Versions in this module Expand all Collapse all v1 v1.4.60 Feb 9, 2023 Changes in this version type CertPool + GobEncode string v1.4.59 May 27, 2022 Changes in this version + const EncryptionAlgorithmAES128GCM + const EncryptionAlgorithmAES256 + const EncryptionAlgorithmAES256EmptyIV + const EncryptionAlgorithmDESCBC + const EncryptionAlgorithmDESede + const EncryptionAlgorithmRC4 + const EncryptionAlgorithmSM1 + const EncryptionAlgorithmSM4 + var ContentEncryptionAlgorithm = EncryptionAlgorithmDESCBC + var ErrNotEncryptedContent = errors.New("pkcs7: content data is a decryptable data type") + var ErrPKCS7UnsupportedAlgorithm = errors.New(...) + var ErrUnsupportedAlgorithm = errors.New("x509: cannot verify signature: algorithm unimplemented") + var ErrUnsupportedContentType = errors.New("pkcs7: cannot parse data: unimplemented content type") + var ErrUnsupportedEncryptionAlgorithm = errors.New("pkcs7: cannot encrypt content: only DES-CBC and AES-128-GCM supported") + func CreateCertificate(template, parent *Certificate, publicKey crypto.PublicKey, ...) ([]byte, error) + func CreateCertificateRequest(rand io.Reader, template *CertificateRequest, signer crypto.Signer) (csr []byte, err error) + func CreateCertificateRequestToPem(template *CertificateRequest, signer crypto.Signer) ([]byte, error) + func CreateCertificateToPem(template, parent *Certificate, pubKey *sm2.PublicKey, signer crypto.Signer) ([]byte, error) + func DegenerateCertificate(cert []byte) ([]byte, error) + func GetOIDForHash(hashType Hash) (asn1.ObjectIdentifier, error) + func GetOIDForSign(pubicKeyAlg PublicKeyAlgorithm) (asn1.ObjectIdentifier, error) + func MarshalCertificates(certs []*Certificate) []byte + func MarshalPKCS1PrivateKey(priv crypto.PrivateKey) ([]byte, error) + func MarshalPKCS1RSAPrivateKey(key *rsa.PrivateKey) []byte + func MarshalPKIXPublicKey(pub interface{}) ([]byte, error) + func MarshalSm2EcryptedPrivateKey(PrivKey *sm2.PrivateKey, pwd []byte) ([]byte, error) + func MarshalSm2PrivateKey(key *sm2.PrivateKey, pwd []byte) ([]byte, error) + func MarshalSm2PublicKey(key *sm2.PublicKey) ([]byte, error) + func MarshalSm2UnecryptedPrivateKey(key *sm2.PrivateKey) ([]byte, error) + func PKCS7Encrypt(content []byte, recipients []*Certificate, contentEncryptionAlgorithm int) ([]byte, error) + func ParseCRL(crlBytes []byte) (*pkix.CertificateList, error) + func ParseDERCRL(derBytes []byte) (*pkix.CertificateList, error) + func ParsePKCS1PrivateKey(der []byte) (*rsa.PrivateKey, error) + func ParsePKCS8EcryptedPrivateKey(der, pwd []byte) (*sm2.PrivateKey, error) + func ParsePKCS8PrivateKey(pubkeyAlg PublicKeyAlgorithm, der, pwd []byte) (crypto.PrivateKey, error) + func ParsePKCS8UnecryptedPrivateKey(der []byte) (*sm2.PrivateKey, error) + func ParsePKIXPublicKey(derBytes []byte) (pub interface{}, err error) + func ParsePublicKey(pubkeyAlg PublicKeyAlgorithm, der []byte) (interface{}, error) + func ParseSM2PKCS8PrivateKey(der, pwd []byte) (*sm2.PrivateKey, error) + func ParseSm2CertifateToX509(asn1data []byte) (*x509.Certificate, error) + func ParseSm2PrivateKey(der []byte) (*sm2.PrivateKey, error) + func ReadPrivateKeyFromHex(Dhex string) (*sm2.PrivateKey, error) + func ReadPrivateKeyFromPem(privateKeyPem []byte, pwd []byte) (*sm2.PrivateKey, error) + func ReadPublicKeyFromHex(Qhex string) (*sm2.PublicKey, error) + func ReadPublicKeyFromPem(publicKeyPem []byte) (*sm2.PublicKey, error) + func RegisterHash(h Hash, f func() hash.Hash) + func UnMarshalPKCS1PrivateKey(pubkeyAlg PublicKeyAlgorithm, pbPriv []byte) (crypto.PrivateKey, error) + func WritePrivateKeyToHex(key *sm2.PrivateKey) string + func WritePrivateKeyToPem(key *sm2.PrivateKey, pwd []byte) ([]byte, error) + func WritePublicKeyToHex(key *sm2.PublicKey) string + func WritePublicKeyToPem(key *sm2.PublicKey) ([]byte, error) + type Attribute struct + Type asn1.ObjectIdentifier + Value interface{} + type CertDigestObj struct + Type string + Value asn1.RawValue + type CertPool struct + func NewCertPool() *CertPool + func SystemCertPool() (*CertPool, error) + func (s *CertPool) AddCert(cert *Certificate) + func (s *CertPool) AppendCertsFromPEM(pemCerts []byte) (ok bool) + func (s *CertPool) Subjects() [][]byte + type Certificate struct + AuthorityKeyId []byte + BasicConstraintsValid bool + CRLDistributionPoints []string + DNSNames []string + EmailAddresses []string + ExtKeyUsage []ExtKeyUsage + Extensions []pkix.Extension + ExtraExtensions []pkix.Extension + IPAddresses []net.IP + IsCA bool + Issuer pkix.Name + IssuingCertificateURL []string + KeyUsage KeyUsage + MaxPathLen int + MaxPathLenZero bool + NotAfter time.Time + NotBefore time.Time + OCSPServer []string + PermittedDNSDomains []string + PermittedDNSDomainsCritical bool + PolicyIdentifiers []asn1.ObjectIdentifier + PublicKey interface{} + PublicKeyAlgorithm PublicKeyAlgorithm + Raw []byte + RawIssuer []byte + RawSubject []byte + RawSubjectPublicKeyInfo []byte + RawTBSCertificate []byte + SerialNumber *big.Int + Signature []byte + SignatureAlgorithm SignatureAlgorithm + Subject pkix.Name + SubjectKeyId []byte + UnhandledCriticalExtensions []asn1.ObjectIdentifier + UnknownExtKeyUsage []asn1.ObjectIdentifier + Version int + func ParseCertificate(asn1Data []byte) (*Certificate, error) + func ParseCertificates(asn1Data []byte) ([]*Certificate, error) + func ReadCertificateFromPem(certPem []byte) (*Certificate, error) + func (c *Certificate) CheckCRLSignature(crl *pkix.CertificateList) error + func (c *Certificate) CheckSignature(algo SignatureAlgorithm, signed, signature []byte) error + func (c *Certificate) CheckSignatureFrom(parent *Certificate) error + func (c *Certificate) CreateCRL(rand io.Reader, priv interface{}, revokedCerts []pkix.RevokedCertificate, ...) (crlBytes []byte, err error) + func (c *Certificate) Equal(other *Certificate) bool + func (c *Certificate) FromX509Certificate(x509Cert *x509.Certificate) + func (c *Certificate) ToX509Certificate() *x509.Certificate + func (c *Certificate) Verify(opts VerifyOptions) (chains [][]*Certificate, err error) + func (c *Certificate) VerifyHostname(h string) error + type CertificateInvalidError struct + Cert *Certificate + Reason InvalidReason + func (e CertificateInvalidError) Error() string + type CertificateRequest struct + Attributes []pkix.AttributeTypeAndValueSET + DNSNames []string + EmailAddresses []string + Extensions []pkix.Extension + ExtraExtensions []pkix.Extension + IPAddresses []net.IP + PublicKey interface{} + PublicKeyAlgorithm PublicKeyAlgorithm + Raw []byte + RawSubject []byte + RawSubjectPublicKeyInfo []byte + RawTBSCertificateRequest []byte + Signature []byte + SignatureAlgorithm SignatureAlgorithm + Subject pkix.Name + Version int + func ParseCertificateRequest(asn1Data []byte) (*CertificateRequest, error) + func ReadCertificateRequestFromPem(certPem []byte) (*CertificateRequest, error) + func (c *CertificateRequest) CheckSignature() error + type ConstraintViolationError struct + func (ConstraintViolationError) Error() string + type EncryptedContentInfo struct + ContentEncryptionAlgorithm pkix.AlgorithmIdentifier + ContentType asn1.ObjectIdentifier + EncryptedContent asn1.RawValue + func ExchangeKeyEncrypt(content []byte, recipient *Certificate, contentEncryptionAlgorithm int) (eci *EncryptedContentInfo, rcptInfo *recipientInfo, err error) + type EncryptedPrivateKeyInfo struct + EncryptedData []byte + EncryptionAlgorithm Pbes2Algorithms + type ExtData struct + Critical bool + ExtnID asn1.ObjectIdentifier + ExtnValue asn1.RawValue + type ExtKeyUsage int + const ExtKeyUsageAny + const ExtKeyUsageClientAuth + const ExtKeyUsageCodeSigning + const ExtKeyUsageEmailProtection + const ExtKeyUsageIPSECEndSystem + const ExtKeyUsageIPSECTunnel + const ExtKeyUsageIPSECUser + const ExtKeyUsageMicrosoftServerGatedCrypto + const ExtKeyUsageNetscapeServerGatedCrypto + const ExtKeyUsageOCSPSigning + const ExtKeyUsageServerAuth + const ExtKeyUsageTimeStamping + type Hash uint + const MD4 + const MD5 + const MD5SHA1 + const RIPEMD160 + const SHA1 + const SHA224 + const SHA256 + const SHA384 + const SHA3_224 + const SHA3_256 + const SHA3_384 + const SHA3_512 + const SHA512 + const SHA512_224 + const SHA512_256 + const SM3 + func (h Hash) Available() bool + func (h Hash) HashFunc() crypto.Hash + func (h Hash) New() hash.Hash + func (h Hash) Size() int + type HostnameError struct + Certificate *Certificate + Host string + func (h HostnameError) Error() string + type ImageInfo struct + ImageData []byte + MMHeight int + MMWidth int + Type string + type InsecureAlgorithmError SignatureAlgorithm + func (e InsecureAlgorithmError) Error() string + type InvalidReason int + const CANotAuthorizedForThisName + const Expired + const IncompatibleUsage + const NameMismatch + const NotAuthorizedToSign + const TooManyIntermediates + type KeyUsage int + const KeyUsageCRLSign + const KeyUsageCertSign + const KeyUsageContentCommitment + const KeyUsageDataEncipherment + const KeyUsageDecipherOnly + const KeyUsageDigitalSignature + const KeyUsageEncipherOnly + const KeyUsageKeyAgreement + const KeyUsageKeyEncipherment + type MessageDigestMismatchError struct + ActualDigest []byte + ExpectedDigest []byte + func (err *MessageDigestMismatchError) Error() string + type P10CertificateRequest struct + Raw asn1.RawContent + SignatureAlgorithm pkix.AlgorithmIdentifier + SignatureValue asn1.BitString + TBSCSR tbsCertificateRequest + func CreateP10CertificateRequest(rand io.Reader, template *CertificateRequest, signer crypto.Signer) (p10 *P10CertificateRequest, err error) + type PKCS1Decryptor interface + DecryptPKCS1 func([]byte) ([]byte, error) + type PKCS1Signer interface + GetPkcs1HashType func() Hash + GetX509 func() (*Certificate, error) + PKCS1Sign func([]byte) ([]byte, error) + type PKCS7 struct + CRLs []pkix.CertificateList + Certificates []*Certificate + Content []byte + Signers []signerInfo + func ParsePKCS7(data []byte) (p7 *PKCS7, err error) + func (p7 *PKCS7) Decrypt(cert *Certificate, pk crypto.PrivateKey) ([]byte, error) + func (p7 *PKCS7) DecryptByDecryptor(cert *Certificate, decryptor PKCS1Decryptor) ([]byte, error) + func (p7 *PKCS7) GetOnlySigner() *Certificate + func (p7 *PKCS7) UnmarshalSignedAttribute(attributeType asn1.ObjectIdentifier, out interface{}) error + func (p7 *PKCS7) UnmarshalUnAttribute(attributeType asn1.ObjectIdentifier, out interface{}) error + func (p7 *PKCS7) Verify(certChain *CertPool, certCRL []*pkix.CertificateList, verifyTime *time.Time) (err error) + func (p7 *PKCS7) VerifyWithPlainData(plainData []byte, certChain *CertPool, certCRL []*pkix.CertificateList, ...) (err error) + type Pbes2Algorithms struct + IdPBES2 asn1.ObjectIdentifier + Pbes2Params Pbes2Params + type Pbes2Encs struct + EncryAlgo asn1.ObjectIdentifier + IV []byte + type Pbes2KDfs struct + IdPBKDF2 asn1.ObjectIdentifier + Pkdf2Params Pkdf2Params + type Pbes2Params struct + EncryptionScheme Pbes2Encs + KeyDerivationFunc Pbes2KDfs + type Pkdf2Params struct + IterationCount int + Prf pkix.AlgorithmIdentifier + Salt []byte + type PrivateKeyInfo struct + PrivateKey []byte + PrivateKeyAlgorithm []asn1.ObjectIdentifier + Version int + type PublicKeyAlgorithm int + const DSA + const ECDSA + const RSA + const SM2 + const UnknownPublicKeyAlgorithm + type RawCertificates struct + Raw asn1.RawContent + func (raw RawCertificates) Parse() ([]*Certificate, error) + type SESeal struct + Cert []byte + ESealInfo SesSealInfo + SignAlgID asn1.ObjectIdentifier + SignedValue asn1.BitString + func CreateSeal(usinfo *UserSealInfo, spInfo *SealProviderInfo) (*SESeal, error) + type SealProviderInfo struct + ProviderCert PKCS1Signer + Remark string + Vid string + type SesCertList struct + CertDigestList []byte + CertInfoList []byte + type SesESPictrueInfo struct + Data []byte + Height int + Type string + Width int + type SesESPropertyInfo struct + CertList SesCertList + CertListType int + CreateDate time.Time + Name string + Type int + ValidEnd time.Time + ValidStart time.Time + type SesHeader struct + Id string + Version int + Vid string + type SesSealInfo struct + EsId string + ExtDatas []ExtData + Header SesHeader + Picture SesESPictrueInfo + Property SesESPropertyInfo + type SesSignInfo struct + Cert RawCertificates + SignData asn1.BitString + SignatureAlgorithm asn1.ObjectIdentifier + type SesSignature struct + Cert asn1.RawValue + Signature asn1.BitString + TimeStamp asn1.BitString + ToSign TBS_Sign + type SignatureAlgorithm int + const DSAWithSHA1 + const DSAWithSHA256 + const ECDSAWithSHA1 + const ECDSAWithSHA256 + const ECDSAWithSHA384 + const ECDSAWithSHA512 + const MD2WithRSA + const MD5WithRSA + const SHA1WithRSA + const SHA256WithRSA + const SHA256WithRSAPSS + const SHA384WithRSA + const SHA384WithRSAPSS + const SHA512WithRSA + const SHA512WithRSAPSS + const SM2WithSHA1 + const SM2WithSHA256 + const SM2WithSM3 + const UnknownSignatureAlgorithm + func (algo SignatureAlgorithm) String() string + type SignedData struct + func NewP7B(certs []*Certificate) (*SignedData, error) + func NewPKCS7SignedData(data []byte, pkcs1SignedData []byte, hashType Hash, signCert *Certificate) (*SignedData, error) + func NewSignedData(data []byte) (*SignedData, error) + func (sd *SignedData) AddCertificate(cert *Certificate) + func (sd *SignedData) AddSigner(cert *Certificate, pkey crypto.PrivateKey, config SignerInfoConfig) error + func (sd *SignedData) Detach() + func (sd *SignedData) DirectFinish() ([]byte, error) + func (sd *SignedData) Finish() ([]byte, error) + type SignerInfoConfig struct + ExtraSignedAttributes []Attribute + type SystemRootsError struct + Err error + func (se SystemRootsError) Error() string + type TBS_Sign struct + DataHash asn1.BitString + ESeal SESeal + ExtDatas []ExtData + PropertyInfo string + TimeInfo time.Time + Version int + type UnhandledCriticalExtension struct + func (h UnhandledCriticalExtension) Error() string + type UnknownAuthorityError struct + Cert *Certificate + func (e UnknownAuthorityError) Error() string + type UserSealInfo struct + ImageInfo ImageInfo + NotAfter time.Time + NotBefore time.Time + SealName string + SealType int + UserCert []*Certificate + type VerifyOption struct + VerifyCRL bool + VerifyChain bool + type VerifyOptions struct + CurrentTime time.Time + DNSName string + Intermediates *CertPool + KeyUsages []ExtKeyUsage + Roots *CertPool