Help with PKCS#7 signature of file

[Ryan Slade]

Hi

I'm creating a package to build Apple passbook files and I need to sign a file using private key and certificate.

I'm not sure where to begin however.

Ruby code to do the same thing is below, can this be done with the Go standard library?

def sign_manifest

    puts "Signing the manifest"

    # Import the certificates

    p12_certificate = OpenSSL::PKCS12::new(File.read(self.certificate_url), self.certificate_password)

    wwdr_certificate = OpenSSL::X509::Certificate.new(File.read(self.wwdr_intermediate_certificate_path))

    

    # Sign the data

    flag = OpenSSL::PKCS7::BINARY|OpenSSL::PKCS7::DETACHED

    signed = OpenSSL::PKCS7::sign(p12_certificate.certificate, p12_certificate.key, File.read(self.manifest_url), [wwdr_certificate], flag)

    

    # Create an output path for the signed data

    self.signature_url = self.temporary_path + "/signature"

    

    # Write out the data

    File.open(self.signature_url, "w") do |f|

      f.syswrite signed.to_der

    end

  end

Thanks

Ryan

[agl]

On Friday, October 5, 2012 12:27:37 PM UTC-4, Ryan Slade wrote:

I'm creating a package to build Apple passbook files and I need to sign a file using private key and certificate.

I'm not sure where to begin however.

I'm afraid that we don't have support for either PKCS#7, nor PKCS#12 in the standard libraries. I'm not aware of any Go code that does it either.

You can, of course, shell out or use cgo to do this via OpenSSL, as Ruby does. But I'm afraid that PKCS#7 (especially) represents the very worst of architecture astronaut design and we're unlikely to support it naively any time soon.

Cheers

AGL

[Ryan Slade]

Ah, ok. Thanks for letting me know.

Probably going to be easiest to shell out.