rfc6979

package module
v0.0.0-...-6a90f24 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 3, 2014 License: MIT Imports: 7 Imported by: 0

README

rfc6979

Build Status

A Go implementation of RFC 6979's deterministic DSA/ECDSA signature scheme.

For documentation, check godoc.

Documentation

Overview

Package rfc6979 is an implementation of RFC 6979's deterministic DSA.

Such signatures are compatible with standard Digital Signature Algorithm
(DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA) digital
signatures and can be processed with unmodified verifiers, which need not be
aware of the procedure described therein.  Deterministic signatures retain
the cryptographic security features associated with digital signatures but
can be more easily implemented in various environments, since they do not
need access to a source of high-quality randomness.

(https://tools.ietf.org/html/rfc6979)

Provides functions similar to crypto/dsa and crypto/ecdsa.

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

func SignDSA

func SignDSA(priv *dsa.PrivateKey, hash []byte, alg func() hash.Hash) (r, s *big.Int, err error)

SignDSA signs an arbitrary length hash (which should be the result of hashing a larger message) using the private key, priv. It returns the signature as a pair of integers.

Note that FIPS 186-3 section 4.6 specifies that the hash should be truncated to the byte-length of the subgroup. This function does not perform that truncation itself.

Example

Generates a 1024-bit DSA key, uses SHA-1 to sign a message, then verifies it.

// Here I'm generating some DSA params, but you should really pre-generate
// these and re-use them, since this takes a long time and isn't necessary.
k := new(dsa.PrivateKey)
dsa.GenerateParameters(&k.Parameters, rand.Reader, dsa.L1024N160)

// Generate a key pair.
// You need a high-quality PRNG for this.
err := dsa.GenerateKey(k, rand.Reader)
if err != nil {
	fmt.Println(err)
	return
}

// Hash a message.
alg := sha1.New()
alg.Write([]byte("I am a potato."))
hash := alg.Sum(nil)

// Sign the message. You don't need a PRNG for this.
r, s, err := SignDSA(k, hash, sha1.New)
if err != nil {
	fmt.Println(err)
	return
}

if !dsa.Verify(&k.PublicKey, hash, r, s) {
	fmt.Println("Invalid signature!")
}
Output:

func SignECDSA

func SignECDSA(priv *ecdsa.PrivateKey, hash []byte, alg func() hash.Hash) (r, s *big.Int, err error)

SignECDSA signs an arbitrary length hash (which should be the result of hashing a larger message) using the private key, priv. It returns the signature as a pair of integers.

Note that FIPS 186-3 section 4.6 specifies that the hash should be truncated to the byte-length of the subgroup. This function does not perform that truncation itself.

Example

Generates a 521-bit ECDSA key, uses SHA-512 to sign a message, then verifies it.

// Generate a key pair.
// You need a high-quality PRNG for this.
k, err := ecdsa.GenerateKey(elliptic.P521(), rand.Reader)
if err != nil {
	fmt.Println(err)
	return
}

// Hash a message.
alg := sha512.New()
alg.Write([]byte("I am a potato."))
hash := alg.Sum(nil)

// Sign the message. You don't need a PRNG for this.
r, s, err := SignECDSA(k, hash, sha512.New)
if err != nil {
	fmt.Println(err)
	return
}

if !ecdsa.Verify(&k.PublicKey, hash, r, s) {
	fmt.Println("Invalid signature!")
}
Output:

Types

This section is empty.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL