package mail import ( "crypto/rsa" "crypto/x509" "errors" "go.mozilla.org/pkcs7" ) var ( // ErrInvalidPrivateKey should be used if private key is invalid ErrInvalidPrivateKey = errors.New("invalid private key") // ErrInvalidCertificate should be used if certificate is invalid ErrInvalidCertificate = errors.New("invalid certificate") // ErrCouldNotInitialize should be used if the signed data could not initialize ErrCouldNotInitialize = errors.New("could not initialize signed data") // ErrCouldNotAddSigner should be used if the signer could not be added ErrCouldNotAddSigner = errors.New("could not add signer message") // ErrCouldNotFinishSigning should be used if the signing could not be finished ErrCouldNotFinishSigning = errors.New("could not finish signing") ) // SMime is used to sign messages with S/MIME type SMime struct { privateKey *rsa.PrivateKey certificate *x509.Certificate } // NewSMime construct a new instance of SMime with a provided *rsa.PrivateKey func NewSMime(privateKey *rsa.PrivateKey, certificate *x509.Certificate) (*SMime, error) { if privateKey == nil { return nil, ErrInvalidPrivateKey } if certificate == nil { return nil, ErrInvalidCertificate } return &SMime{ privateKey: privateKey, certificate: certificate, }, nil } // Sign the content with the given privateKey of the method NewSMime func (sm *SMime) Sign(content []byte) (*string, error) { toBeSigned, err := pkcs7.NewSignedData(content) toBeSigned.SetDigestAlgorithm(pkcs7.OIDDigestAlgorithmSHA256) if err != nil { return nil, ErrCouldNotInitialize } if err = toBeSigned.AddSigner(sm.certificate, sm.privateKey, pkcs7.SignerInfoConfig{}); err != nil { return nil, ErrCouldNotAddSigner } signed, err := toBeSigned.Finish() if err != nil { return nil, ErrCouldNotFinishSigning } signedData := string(signed) return &signedData, nil }