This is a partial implementation of S/MIME 4.0 in golang.
It consists of the following packages
- asn11 - ASN.1 marshalling and unmarshalling
- b64 - Pretty base64 encoding for S/MIME (basically just the PEM body)
- cms(cms/protocol)2 - Cryptographic Message Syntax rfc5652
- mime - Parsing for mime/multipart messages needed for S/MIME
- oid3 - ASN.1 object identifiers and related crypto
- openssl - Shelled-out openssl for testing
- pki4 - Creates x.509 pki for testing
- smime Secure/Multipurpose Internet Mail Extensions (S/MIME) Version 4.0 rfc5751-bis-12
- timestamp5 - Time-Stamp Protocol (TSP) rfc3161
It supports enveloped data with AES in CBC mode. Decryption also works with (3)DES. Authenticated-Enveloped-Data Content Type is also supported with AES-GCM and ChaCha20-Poly1305. Also RSAES-OAEP and RSASSA-PSS is supported.
This is covered in
- Cryptographic Message Syntax (CMS) Authenticated-Enveloped-Data Content Type rfc5083
- Using ChaCha20-Poly1305 Authenticated Encryption in the Cryptographic Message Syntax (CMS) rfc8103
- Using AES-CCM and AES-GCM Authenticated Encryption in the Cryptographic Message Syntax (CMS) rfc5084
- Use of the RSASSA-PSS Signature Algorithm in Cryptographic Message Syntax (CMS) rfc4056
- Use of the RSAES-OAEP Key Transport Algorithm in the Cryptographic Message Syntax (CMS) rfc3560
import "github.com/m4x1202/go-smime/smime"
// Alice
mail := "From: Alice\nTo: Bob\n\nHello World!"
SMIME, _ := smime.New()
ciphertext, _ := SMIME.Encrypt([]byte(mail), []*x509.Certificate{Bobcert})
// Bob
BobkeyPair, _ := tls.LoadX509KeyPair("BobCert", "BobKey")
SMIME, _ := smime.New(BobkeyPair)
plaintext, _ := SMIME.Decrypt(ciphertext)
import "github.com/m4x1202/go-smime/smime"
// Alice
AlicekeyPair, _ := tls.LoadX509KeyPair("AliceCert", "AliceKey")
mail := "From: Alice\nTo: Bob\n\nHello World!"
SMIME, _ := smime.New(AlicekeyPair)
signedMsg, _ := SMIME.Sign([]byte(mail), []*x509.Certificate{Bobcert})
// Bob
SMIME, _ := smime.New()
plaintext, _ := SMIME.Verify(signedMsg)
- Testing