search

fullsailor / pkcs7

Implements a subset of PKCS#7/Crytpographic Message Syntax (rfc2315, rfc5652)
MIT License
123 stars 201 forks source link

Support S/MIME detached signatures, and improve tests #13

Closed jvehent closed 7 years ago

jvehent commented 7 years ago

Good day. First of all, thanks for a great little lib, it saved me a whole bunch of time reimplementing pkcs7 in Go. I'd like to use it in autograph to sign Firefox addons, which use a JAR-type signature, based on pkcs7 S/MIME detached signatures.

Detached signatures are really just the basic SignedData minus the Content field. The new Detach() method simply resets the Content field to an empty value.

I also added a few tests, including one that verifies a detached signature using OpenSSL. It required tweaking some of the X.509 fields of the test certificates for it to work.

Next I'll take a look at the Verify function to make sure it checks the chain of trust.

Let me know if this is implemented correctly.

jvehent commented 7 years ago

Would it be possible to have this patch reviewed shortly? I'd rather not base my work on a fork :/

fullsailor commented 7 years ago

Thank you @jvehent. Sorry it wasn't merged sooner.