Documentation ¶
Overview ¶
Package signify contains some helper functions for using golang.org/x/crypto/nacl/sign, and to encode/decode the private and public keys.
Index ¶
- Constants
- Variables
- func GenerateKey() (PublicKey, PrivateKey, error)
- func GenerateKeyFiles(pubKeyFile, privKeyFile string) error
- func Open(out, signedMessage []byte, publicKey PublicKey) (message []byte, ok bool)
- func Sign(out, message []byte, privateKey PrivateKey) []byte
- func SignFile(privKey, privKeyFile, privKeyEnv, sigFile, msgFile string) error
- func VerifyFile(pubKey, pubKeyFile, pubKeyEnv, sigFile, msgFile string) error
- type PrivateKey
- type PublicKey
Constants ¶
const ( //NaCLPublicPrefix is the prefix for public keys. NaCLPublicPrefix = "nacl" // NaCLPrivatePreifx is the prefix for private keys. NaCLPrivatePrefix = "NACL-SECRET-KEY-" // Overhead bytes is the size of the signature Overhead = sign.Overhead )
const ( DefaultPrivKeyEnv = "NACL_PRIVATE_KEY" DefaultPubKeyEnv = "NACL_PUBLIC_KEY" )
const JSONOverhead = 102
JSONOverhead is the size of `"naclSig":"tzCU4IasEj9jYNAMEY1YxM1bHAZoSSH/PHQL2mLLsCDD8QCW17g8wDGVBmZQn8lwulhHU0aRYOnZ11D9dwcuAQ=="}`
Variables ¶
var ( ErrBadPrefix = errors.New("bad prefix") ErrBadLength = errors.New("length mismatch") )
var ( // ErrMismatch is the error for signature mismatch in verification. ErrMismatch = errors.New("signature mismatch") // BadFormat is returned when the formatting is uncomprehensible. BadFormat = errors.New("bad format") )
Functions ¶
func GenerateKey ¶
func GenerateKey() (PublicKey, PrivateKey, error)
GenerateKey generates a keypair.
func GenerateKeyFiles ¶
func Sign ¶
func Sign(out, message []byte, privateKey PrivateKey) []byte
Sign the message with the given private key, return the signed message appended to out.
func VerifyFile ¶
Types ¶
type PrivateKey ¶
type PrivateKey [64]byte
PrivateKey is the private key bytes.
func (*PrivateKey) Parse ¶
func (pk *PrivateKey) Parse(s string) error
func (PrivateKey) Prefix ¶
func (pk PrivateKey) Prefix() string
func (PrivateKey) Sign ¶ added in v0.0.3
func (pk PrivateKey) Sign(out, message []byte) []byte
func (PrivateKey) SignDetached ¶ added in v0.0.3
func (pk PrivateKey) SignDetached(message []byte) (sig []byte)
SignDetached returns only the signature of the message.
func (PrivateKey) SignJSON ¶ added in v0.0.3
func (pk PrivateKey) SignJSON(out, J []byte) []byte
SignJSON signs the given SERIALIZED JSON following https://perkeep.org/doc/json-signing/#signing
O == the object to be signed J == any valid JSON serialization of O T == J, with 0+ trailing whitespace removed, and then 1 '}' character removed S == ascii-armored detached signature of T C == CONCAT(T, ',"naclSig":"', S, '"}', '\n')
func (PrivateKey) String ¶
func (pk PrivateKey) String() string
type PublicKey ¶
type PublicKey [32]byte
PublicKey is the public key bytes.
func (PublicKey) VerifyDetached ¶ added in v0.0.3
VerifyDetached verifies the message and the signature.
func (PublicKey) VerifyJSON ¶ added in v0.0.3
VerifyJSON verifies the given signed JSON and returns the payload following https://perkeep.org/doc/json-signing/#verifying
Start with a byte array representing the JSON to be verified. call this ‘BA’ (“bytes all”)
given the byte array, find the last index in ‘BA’ of the 12 byte substring:
,"naclSig":"
Let’s call the bytes before that ‘BP’ (“bytes payload”) and the bytes starting at that substring ‘BS’ (“bytes signature”)
define ‘BPJ’ (“bytes payload JSON”) as ‘BP’ + the single byte ‘}’.
replace the first byte of ‘BS’ (the ‘,’) with an open brace (‘{’) and parse it as JSON. verify that it’s a valid JSON object with exactly one key: “naclSig”
verify that the ASCII-armored NaCL signature in “naclSig” signs the bytes in ‘BP’