Open groob opened 7 years ago
Travis fails with 1.6/1.7 but passes with 1.8+
internal/x509util/x509util.go:115: undefined: x509.SHA256WithRSAPSS
internal/x509util/x509util.go:115: undefined: x509.SHA384WithRSAPSS
internal/x509util/x509util.go:115: undefined: x509.SHA512WithRSAPSS
internal/x509util/x509util.go:183: undefined: x509.SHA256WithRSAPSS
internal/x509util/x509util.go:184: undefined: x509.SHA384WithRSAPSS
internal/x509util/x509util.go:185: undefined: x509.SHA512WithRSAPSS
I can put those behind a build flag
Any hopes of this seeing a merge?
@groob signer.DigestAlgorithm.Algorithm
might also be a hash only, not including encryption.
For example, my test matched oidSHA256
.
This breaks the func verifySignature(p7 *PKCS7, signer signerInfo) error
function with:
could not find SignatureAlgorithm details for oid: 2.16.840.1.101.3.4.2.1
The algorithm could be composed, because:
signer.DigestAlgorithm.Algorithm == 2.16.840.1.101.3.4.2.1 (SHA256)
signer.DigestEncryptionAlgorithm.Algorithm == 1.2.840.113549.1.1.1 (RSA)
Hi @fullsailor,
I use the pkcs7 package in my SCEP implementation. Although SCEP supports SHA1 and 3DES the recommended defaults are AES with SHA256.
I began working on implementing support for SHA256 and possibly SHA512 as well in this branch. Most of the code in this pull request is actually coming from a new package,
github.com/fullsailor/pkcs7/internal/x509util
which is just some exported helpers fromcrypto/x509
. I use the helpers to determine the hash function/signature algorithm when needed.I would love your input on the direction on this pull request, and what requirements you would have for getting a change like this into the pkcs7 package.
Thanks!