search

fullsailor / pkcs7

Implements a subset of PKCS#7/Crytpographic Message Syntax (rfc2315, rfc5652)
MIT License
123 stars 201 forks source link

Add AddSignerInfo #15

Closed hamano closed 6 years ago

hamano commented 7 years ago

Hi, I'm trying to sign with PKCS11 API and format to CMS. The interface sd.AddSigner(cert, pkey, config) isn't allow to sign with hardware token. I just add new interface AddSignerInfo(cert, signerInfo) also I published SignerInfo struct and Cert2issuerAndSerial()

Usage:

toBeSigned, _ := pkcs7.NewSignedData(content)
attrs, hashed, _ := toBeSigned.HashAttributes(crypto.SHA1, pkcs7.SignerInfoConfig{})
sigunature := SignWithHardwareToken(crypto.SHA1, hashed)
signerInfo := pkcs7.SignerInfo{
    Version:                   1,
    AuthenticatedAttributes:   attrs,
    EncryptedDigest:           signature,
    ...
}
toBeSigned.AddSignerInfo(cert, signerInfo)

Thank you.

jvehent commented 7 years ago

Fwiw, I tried merging this patch on mozilla-services/pkcs7, but it conflicts with the rewrite from #14.

hamano commented 6 years ago

@jvehent mozilla-services/pkcs7 already support HSM, so no need to merge the patch. I'm going to use mozilla-services/pkcs7 thanks!