signature

package
v1.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Aug 10, 2022 License: Apache-2.0 Imports: 21 Imported by: 30

Documentation

Overview

Package signature provides implementations of the Signer and Verifier primitives.

To sign data using Tink you can use ECDSA, ED25519 or RSA-SSA-PKCS1 key templates.

Example
package main

import (
	"encoding/base64"
	"fmt"
	"log"

	"github.com/google/tink/go/keyset"
	"github.com/google/tink/go/signature"
)

func main() {
	kh, err := keyset.NewHandle(signature.ECDSAP256KeyTemplate()) // Other key templates can also be used.
	if err != nil {
		log.Fatal(err)
	}

	// TODO: save the private keyset to a safe location. DO NOT hardcode it in source code.
	// Consider encrypting it with a remote key in Cloud KMS, AWS KMS or HashiCorp Vault.
	// See https://github.com/google/tink/blob/master/docs/GOLANG-HOWTO.md#storing-and-loading-existing-keysets.

	s, err := signature.NewSigner(kh)
	if err != nil {
		log.Fatal(err)
	}

	msg := []byte("this data needs to be signed")
	sig, err := s.Sign(msg)
	if err != nil {
		log.Fatal(err)
	}

	pubkh, err := kh.Public()
	if err != nil {
		log.Fatal(err)
	}

	// TODO: share the public with the verifier.

	v, err := signature.NewVerifier(pubkh)
	if err != nil {
		log.Fatal(err)
	}

	if err := v.Verify(sig, msg); err != nil {
		log.Fatal(err)
	}

	fmt.Printf("Message: %s\n", msg)
	fmt.Printf("Signature: %s\n", base64.StdEncoding.EncodeToString(sig))
}
Output:

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

func ECDSAP256KeyTemplate

func ECDSAP256KeyTemplate() *tinkpb.KeyTemplate

ECDSAP256KeyTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:

  • Hash function: SHA256
  • Curve: NIST P-256
  • Signature encoding: DER
  • Output prefix type: TINK

func ECDSAP256KeyWithoutPrefixTemplate

func ECDSAP256KeyWithoutPrefixTemplate() *tinkpb.KeyTemplate

ECDSAP256KeyWithoutPrefixTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:

  • Hash function: SHA256
  • Curve: NIST P-256
  • Signature encoding: DER
  • Output prefix type: RAW

Note that this template uses a different encoding than ESDSA_P256_RAW in Tinkey.

func ECDSAP256RawKeyTemplate added in v1.7.0

func ECDSAP256RawKeyTemplate() *tinkpb.KeyTemplate

ECDSAP256RawKeyTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:

  • Hash function: SHA256
  • Curve: NIST P-256
  • Signature encoding: IEEE_P1363
  • Output prefix type: RAW

func ECDSAP384KeyTemplate deprecated

func ECDSAP384KeyTemplate() *tinkpb.KeyTemplate

ECDSAP384KeyTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:

  • Hash function: SHA512
  • Curve: NIST P-384
  • Signature encoding: DER
  • Output prefix type: TINK

Deprecated: Use ECDSAP384SHA384KeyTemplate or ECDSAP384SHA512KeyTemplate instead.

func ECDSAP384KeyWithoutPrefixTemplate

func ECDSAP384KeyWithoutPrefixTemplate() *tinkpb.KeyTemplate

ECDSAP384KeyWithoutPrefixTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:

  • Hash function: SHA512
  • Curve: NIST P-384
  • Signature encoding: DER
  • Output prefix type: RAW

func ECDSAP384SHA384KeyTemplate added in v1.7.0

func ECDSAP384SHA384KeyTemplate() *tinkpb.KeyTemplate

ECDSAP384SHA384KeyTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:

  • Hash function: SHA384
  • Curve: NIST P-384
  • Signature encoding: DER
  • Output prefix type: TINK

func ECDSAP384SHA512KeyTemplate added in v1.7.0

func ECDSAP384SHA512KeyTemplate() *tinkpb.KeyTemplate

ECDSAP384SHA512KeyTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:

  • Hash function: SHA512
  • Curve: NIST P-384
  • Signature encoding: DER
  • Output prefix type: TINK

func ECDSAP521KeyTemplate

func ECDSAP521KeyTemplate() *tinkpb.KeyTemplate

ECDSAP521KeyTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:

  • Hash function: SHA512
  • Curve: NIST P-521
  • Signature encoding: DER
  • Output prefix type: TINK

func ECDSAP521KeyWithoutPrefixTemplate

func ECDSAP521KeyWithoutPrefixTemplate() *tinkpb.KeyTemplate

ECDSAP521KeyWithoutPrefixTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:

  • Hash function: SHA512
  • Curve: NIST P-521
  • Signature encoding: DER
  • Output prefix type: TINK

func ED25519KeyTemplate

func ED25519KeyTemplate() *tinkpb.KeyTemplate

ED25519KeyTemplate is a KeyTemplate that generates a new ED25519 private key.

func ED25519KeyWithoutPrefixTemplate

func ED25519KeyWithoutPrefixTemplate() *tinkpb.KeyTemplate

ED25519KeyWithoutPrefixTemplate is a KeyTemplate that generates a new ED25519 private key.

func NewSigner

func NewSigner(h *keyset.Handle) (tink.Signer, error)

NewSigner returns a Signer primitive from the given keyset handle.

func NewSignerWithKeyManager deprecated

func NewSignerWithKeyManager(h *keyset.Handle, km registry.KeyManager) (tink.Signer, error)

NewSignerWithKeyManager returns a Signer primitive from the given keyset handle and custom key manager.

Deprecated: Use NewSigner.

func NewVerifier

func NewVerifier(h *keyset.Handle) (tink.Verifier, error)

NewVerifier returns a Verifier primitive from the given keyset handle.

func NewVerifierWithKeyManager deprecated

func NewVerifierWithKeyManager(h *keyset.Handle, km registry.KeyManager) (tink.Verifier, error)

NewVerifierWithKeyManager returns a Verifier primitive from the given keyset handle and custom key manager.

Deprecated: Use NewVerifier.

func RSA_SSA_PKCS1_3072_SHA256_F4_Key_Template added in v1.7.0

func RSA_SSA_PKCS1_3072_SHA256_F4_Key_Template() *tinkpb.KeyTemplate

RSA_SSA_PKCS1_3072_SHA256_F4_Key_Template is a KeyTemplate that generates a new RSA SSA PKCS1 private key with the following parameters:

  • Modulus size in bits: 3072.
  • Hash function: SHA256.
  • Public Exponent: 65537 (aka F4).
  • OutputPrefixType: TINK

func RSA_SSA_PKCS1_3072_SHA256_F4_RAW_Key_Template added in v1.7.0

func RSA_SSA_PKCS1_3072_SHA256_F4_RAW_Key_Template() *tinkpb.KeyTemplate

RSA_SSA_PKCS1_3072_SHA256_F4_RAW_Key_Template is a KeyTemplate that generates a new RSA SSA PKCS1 private key with the following parameters:

  • Modulus size in bits: 3072.
  • Hash function: SHA256.
  • Public Exponent: 65537 (aka F4).
  • OutputPrefixType: RAW

func RSA_SSA_PKCS1_4096_SHA512_F4_Key_Template added in v1.7.0

func RSA_SSA_PKCS1_4096_SHA512_F4_Key_Template() *tinkpb.KeyTemplate

RSA_SSA_PKCS1_4096_SHA512_F4_Key_Template is a KeyTemplate that generates a new RSA SSA PKCS1 private key with the following parameters:

  • Modulus size in bits: 4096.
  • Hash function: SHA512.
  • Public Exponent: 65537 (aka F4).
  • OutputPrefixType: TINK

func RSA_SSA_PKCS1_4096_SHA512_F4_RAW_Key_Template added in v1.7.0

func RSA_SSA_PKCS1_4096_SHA512_F4_RAW_Key_Template() *tinkpb.KeyTemplate

RSA_SSA_PKCS1_4096_SHA512_F4_RAW_Key_Template is a KeyTemplate that generates a new RSA SSA PKCS1 private key with the following parameters:

  • Modulus size in bits: 4096.
  • Hash function: SHA512.
  • Public Exponent: 65537 (aka F4).
  • OutputPrefixType: RAW

Types

This section is empty.

Directories

Path Synopsis
Package internal implements digital signatures.
Package internal implements digital signatures.
Package subtle provides subtle implementations of the digital signature primitive.
Package subtle provides subtle implementations of the digital signature primitive.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL