Digital signature generator in Go, designed to expose a secure HTTP service for signing documents using digital certificates and the PKCS#7 standard.
- RESTful API based on Gin
- PKCS#7 document signing
- Support for custom certificates and private keys
- Configurable CORS
- Structured logging with zap
- Production-ready (Docker, Kubernetes)
go mod downloadgo install github.com/cosmtrek/air@latestOn Windows:
go install github.com/cosmtrek/air@latest
set PATH=%PATH%;%USERPROFILE%\go\bingo build -o main.exe ./cmd/signsvcset PORT=8080
set GIN_MODE=release
set LOG_LEVEL=info
set ALLOWED_ORIGIN=*
main.exedocker build -t signature-generator .
docker run --rm -p 4321:8080 -e PORT=8080 -e GIN_MODE=release -e LOG_LEVEL=info -e ALLOWED_ORIGIN="*" signature-generatorTo start the development server with live reload:
airThis will watch for file changes and automatically rebuild and restart the server using the configuration in .air.toml.
.
├── cmd/signsvc/main.go # Service entry point
├── internal/
│ ├── app/usecase/ # Application use cases
│ ├── domain/ # Domain entities
│ ├── infra/ # Infrastructure (crypto, logging)
│ └── ports/http/gin/ # HTTP adapters (handlers, router)
├── pkg/httpx/cors.go # HTTP utilities
├── certs/ # (Optional) Certificates and keys
├── Dockerfile # Multi-stage Docker image
├── kubernetes.yml # Kubernetes deployment example
├── http.rest # HTTP request examples
└── .env # Environment variables (not versioned)PORT: Service listening port (default: 5000)GIN_MODE: Gin execution mode (release,debug)LOG_LEVEL: Log level (info,debug, etc.)ALLOWED_ORIGIN: Allowed origin for CORS (e.g.,*)
See the http.rest file for usage examples with REST Client or try with curl:
curl -X POST http://localhost:8080/sign \
-H "Content-Type: application/json" \
-d '{
"payload": "Hello world, this is a test message",
"privateKeyPem": "-----BEGIN PRIVATE KEY-----...-----END PRIVATE KEY-----",
"certificatePem": "-----BEGIN CERTIFICATE-----...-----END CERTIFICATE-----",
"signerCertChainPem": []
}'Check the http.rest file for complete usage examples.
openssl genrsa -out key.pem 2048
openssl req -x509 -new -key key.pem -out cert.pem -days 365 -subj "/CN=Test User/O=Example Inc/C=US"See the kubernetes.yml file for a deployment example.