github
diff --git a/‎README.md‎
Lines changed: 6 additions & 0 deletions b/‎README.md‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎certstore/LICENSE.md‎
Lines changed: 21 additions & 0 deletions b/‎certstore/LICENSE.md‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎certstore/README.md‎
Lines changed: 82 additions & 0 deletions b/‎certstore/README.md‎
Lines changed: 82 additions & 0 deletions
diff --git a/‎certstore/certstore.go‎
Lines changed: 49 additions & 0 deletions b/‎certstore/certstore.go‎
Lines changed: 49 additions & 0 deletions
@@ -4,6 +4,12 @@ Smimesign is an S/MIME signing utility for macOS and Windows that is compatible
 
 This project is pre-1.0, meaning that APIs and functionality may change without warning.
 
+This package also contains reusable libraries in nested packages:
+
+- [`github.com/smimesign/certstore`](./certstore)
+- [`github.com/smimesign/fakeca`](./fakeca)
+- [`github.com/smimesign/ietf-cms`](./ietf-cms)
+
 ## Contributing
 
 Different organizations do PKI differently and we weren't able to test everyone's setup. Contributions making this tool work better for your organization are welcome. See the [contributing docs](CONTRIBUTING.md) for more information on how to get involved.
 
@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2017 Ben Toews.
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.
@@ -0,0 +1,82 @@
+# certstore [![PkgGoDev](https://pkg.go.dev/badge/github.com/github/smimesign/certstore?tab=doc)](https://pkg.go.dev/github.com/github/smimesign/certstore?tab=doc)
+
+Certstore is a Go library for accessing user identities stored in platform certificate stores. On Windows and macOS, certstore can enumerate user identities and sign messages with their private keys.
+
+## Example
+
+```go
+package main
+
+import (
+	"crypto"
+	"encoding/hex"
+	"errors"
+	"fmt"
+
+	"crypto/rand"
+	"crypto/sha256"
+
+	"github.com/github/smimesign/certstore"
+)
+
+func main() {
+	sig, err := signWithMyIdentity("Ben Toews", "hello, world!")
+	if err != nil {
+		panic(err)
+	}
+
+	fmt.Println(hex.EncodeToString(sig))
+}
+
+func signWithMyIdentity(cn, msg string) ([]byte, error) {
+	// Open the certificate store for use. This must be Close()'ed once you're
+	// finished with the store and any identities it contains.
+	store, err := certstore.Open()
+	if err != nil {
+		return nil, err
+	}
+	defer store.Close()
+
+	// Get an Identity slice, containing every identity in the store. Each of
+	// these must be Close()'ed when you're done with them.
+	idents, err := store.Identities()
+	if err != nil {
+		return nil, err
+	}
+
+	// Iterate through the identities, looking for the one we want.
+	var me certstore.Identity
+	for _, ident := range idents {
+		defer ident.Close()
+
+		crt, errr := ident.Certificate()
+		if errr != nil {
+			return nil, errr
+		}
+
+		if crt.Subject.CommonName == "Ben Toews" {
+			me = ident
+		}
+	}
+
+	if me == nil {
+		return nil, errors.New("Couldn't find my identity")
+	}
+
+	// Get a crypto.Signer for the identity.
+	signer, err := me.Signer()
+	if err != nil {
+		return nil, err
+	}
+
+	// Digest and sign our message.
+	digest := sha256.Sum256([]byte(msg))
+	signature, err := signer.Sign(rand.Reader, digest[:], crypto.SHA256)
+	if err != nil {
+		return nil, err
+	}
+
+	return signature, nil
+}
+
+```
@@ -0,0 +1,49 @@
+package certstore
+
+import (
+	"crypto"
+	"crypto/x509"
+	"errors"
+)
+
+var (
+	// ErrUnsupportedHash is returned by Signer.Sign() when the provided hash
+	// algorithm isn't supported.
+	ErrUnsupportedHash = errors.New("unsupported hash algorithm")
+)
+
+// Open opens the system's certificate store.
+func Open() (Store, error) {
+	return openStore()
+}
+
+// Store represents the system's certificate store.
+type Store interface {
+	// Identities gets a list of identities from the store.
+	Identities() ([]Identity, error)
+
+	// Import imports a PKCS#12 (PFX) blob containing a certificate and private
+	// key.
+	Import(data []byte, password string) error
+
+	// Close closes the store.
+	Close()
+}
+
+// Identity is a X.509 certificate and its corresponding private key.
+type Identity interface {
+	// Certificate gets the identity's certificate.
+	Certificate() (*x509.Certificate, error)
+
+	// CertificateChain attempts to get the identity's full certificate chain.
+	CertificateChain() ([]*x509.Certificate, error)
+
+	// Signer gets a crypto.Signer that uses the identity's private key.
+	Signer() (crypto.Signer, error)
+
+	// Delete deletes this identity from the system.
+	Delete() error
+
+	// Close any manually managed memory held by the Identity.
+	Close()
+}