Documentation ¶
Overview ¶
Package signature provides implementations of the Signer and Verifier primitives.
To sign data using Tink you can use ECDSA or ED25519 key templates.
Example ¶
package main import ( "encoding/base64" "fmt" "log" "github.com/google/tink/go/keyset" "github.com/google/tink/go/signature" ) func main() { kh, err := keyset.NewHandle(signature.ECDSAP256KeyTemplate()) // Other key templates can also be used. if err != nil { log.Fatal(err) } // TODO: save the private keyset to a safe location. DO NOT hardcode it in source code. // Consider encrypting it with a remote key in Cloud KMS, AWS KMS or HashiCorp Vault. // See https://github.com/google/tink/blob/master/docs/GOLANG-HOWTO.md#storing-and-loading-existing-keysets. s, err := signature.NewSigner(kh) if err != nil { log.Fatal(err) } msg := []byte("this data needs to be signed") sig, err := s.Sign(msg) if err != nil { log.Fatal(err) } pubkh, err := kh.Public() if err != nil { log.Fatal(err) } // TODO: share the public with the verifier. v, err := signature.NewVerifier(pubkh) if err != nil { log.Fatal(err) } if err := v.Verify(sig, msg); err != nil { log.Fatal(err) } fmt.Printf("Message: %s\n", msg) fmt.Printf("Signature: %s\n", base64.StdEncoding.EncodeToString(sig)) }
Output:
Index ¶
- func ECDSAP256KeyTemplate() *tinkpb.KeyTemplate
- func ECDSAP256KeyWithoutPrefixTemplate() *tinkpb.KeyTemplate
- func ECDSAP384KeyTemplate() *tinkpb.KeyTemplate
- func ECDSAP384KeyWithoutPrefixTemplate() *tinkpb.KeyTemplate
- func ECDSAP521KeyTemplate() *tinkpb.KeyTemplate
- func ECDSAP521KeyWithoutPrefixTemplate() *tinkpb.KeyTemplate
- func ED25519KeyTemplate() *tinkpb.KeyTemplate
- func ED25519KeyWithoutPrefixTemplate() *tinkpb.KeyTemplate
- func NewSigner(h *keyset.Handle) (tink.Signer, error)
- func NewSignerWithKeyManager(h *keyset.Handle, km registry.KeyManager) (tink.Signer, error)
- func NewVerifier(h *keyset.Handle) (tink.Verifier, error)
- func NewVerifierWithKeyManager(h *keyset.Handle, km registry.KeyManager) (tink.Verifier, error)
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func ECDSAP256KeyTemplate ¶
func ECDSAP256KeyTemplate() *tinkpb.KeyTemplate
ECDSAP256KeyTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:
- Hash function: SHA256
- Curve: NIST P-256
- Signature encoding: DER
- Output prefix type: TINK
func ECDSAP256KeyWithoutPrefixTemplate ¶
func ECDSAP256KeyWithoutPrefixTemplate() *tinkpb.KeyTemplate
ECDSAP256KeyWithoutPrefixTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:
- Hash function: SHA256
- Curve: NIST P-256
- Signature encoding: DER
- Output prefix type: RAW
func ECDSAP384KeyTemplate ¶
func ECDSAP384KeyTemplate() *tinkpb.KeyTemplate
ECDSAP384KeyTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:
- Hash function: SHA512
- Curve: NIST P-384
- Signature encoding: DER
- Output prefix type: TINK
func ECDSAP384KeyWithoutPrefixTemplate ¶
func ECDSAP384KeyWithoutPrefixTemplate() *tinkpb.KeyTemplate
ECDSAP384KeyWithoutPrefixTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:
- Hash function: SHA512
- Curve: NIST P-384
- Signature encoding: DER
- Output prefix type: RAW
func ECDSAP521KeyTemplate ¶
func ECDSAP521KeyTemplate() *tinkpb.KeyTemplate
ECDSAP521KeyTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:
- Hash function: SHA512
- Curve: NIST P-521
- Signature encoding: DER
- Output prefix type: TINK
func ECDSAP521KeyWithoutPrefixTemplate ¶
func ECDSAP521KeyWithoutPrefixTemplate() *tinkpb.KeyTemplate
ECDSAP521KeyWithoutPrefixTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:
- Hash function: SHA512
- Curve: NIST P-521
- Signature encoding: DER
- Output prefix type: TINK
func ED25519KeyTemplate ¶
func ED25519KeyTemplate() *tinkpb.KeyTemplate
ED25519KeyTemplate is a KeyTemplate that generates a new ED25519 private key.
func ED25519KeyWithoutPrefixTemplate ¶
func ED25519KeyWithoutPrefixTemplate() *tinkpb.KeyTemplate
ED25519KeyWithoutPrefixTemplate is a KeyTemplate that generates a new ED25519 private key.
func NewSignerWithKeyManager ¶
NewSignerWithKeyManager returns a Signer primitive from the given keyset handle and custom key manager.
func NewVerifier ¶
NewVerifier returns a Verifier primitive from the given keyset handle.
func NewVerifierWithKeyManager ¶
NewVerifierWithKeyManager returns a Verifier primitive from the given keyset handle and custom key manager.
Types ¶
This section is empty.