Good day. First of all, thanks for a great little lib, it saved me a whole bunch of time reimplementing pkcs7 in Go. I'd like to use it in autograph to sign Firefox addons, which use a JAR-type signature, based on pkcs7 S/MIME detached signatures.
Detached signatures are really just the basic SignedData minus the Content field. The new Detach() method simply resets the Content field to an empty value.
I also added a few tests, including one that verifies a detached signature using OpenSSL. It required tweaking some of the X.509 fields of the test certificates for it to work.
Next I'll take a look at the Verify function to make sure it checks the chain of trust.
Good day. First of all, thanks for a great little lib, it saved me a whole bunch of time reimplementing pkcs7 in Go. I'd like to use it in autograph to sign Firefox addons, which use a JAR-type signature, based on pkcs7 S/MIME detached signatures.
Detached signatures are really just the basic SignedData minus the Content field. The new
Detach()
method simply resets the Content field to an empty value.I also added a few tests, including one that verifies a detached signature using OpenSSL. It required tweaking some of the X.509 fields of the test certificates for it to work.
Next I'll take a look at the
Verify
function to make sure it checks the chain of trust.Let me know if this is implemented correctly.