CMS (Cryptographic Message Syntax) is a syntax for signing, digesting, and encrypting arbitrary messages. It evolved from PKCS#7 and is the basis for higher level protocols such as S/MIME. This package implements the SignedData CMS content-type, allowing users to digitally sign data as well as verify data signed by others.
High level APIs are provided for signing a message with a certificate and key:
msg := []byte("some data")
cert, _ := x509.ParseCertificate(someCertificateData)
key, _ := x509.ParseECPrivateKey(somePrivateKeyData)
der, _ := cms.Sign(msg, cert, key)
////
/// At another time, in another place...
//
sd, _ := ParseSignedData(der)
if err := sd.Verify(); err != nil {
panic(err)
}
By default, CMS SignedData includes the original message. High level APIs are also available for creating and verifying detached signatures:
msg := []byte("some data")
cert, _ := x509.ParseCertificate(someCertificateData)
key, _ := x509.ParseECPrivateKey(somePrivateKeyData)
der, _ := cms.SignDetached(msg, cert, key)
////
/// At another time, in another place...
//
sd, _ := ParseSignedData(der)
if err := sd.VerifyDetached(msg); err != nil {
panic(err)
}