Documentation ¶
Overview ¶
Package rfc6979 is an implementation of RFC 6979's deterministic DSA.
Such signatures are compatible with standard Digital Signature Algorithm (DSA) and Elliptic Curve Digital Signature Algorithm (ECDSA) digital signatures and can be processed with unmodified verifiers, which need not be aware of the procedure described therein. Deterministic signatures retain the cryptographic security features associated with digital signatures but can be more easily implemented in various environments, since they do not need access to a source of high-quality randomness.
(https://tools.ietf.org/html/rfc6979)
Provides functions similar to crypto/dsa and crypto/ecdsa.
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func SignDSA ¶
SignDSA signs an arbitrary length hash (which should be the result of hashing a larger message) using the private key, priv. It returns the signature as a pair of integers.
Note that FIPS 186-3 section 4.6 specifies that the hash should be truncated to the byte-length of the subgroup. This function does not perform that truncation itself.
Example ¶
Generates a 1024-bit DSA key, uses SHA-1 to sign a message, then verifies it.
// Here I'm generating some DSA params, but you should really pre-generate // these and re-use them, since this takes a long time and isn't necessary. k := new(dsa.PrivateKey) dsa.GenerateParameters(&k.Parameters, rand.Reader, dsa.L1024N160) // Generate a key pair. // You need a high-quality PRNG for this. err := dsa.GenerateKey(k, rand.Reader) if err != nil { fmt.Println(err) return } // Hash a message. alg := sha1.New() alg.Write([]byte("I am a potato.")) hash := alg.Sum(nil) // Sign the message. You don't need a PRNG for this. r, s, err := SignDSA(k, hash, sha1.New) if err != nil { fmt.Println(err) return } if !dsa.Verify(&k.PublicKey, hash, r, s) { fmt.Println("Invalid signature!") }
Output:
func SignECDSA ¶
func SignECDSA(priv *ecdsa.PrivateKey, hash []byte, alg func() hash.Hash) (r, s *big.Int, err error)
SignECDSA signs an arbitrary length hash (which should be the result of hashing a larger message) using the private key, priv. It returns the signature as a pair of integers.
Note that FIPS 186-3 section 4.6 specifies that the hash should be truncated to the byte-length of the subgroup. This function does not perform that truncation itself.
Example ¶
Generates a 521-bit ECDSA key, uses SHA-512 to sign a message, then verifies it.
// Generate a key pair. // You need a high-quality PRNG for this. k, err := ecdsa.GenerateKey(elliptic.P521(), rand.Reader) if err != nil { fmt.Println(err) return } // Hash a message. alg := sha512.New() alg.Write([]byte("I am a potato.")) hash := alg.Sum(nil) // Sign the message. You don't need a PRNG for this. r, s, err := SignECDSA(k, hash, sha512.New) if err != nil { fmt.Println(err) return } if !ecdsa.Verify(&k.PublicKey, hash, r, s) { fmt.Println("Invalid signature!") }
Output:
Types ¶
This section is empty.