CMSSignedData in Golang

[Shivli Srivastava]

I have to replicate the Java code for signing xml in Go. The java code uses org.bouncycastle.cms.CMSSignedData from BouncyCastle for signing and org.apache.xml.serialize.XMLSerializer for Serializing the input xml . 

The signing process should be exactly same as the signature otherwise would be different and I cannot afford that . Any help will be appreciated

Regards
Shivli

[Tamás Gulácsi]

Earlier questions bubbled up https://pkg.go.dev/github.com/fullsailor/pkcs7?utm_source=godoc#SignedData
(https://github.com/smallstep/pkcs7)

For the XML canonicalization, you may try https://pkg.go.dev/github.com/lafriks/go-xmldsig/v2#Canonicalizer

[Shivli Srivastava]

I tried with pkcs7, but for the same canonical input the digest is matching but the signature format is not similar to the one generated by Java Bouncy Castle

[Shivli Srivastava]

If I have to call my java code from golang application , how can I integrate it ? 

[Karlovsky Alexey]

You can wrap your java BC code in http server and access it with golang http client, also, you can wrap your BC code in CLI tool and exec java process with os.exec.

But, as I can understand you need CMS signature for xml content, with golang you can do CMS signatures with https://github.com/fullsailor/pkcs7 or some of its forks (for example https://github.com/mozilla-services/pkcs7 has some improvements, but marked as archived recently).

What really matters - the normalization of your XML content and you can look at https://github.com/russellhaering/goxmldsig/blob/main/etreeutils/canonicalize.go#L11 .

--
You received this message because you are subscribed to the Google Groups "golang-nuts" group.
To unsubscribe from this group and stop receiving emails from it, send an email to golang-nuts...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/golang-nuts/e6f93770-d0a5-4054-aa46-ce0c0f32715bn%40googlegroups.com.

--

Kind regards,

Alexey