particle-os/debian-forge-composer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
debian-forge-composer/vendor/go.mozilla.org/pkcs7
History
Christian Kellner 986f076276 container: add support for uploading to registries 
Add a new generic container registry client via a new `container`
package. Use this to create a command line utility as well as a
new upload target for container registries.

The code uses the github.com/containers/* project and packages to
interact with container registires that is also used by skopeo,
podman et al. One if the dependencies is `proglottis/gpgme` that
is using cgo to bind libgpgme, so we have to add the corresponding
devel package to the BuildRequires as well as installing it on CI.

Checks will follow later via an integration test.
2022-06-29 10:02:46 +02:00
..
.gitignore container: add support for uploading to registries 2022-06-29 10:02:46 +02:00
.travis.yml container: add support for uploading to registries 2022-06-29 10:02:46 +02:00
ber.go container: add support for uploading to registries 2022-06-29 10:02:46 +02:00
decrypt.go container: add support for uploading to registries 2022-06-29 10:02:46 +02:00
encrypt.go container: add support for uploading to registries 2022-06-29 10:02:46 +02:00
go.mod container: add support for uploading to registries 2022-06-29 10:02:46 +02:00
LICENSE container: add support for uploading to registries 2022-06-29 10:02:46 +02:00
Makefile container: add support for uploading to registries 2022-06-29 10:02:46 +02:00
pkcs7.go container: add support for uploading to registries 2022-06-29 10:02:46 +02:00
README.md container: add support for uploading to registries 2022-06-29 10:02:46 +02:00
sign.go container: add support for uploading to registries 2022-06-29 10:02:46 +02:00
verify.go container: add support for uploading to registries 2022-06-29 10:02:46 +02:00

README.md

pkcs7

GoDoc Build Status

pkcs7 implements parsing and creating signed and enveloped messages.

package main

import (
	"bytes"
	"crypto/rsa"
	"crypto/x509"
	"encoding/pem"
	"fmt"
	"os"

    "go.mozilla.org/pkcs7"
)

func SignAndDetach(content []byte, cert *x509.Certificate, privkey *rsa.PrivateKey) (signed []byte, err error) {
	toBeSigned, err := NewSignedData(content)
	if err != nil {
		err = fmt.Errorf("Cannot initialize signed data: %s", err)
		return
	}
	if err = toBeSigned.AddSigner(cert, privkey, SignerInfoConfig{}); err != nil {
		err = fmt.Errorf("Cannot add signer: %s", err)
		return
	}

	// Detach signature, omit if you want an embedded signature
	toBeSigned.Detach()

	signed, err = toBeSigned.Finish()
	if err != nil {
		err = fmt.Errorf("Cannot finish signing data: %s", err)
		return
	}

	// Verify the signature
	pem.Encode(os.Stdout, &pem.Block{Type: "PKCS7", Bytes: signed})
	p7, err := pkcs7.Parse(signed)
	if err != nil {
		err = fmt.Errorf("Cannot parse our signed data: %s", err)
		return
	}

	// since the signature was detached, reattach the content here
	p7.Content = content

	if bytes.Compare(content, p7.Content) != 0 {
		err = fmt.Errorf("Our content was not in the parsed data:\n\tExpected: %s\n\tActual: %s", content, p7.Content)
		return
	}
	if err = p7.Verify(); err != nil {
		err = fmt.Errorf("Cannot verify our signed data: %s", err)
		return
	}

	return signed, nil
}

Credits

This is a fork of fullsailor/pkcs7