signature

package
v1.5.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Oct 14, 2020 License: Apache-2.0 Imports: 17 Imported by: 31

Documentation

Overview

Package signature provides implementations of the Signer and Verifier primitives.

To sign data using Tink you can use ECDSA or ED25519 key templates.

Example
package main

import (
	"encoding/base64"
	"fmt"
	"log"

	"github.com/google/tink/go/keyset"
	"github.com/google/tink/go/signature"
)

func main() {
	kh, err := keyset.NewHandle(signature.ECDSAP256KeyTemplate()) // Other key templates can also be used.
	if err != nil {
		log.Fatal(err)
	}

	// TODO: save the private keyset to a safe location. DO NOT hardcode it in source code.
	// Consider encrypting it with a remote key in Cloud KMS, AWS KMS or HashiCorp Vault.
	// See https://github.com/google/tink/blob/master/docs/GOLANG-HOWTO.md#storing-and-loading-existing-keysets.

	s, err := signature.NewSigner(kh)
	if err != nil {
		log.Fatal(err)
	}

	msg := []byte("this data needs to be signed")
	sig, err := s.Sign(msg)
	if err != nil {
		log.Fatal(err)
	}

	pubkh, err := kh.Public()
	if err != nil {
		log.Fatal(err)
	}

	// TODO: share the public with the verifier.

	v, err := signature.NewVerifier(pubkh)
	if err != nil {
		log.Fatal(err)
	}

	if err := v.Verify(sig, msg); err != nil {
		log.Fatal(err)
	}

	fmt.Printf("Message: %s\n", msg)
	fmt.Printf("Signature: %s\n", base64.StdEncoding.EncodeToString(sig))
}
Output:

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

func ECDSAP256KeyTemplate

func ECDSAP256KeyTemplate() *tinkpb.KeyTemplate

ECDSAP256KeyTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:

  • Hash function: SHA256
  • Curve: NIST P-256
  • Signature encoding: DER
  • Output prefix type: TINK

func ECDSAP256KeyWithoutPrefixTemplate

func ECDSAP256KeyWithoutPrefixTemplate() *tinkpb.KeyTemplate

ECDSAP256KeyWithoutPrefixTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:

  • Hash function: SHA256
  • Curve: NIST P-256
  • Signature encoding: DER
  • Output prefix type: RAW

func ECDSAP384KeyTemplate

func ECDSAP384KeyTemplate() *tinkpb.KeyTemplate

ECDSAP384KeyTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:

  • Hash function: SHA512
  • Curve: NIST P-384
  • Signature encoding: DER
  • Output prefix type: TINK

func ECDSAP384KeyWithoutPrefixTemplate

func ECDSAP384KeyWithoutPrefixTemplate() *tinkpb.KeyTemplate

ECDSAP384KeyWithoutPrefixTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:

  • Hash function: SHA512
  • Curve: NIST P-384
  • Signature encoding: DER
  • Output prefix type: RAW

func ECDSAP521KeyTemplate

func ECDSAP521KeyTemplate() *tinkpb.KeyTemplate

ECDSAP521KeyTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:

  • Hash function: SHA512
  • Curve: NIST P-521
  • Signature encoding: DER
  • Output prefix type: TINK

func ECDSAP521KeyWithoutPrefixTemplate

func ECDSAP521KeyWithoutPrefixTemplate() *tinkpb.KeyTemplate

ECDSAP521KeyWithoutPrefixTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:

  • Hash function: SHA512
  • Curve: NIST P-521
  • Signature encoding: DER
  • Output prefix type: TINK

func ED25519KeyTemplate

func ED25519KeyTemplate() *tinkpb.KeyTemplate

ED25519KeyTemplate is a KeyTemplate that generates a new ED25519 private key.

func ED25519KeyWithoutPrefixTemplate

func ED25519KeyWithoutPrefixTemplate() *tinkpb.KeyTemplate

ED25519KeyWithoutPrefixTemplate is a KeyTemplate that generates a new ED25519 private key.

func NewSigner

func NewSigner(h *keyset.Handle) (tink.Signer, error)

NewSigner returns a Signer primitive from the given keyset handle.

func NewSignerWithKeyManager

func NewSignerWithKeyManager(h *keyset.Handle, km registry.KeyManager) (tink.Signer, error)

NewSignerWithKeyManager returns a Signer primitive from the given keyset handle and custom key manager.

func NewVerifier

func NewVerifier(h *keyset.Handle) (tink.Verifier, error)

NewVerifier returns a Verifier primitive from the given keyset handle.

func NewVerifierWithKeyManager

func NewVerifierWithKeyManager(h *keyset.Handle, km registry.KeyManager) (tink.Verifier, error)

NewVerifierWithKeyManager returns a Verifier primitive from the given keyset handle and custom key manager.

Types

This section is empty.

Directories

Path Synopsis
Package subtle provides subtle implementations of digital signature primitives.
Package subtle provides subtle implementations of digital signature primitives.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL