Documentation
¶
Index ¶
- type Attribute
- type Config
- type Service
- type SignedData
- func (sd *SignedData) AddCertificate(cert *certificate.Container)
- func (sd *SignedData) AddSigner(ee *certificate.Container, pkey *gost3410.PrivateKey, config SignerInfoConfig) error
- func (sd *SignedData) AddSignerChain(ee *certificate.Container, pkey *gost3410.PrivateKey, ...) error
- func (sd *SignedData) Detach() error
- func (sd *SignedData) Finish() ([]byte, error)
- func (sd *SignedData) GetSignedData() *signeddata.Container
- func (sd *SignedData) RemoveAuthenticatedAttributes()
- func (sd *SignedData) RemoveUnauthenticatedAttributes()
- func (sd *SignedData) SetDigestAlgorithm(d asn1.ObjectIdentifier)
- func (sd *SignedData) SetEncryptionAlgorithm(d asn1.ObjectIdentifier)
- func (sd *SignedData) SignAttributes(attrs []signerinfo.Attribute, key *gost3410.PrivateKey, ...) ([]byte, error)
- func (sd *SignedData) SignWithoutAttr(ee *certificate.Container, pkey *gost3410.PrivateKey, config SignerInfoConfig) error
- type SignerInfoConfig
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Attribute ¶
type Attribute struct {
Type asn1.ObjectIdentifier
Value interface{}
}
Attribute represents a key value pair attribute. Value must be marshalable byte `encoding/asn1`
type Config ¶
type Config struct{}
func (*Config) Sign ¶
func (c *Config) Sign(message []byte, publicKeyPEM, privateKeyPEM containers.PEM) (signed containers.PEM, err error)
type Service ¶
type Service interface {
Sign(message []byte, publicKeyPEM, privateKeyPEM containers.PEM) (signed containers.PEM, err error)
}
type SignedData ¶
type SignedData struct {
// contains filtered or unexported fields
}
SignedData is an opaque data structure for creating signed data payloads
func NewSignedData ¶
func NewSignedData(data []byte) (*SignedData, error)
NewSignedData takes data and initializes a PKCS7 SignedData struct that is ready to be signed via AddSigner. The digest algorithm is set to SHA1 by default and can be changed by calling SetDigestAlgorithm.
func (*SignedData) AddCertificate ¶
func (sd *SignedData) AddCertificate(cert *certificate.Container)
AddCertificate adds the certificate to the payload. Useful for parent certificates
func (*SignedData) AddSigner ¶
func (sd *SignedData) AddSigner(ee *certificate.Container, pkey *gost3410.PrivateKey, config SignerInfoConfig) error
AddSigner is a wrapper around AddSignerChain() that adds a signer without any parent.
func (*SignedData) AddSignerChain ¶
func (sd *SignedData) AddSignerChain( ee *certificate.Container, pkey *gost3410.PrivateKey, parents []*certificate.Container, config SignerInfoConfig, ) error
AddSignerChain signs attributes about the content and adds certificates and signers infos to the Signed Data. The certificate and private key of the end-entity signer are used to issue the signature, and any parent of that end-entity that need to be added to the list of certifications can be specified in the parents slice.
The signature algorithm used to hash the data is the one of the end-entity certificate.
func (*SignedData) Detach ¶
func (sd *SignedData) Detach() error
Detach removes content from the signed data struct to make it a detached signature. This must be called right before Finish()
func (*SignedData) Finish ¶
func (sd *SignedData) Finish() ([]byte, error)
Finish marshals the content and its signers
func (*SignedData) GetSignedData ¶
func (sd *SignedData) GetSignedData() *signeddata.Container
GetSignedData returns the private Signed Data
func (*SignedData) RemoveAuthenticatedAttributes ¶
func (sd *SignedData) RemoveAuthenticatedAttributes()
RemoveAuthenticatedAttributes removes authenticated attributes from signedData similar to OpenSSL's PKCS7_NOATTR or -noattr flags
func (*SignedData) RemoveUnauthenticatedAttributes ¶
func (sd *SignedData) RemoveUnauthenticatedAttributes()
RemoveUnauthenticatedAttributes removes unauthenticated attributes from signedData
func (*SignedData) SetDigestAlgorithm ¶
func (sd *SignedData) SetDigestAlgorithm(d asn1.ObjectIdentifier)
SetDigestAlgorithm sets the digest algorithm to be used in the signing process.
This should be called before adding signers
func (*SignedData) SetEncryptionAlgorithm ¶
func (sd *SignedData) SetEncryptionAlgorithm(d asn1.ObjectIdentifier)
SetEncryptionAlgorithm sets the encryption algorithm to be used in the signing process.
This should be called before adding signers
func (*SignedData) SignAttributes ¶
func (sd *SignedData) SignAttributes( attrs []signerinfo.Attribute, key *gost3410.PrivateKey, digestAlg hashOid.Function, ) ([]byte, error)
SignAttributes signs the DER encoded form of the attributes with the private key
func (*SignedData) SignWithoutAttr ¶
func (sd *SignedData) SignWithoutAttr( ee *certificate.Container, pkey *gost3410.PrivateKey, config SignerInfoConfig, ) error
SignWithoutAttr issues a signature on the content of the pkcs7 SignedData. Unlike AddSigner/AddSignerChain, it calculates the digest on the data alone and does not include any signed attributes like timestamp and so on.
This function is needed to sign old Android APKs, something you probably shouldn't do unless you're maintaining backward compatibility for old applications.
type SignerInfoConfig ¶
type SignerInfoConfig struct {
ExtraSignedAttributes []Attribute
ExtraUnsignedAttributes []Attribute
}
SignerInfoConfig are optional values to include when adding a signer
Source Files