Security News
Oracle Drags Its Feet in the JavaScript Trademark Dispute
Oracle seeks to dismiss fraud claims in the JavaScript trademark dispute, delaying the case and avoiding questions about its right to the name.
By Sarah Gooding - Feb 07, 2025
New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
github.com/hiddedorhout/cms_ring2
- Version published
- Created
Qualified Ring token library for GO
The Qualified Ring uses tokens to exchange information about positions taken by persons towards informations. These tokens are based on, and compatible with CMS (RFC 5652).
Initialize
Make sure openssl is installed and in PATH.
For timestamping on the signatures, environment variables have to be set to find the configuration to make the timestamp tokens and at it to the signerInfo.
- export EXCHANGE_TS_CERT = Timestamping certificate location of the TS Authority (x.509)
- export EXCHANGE_PKEY = Private key of the TS Authority
- export EXCHANGE_TS_DIR = The directory to temporarily store request and place the config file
The configuration file MUST be placed in the $EXCHANGE_TS_DIR location as ts.cnf containing the following information:
# Default section
[default]
default_tsa = default_tsa
[default_tsa]
home = $ENV::EXCHANGE_TS_DIR
serial = $home/serial
digests = sha1
default_policy = 0.0.1.2.36
signer_cert = $ENV::EXCHANGE_TS_CERT
signer_key = $ENV::EXCHANGE_PKEY
For more information see: https://www.openssl.org/docs/manmaster/man1/ts.html
Variables
var (
TmpRequestlocation = os.Getenv("EXCHANGE_TS_DIR") + "/tmpreq.tsq"
ConfigFileLocation = os.Getenv("EXCHANGE_TS_DIR") + "/ts.cnf"
)
Build Notifications
func InitCMS
func InitCMS(data []byte) (*SignedData, error)
InitCMS takes content as input and returns a SignedData structure
Type SignerAttributes
type SignerAttributes struct {
SignedAttributes []SignedAttribute
}
SignerAttributes are signed attribute values
Type SignedAttribute
type SignedAttribute struct {
AttrType asn1.ObjectIdentifier
AttrValues interface{}
}
SignedAttribute is an attribute to be signed by a signer
func (SignedData) AddSigner
func (sd *SignedData) Addsigner(cert x509.Certificate, pkey *rsa.PrivateKey, extraSignedAttributes SignerAttributes, addTimestamp bool)
Addsigner adds a signer to an already build CMS token. If addTimestamp is TRUE, a timestamp token is added to the unsigned attributes of the signature according to RFC 3161. Else, the unsigned attricutes will stay empty
func (SignedData) Detach
func (sd *SignedData) Detach()
Detach removes content from the signed data struct to make it a detached signature. This must be called right before BuildCMS()
func (SignedData) BuildCMS
func (sd *SignedData) BuildCMS() ([]byte, error)
BuildCMS creates the CMS token
Parse Notifications
FAQs
Unknown package
Package last updated on 18 Jul 2019
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Related posts
Security News
Linux Foundation Warns Open Source Developers: Compliance with Sanctions Is Not Optional
The Linux Foundation is warning open source developers that compliance with global sanctions is mandatory, highlighting legal risks and restrictions on contributions.
By Sarah Gooding - Feb 06, 2025
Security News
Maven Central Adds Sigstore Signature Validation
Maven Central now validates Sigstore signatures, making it easier for developers to verify the provenance of Java packages.
By Sarah Gooding - Feb 06, 2025