particle-os/debian-forge-composer
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
debian-forge-composer/vendor/github.com/smallstep/pkcs7
History
Michael Vogt 409b4f6048 go.mod: update to images@v0.117.0 
This commit updates to images v0.117.0 so that the cross-distro.sh
test works again (images removed fedora-39.json in main but the
uses the previous version of images that includes fedora-39 so
there is a mismatch (we should look into if there is a way to
get github.com/osbuild/images@latest instead of main in the
cross-arch test).

It also updates all the vendor stuff that got pulled via the
new images release (which is giantonormous).

This update requires updating the Go version to 1.22.8
2025-02-19 19:19:42 +01:00
..
internal/legacy/x509 go.mod: update to images@v0.117.0 2025-02-19 19:19:42 +01:00
.gitignore go.mod: update to images@v0.117.0 2025-02-19 19:19:42 +01:00
ber.go go.mod: update to images@v0.117.0 2025-02-19 19:19:42 +01:00
decrypt.go go.mod: update to images@v0.117.0 2025-02-19 19:19:42 +01:00
encrypt.go go.mod: update to images@v0.117.0 2025-02-19 19:19:42 +01:00
LICENSE go.mod: update to images@v0.117.0 2025-02-19 19:19:42 +01:00
Makefile go.mod: update to images@v0.117.0 2025-02-19 19:19:42 +01:00
pkcs7.go go.mod: update to images@v0.117.0 2025-02-19 19:19:42 +01:00
README.md go.mod: update to images@v0.117.0 2025-02-19 19:19:42 +01:00
sign.go go.mod: update to images@v0.117.0 2025-02-19 19:19:42 +01:00
verify.go go.mod: update to images@v0.117.0 2025-02-19 19:19:42 +01:00

README.md

pkcs7

Go Reference Build Status

pkcs7 implements parsing and creating signed and enveloped messages.

package main

import (
	"bytes"
	"crypto/rsa"
	"crypto/x509"
	"encoding/pem"
	"fmt"
	"os"

    "github.com/smallstep/pkcs7"
)

func SignAndDetach(content []byte, cert *x509.Certificate, privkey *rsa.PrivateKey) (signed []byte, err error) {
	toBeSigned, err := NewSignedData(content)
	if err != nil {
		return fmt.Errorf("Cannot initialize signed data: %w", err)
	}
	if err = toBeSigned.AddSigner(cert, privkey, SignerInfoConfig{}); err != nil {
		return fmt.Errorf("Cannot add signer: %w", err)
	}

	// Detach signature, omit if you want an embedded signature
	toBeSigned.Detach()

	signed, err = toBeSigned.Finish()
	if err != nil {
		return fmt.Errorf("Cannot finish signing data: %w", err)
	}

	// Verify the signature
	pem.Encode(os.Stdout, &pem.Block{Type: "PKCS7", Bytes: signed})
	p7, err := pkcs7.Parse(signed)
	if err != nil {
		return fmt.Errorf("Cannot parse our signed data: %w", err)
	}

	// since the signature was detached, reattach the content here
	p7.Content = content

	if bytes.Compare(content, p7.Content) != 0 {
		return fmt.Errorf("Our content was not in the parsed data:\n\tExpected: %s\n\tActual: %s", content, p7.Content)
	}
	if err = p7.Verify(); err != nil {
		return fmt.Errorf("Cannot verify our signed data: %w", err)
	}

	return signed, nil
}

Credits

This is a fork of mozilla-services/pkcs7 which, itself, was a fork of fullsailor/pkcs7.