Documentation ¶
Overview ¶
Package ecdsa implements the Elliptic Curve Digital Signature Algorithm, as defined in FIPS 186-3.
This implementation derives the nonce from an AES-CTR CSPRNG keyed by:
SHA2-512(priv.D || entropy || hash)[:32]
The CSPRNG key is indifferentiable from a random oracle as shown in [Coron], the AES-CTR stream is indifferentiable from a random oracle under standard cryptographic assumptions (see [Larsson] for examples).
References:
[Coron] https://cs.nyu.edu/~dodis/ps/merkle.pdf [Larsson] https://www.nada.kth.se/kurser/kth/2D1441/semteo03/lecturenotes/assump.pdf
Example ¶
package main import ( "crypto/ecdsa" "crypto/elliptic" "crypto/rand" "crypto/sha256" "fmt" ) func main() { privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader) if err != nil { panic(err) } msg := "hello, world" hash := sha256.Sum256([]byte(msg)) r, s, err := ecdsa.Sign(rand.Reader, privateKey, hash[:]) if err != nil { panic(err) } fmt.Printf("signature: (0x%x, 0x%x)\n", r, s) valid := ecdsa.Verify(&privateKey.PublicKey, hash[:], r, s) fmt.Println("signature verified:", valid) }
Output:
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func Sign ¶
Sign signs a hash (which should be the result of hashing a larger message) using the private key, priv. If the hash is longer than the bit-length of the private key's curve order, the hash will be truncated to that length. It returns the signature as a pair of integers. The security of the private key depends on the entropy of rand.
Types ¶
type PrivateKey ¶
PrivateKey represents an ECDSA private key.
func GenerateKey ¶
GenerateKey generates a public and private key pair.
func (*PrivateKey) Public ¶
func (priv *PrivateKey) Public() crypto.PublicKey
Public returns the public key corresponding to priv.
func (*PrivateKey) Sign ¶
func (priv *PrivateKey) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)
Sign signs digest with priv, reading randomness from rand. The opts argument is not currently used but, in keeping with the crypto.Signer interface, should be the hash function used to digest the message.
This method implements crypto.Signer, which is an interface to support keys where the private part is kept in, for example, a hardware module. Common uses should use the Sign function in this package directly.