignedData
	Psd *protocol.SignedData
}

SignedData represents a signed message or detached signature.

func NewSignedData 

func NewSignedData(data []byte) (*SignedData, error)

NewSignedData creates a new SignedData from the given data.

func ParseSignedData 

func ParseSignedData(ber []byte) (*SignedData, error)

ParseSignedData parses a SignedData from BER encoded data.

func (*SignedData) AddTimestamps 

func (sd *SignedData) AddTimestamps(url string) error

AddTimestamps adds a timestamp to the SignedData using the RFC3161 timestamping service at the given URL. This timestamp proves that the signed message existed the time of generation, allowing verifiers to have more trust in old messages signed with revoked keys.

func (*SignedData) Detached 

func (sd *SignedData) Detached()

Detached removes the data content from this SignedData. No more signatures can be added after this method has been called.

func (*SignedData) GetCertificates 

func (sd *SignedData) GetCertificates() ([]*x509.Certificate, error)

GetCertificates gets all the certificates stored in the SignedData.

func (*SignedData) GetData 

func (sd *SignedData) GetData() ([]byte, error)

GetData gets the encapsulated data from the SignedData. Nil will be returned if this is a detached signature. A protocol.ErrWrongType will be returned if the SignedData encapsulates something other than data (1.2.840.113549.1.7.1).

func (*SignedData) IsDetached 

func (sd *SignedData) IsDetached() bool

IsDetached checks if this SignedData has data content.

func (*SignedData) SetCertificates 

func (sd *SignedData) SetCertificates(certs []*x509.Certificate) error

SetCertificates replaces the certificates stored in the SignedData with new ones.

func (*SignedData) Sign 

func (sd *SignedData) Sign(chain []*x509.Certificate, signer crypto.Signer) error

Sign adds a signature to the SignedData.At minimum, chain must contain the leaf certificate associated with the signer. Any additional intermediates will also be added to the SignedData.

func (*SignedData) ToDER 

func (sd *SignedData) ToDER() ([]byte, error)

ToDER encodes this SignedData message using DER.

func (*SignedData) Verify 

func (sd *SignedData) Verify(opts x509.VerifyOptions) ([][][]*x509.Certificate, error)

Verify verifies the SingerInfos' signatures. Each signature's associated certificate is verified using the provided roots. UnsafeNoVerify may be specified to skip this verification. Nil may be provided to use system roots. The full chains for the certificates whose keys made the signatures are returned.

WARNING: this function doesn't do any revocation checking.

func (*SignedData) VerifyDetached 

func (sd *SignedData) VerifyDetached(message []byte, opts x509.VerifyOptions) ([][][]*x509.Certificate, error)

VerifyDetached verifies the SingerInfos' detached signatures over the provided data message. Each signature's associated certificate is verified using the provided roots. UnsafeNoVerify may be specified to skip this verification. Nil may be provided to use system roots. The full chains for the certificates whose keys made the signatures are returned.

WARNING: this function doesn't do any revocation checking.

Source Files

View all Source files

Directories

Path Synopsis
Package oid contains OIDs that are used by other packages in this repository.
 Package oid contains OIDs that are used by other packages in this repository.
Package protocol implements low level CMS types, parsing and generation.
 Package protocol implements low level CMS types, parsing and generation.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.