sign

package

v0.0.1 Latest Latest Go to latest Published: Feb 25, 2022 License: GPL-3.0 Imports: 18 Imported by: 0

Details

Valid go.mod file

The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
Redistributable license

Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
Tagged version

Modules with tagged versions give importers more predictable builds.
Stable version

When a project reaches major version v1 it is considered stable.
Learn more about best practices

Repository

github.com/nobuenhombre/go-crypto-gost

Links

Open Source Insights

Documentation ¶

Index ¶

type Attribute
type Config
- func (c *Config) Sign(message []byte, publicKeyPEM, privateKeyPEM containers.PEM) (signed containers.PEM, err error)
type Service
- func New() Service
type SignedData
- func NewSignedData(data []byte) (*SignedData, error)
type SignerInfoConfig

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type Attribute ¶

type Attribute struct {
	Type  asn1.ObjectIdentifier
	Value interface{}
}

Attribute represents a key value pair attribute. Value must be marshalable byte `encoding/asn1`

type Config ¶

type Config struct{}

func (*Config) Sign ¶

func (c *Config) Sign(message []byte, publicKeyPEM, privateKeyPEM containers.PEM) (signed containers.PEM, err error)

type Service ¶

type Service interface {
	Sign(message []byte, publicKeyPEM, privateKeyPEM containers.PEM) (signed containers.PEM, err error)
}

func New ¶

func New() Service

type SignedData ¶

type SignedData struct {
	// contains filtered or unexported fields
}

SignedData is an opaque data structure for creating signed data payloads

func NewSignedData ¶

func NewSignedData(data []byte) (*SignedData, error)

NewSignedData takes data and initializes a PKCS7 SignedData struct that is ready to be signed via AddSigner. The digest algorithm is set to SHA1 by default and can be changed by calling SetDigestAlgorithm.

func (*SignedData) AddCertificate ¶

func (sd *SignedData) AddCertificate(cert *certificate.Container)

AddCertificate adds the certificate to the payload. Useful for parent certificates

func (*SignedData) AddSigner ¶

func (sd *SignedData) AddSigner(ee *certificate.Container, pkey *gost3410.PrivateKey, config SignerInfoConfig) error

AddSigner is a wrapper around AddSignerChain() that adds a signer without any parent.

func (*SignedData) AddSignerChain ¶

func (sd *SignedData) AddSignerChain(
	ee *certificate.Container,
	pkey *gost3410.PrivateKey,
	parents []*certificate.Container,
	config SignerInfoConfig,
) error

AddSignerChain signs attributes about the content and adds certificates and signers infos to the Signed Data. The certificate and private key of the end-entity signer are used to issue the signature, and any parent of that end-entity that need to be added to the list of certifications can be specified in the parents slice.

The signature algorithm used to hash the data is the one of the end-entity certificate.

func (*SignedData) Detach ¶

func (sd *SignedData) Detach() error

Detach removes content from the signed data struct to make it a detached signature. This must be called right before Finish()

func (*SignedData) Finish ¶

func (sd *SignedData) Finish() ([]byte, error)

Finish marshals the content and its signers

func (*SignedData) GetSignedData ¶

func (sd *SignedData) GetSignedData() *signeddata.Container

GetSignedData returns the private Signed Data

func (*SignedData) RemoveAuthenticatedAttributes ¶

func (sd *SignedData) RemoveAuthenticatedAttributes()

RemoveAuthenticatedAttributes removes authenticated attributes from signedData similar to OpenSSL's PKCS7_NOATTR or -noattr flags

func (*SignedData) RemoveUnauthenticatedAttributes ¶

func (sd *SignedData) RemoveUnauthenticatedAttributes()

RemoveUnauthenticatedAttributes removes unauthenticated attributes from signedData

func (*SignedData) SetDigestAlgorithm ¶

func (sd *SignedData) SetDigestAlgorithm(d asn1.ObjectIdentifier)

SetDigestAlgorithm sets the digest algorithm to be used in the signing process.

This should be called before adding signers

func (*SignedData) SetEncryptionAlgorithm ¶

func (sd *SignedData) SetEncryptionAlgorithm(d asn1.ObjectIdentifier)

SetEncryptionAlgorithm sets the encryption algorithm to be used in the signing process.

This should be called before adding signers

func (*SignedData) SignAttributes ¶

func (sd *SignedData) SignAttributes(
	attrs []signerinfo.Attribute,
	key *gost3410.PrivateKey,
	digestAlg hashOid.Function,
) ([]byte, error)

SignAttributes signs the DER encoded form of the attributes with the private key

func (*SignedData) SignWithoutAttr ¶

func (sd *SignedData) SignWithoutAttr(
	ee *certificate.Container,
	pkey *gost3410.PrivateKey,
	config SignerInfoConfig,
) error

SignWithoutAttr issues a signature on the content of the pkcs7 SignedData. Unlike AddSigner/AddSignerChain, it calculates the digest on the data alone and does not include any signed attributes like timestamp and so on.

This function is needed to sign old Android APKs, something you probably shouldn't do unless you're maintaining backward compatibility for old applications.

type SignerInfoConfig ¶

type SignerInfoConfig struct {
	ExtraSignedAttributes   []Attribute
	ExtraUnsignedAttributes []Attribute
}

SignerInfoConfig are optional values to include when adding a signer

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL