signature

package
v1.7.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Aug 10, 2022 License: Apache-2.0 Imports: 21 Imported by: 30

Documentation

Overview

Package signature provides implementations of the Signer and Verifier primitives.

To sign data using Tink you can use ECDSA, ED25519 or RSA-SSA-PKCS1 key templates.

Example 
package main

import (
	"encoding/base64"
	"fmt"
	"log"

	"github.com/google/tink/go/keyset"
	"github.com/google/tink/go/signature"
)

func main() {
	kh, err := keyset.NewHandle(signature.ECDSAP256KeyTemplate()) // Other key templates can also be used.
	if err != nil {
		log.Fatal(err)
	}

	// TODO: save the private keyset to a safe location. DO NOT hardcode it in source code.
	// Consider encrypting it with a remote key in Cloud KMS, AWS KMS or HashiCorp Vault.
	// See https://github.com/google/tink/blob/master/docs/GOLANG-HOWTO.md#storing-and-loading-existing-keysets.

	s, err := signature.NewSigner(kh)
	if err != nil {
		log.Fatal(err)
	}

	msg := []byte("this data needs to be signed")
	sig, err := s.Sign(msg)
	if err != nil {
		log.Fatal(err)
	}

	pubkh, err := kh.Public()
	if err != nil {
		log.Fatal(err)
	}

	// TODO: share the public with the verifier.

	v, err := signature.NewVerifier(pubkh)
	if err != nil {
		log.Fatal(err)
	}

	if err := v.Verify(sig, msg); err != nil {
		log.Fatal(err)
	}

	fmt.Printf("Message: %s\n", msg)
	fmt.Printf("Signature: %s\n", base64.StdEncoding.EncodeToString(sig))
}

Output:

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

func ECDSAP256KeyTemplate 

func ECDSAP256KeyTemplate() *tinkpb.KeyTemplate

ECDSAP256KeyTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:

  • Hash function: SHA256
  • Curve: NIST P-256
  • Signature encoding: DER
  • Output prefix type: TINK

func ECDSAP256KeyWithoutPrefixTemplate 

func ECDSAP256KeyWithoutPrefixTemplate() *tinkpb.KeyTemplate

ECDSAP256KeyWithoutPrefixTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:

  • Hash function: SHA256
  • Curve: NIST P-256
  • Signature encoding: DER
  • Output prefix type: RAW

Note that this template uses a different encoding than ESDSA_P256_RAW in Tinkey.

func ECDSAP256RawKeyTemplate added in v1.7.0 

func ECDSAP256RawKeyTemplate() *tinkpb.KeyTemplate

ECDSAP256RawKeyTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:

  • Hash function: SHA256
  • Curve: NIST P-256
  • Signature encoding: IEEE_P1363
  • Output prefix type: RAW

func ECDSAP384KeyTemplate deprecated 

func ECDSAP384KeyTemplate() *tinkpb.KeyTemplate

ECDSAP384KeyTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:

  • Hash function: SHA512
  • Curve: NIST P-384
  • Signature encoding: DER
  • Output prefix type: TINK

Deprecated: Use ECDSAP384SHA384KeyTemplate or ECDSAP384SHA512KeyTemplate instead.

func ECDSAP384KeyWithoutPrefixTemplate 

func ECDSAP384KeyWithoutPrefixTemplate() *tinkpb.KeyTemplate

ECDSAP384KeyWithoutPrefixTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:

  • Hash function: SHA512
  • Curve: NIST P-384
  • Signature encoding: DER
  • Output prefix type: RAW

func ECDSAP384SHA384KeyTemplate added in v1.7.0 

func ECDSAP384SHA384KeyTemplate() *tinkpb.KeyTemplate

ECDSAP384SHA384KeyTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:

  • Hash function: SHA384
  • Curve: NIST P-384
  • Signature encoding: DER
  • Output prefix type: TINK

func ECDSAP384SHA512KeyTemplate added in v1.7.0 

func ECDSAP384SHA512KeyTemplate() *tinkpb.KeyTemplate

ECDSAP384SHA512KeyTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:

  • Hash function: SHA512
  • Curve: NIST P-384
  • Signature encoding: DER
  • Output prefix type: TINK

func ECDSAP521KeyTemplate 

func ECDSAP521KeyTemplate() *tinkpb.KeyTemplate

ECDSAP521KeyTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:

  • Hash function: SHA512
  • Curve: NIST P-521
  • Signature encoding: DER
  • Output prefix type: TINK

func ECDSAP521KeyWithoutPrefixTemplate 

func ECDSAP521KeyWithoutPrefixTemplate() *tinkpb.KeyTemplate

ECDSAP521KeyWithoutPrefixTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:

  • Hash function: SHA512
  • Curve: NIST P-521
  • Signature encoding: DER
  • Output prefix type: TINK

func ED25519KeyTemplate 

func ED25519KeyTemplate() *tinkpb.KeyTemplate

ED25519KeyTemplate is a KeyTemplate that generates a new ED25519 private key.

func ED25519KeyWithoutPrefixTemplate 

func ED25519KeyWithoutPrefixTemplate() *tinkpb.KeyTemplate

ED25519KeyWithoutPrefixTemplate is a KeyTemplate that generates a new ED25519 private key.

func NewSigner 

func NewSigner(h *keyset.Handle) (tink.Signer, error)

NewSigner returns a Signer primitive from the given keyset handle.

func NewSignerWithKeyManager deprecated 

func NewSignerWithKeyManager(h *keyset.Handle, km registry.KeyManager) (tink.Signer, error)

NewSignerWithKeyManager returns a Signer primitive from the given keyset handle and custom key manager.

Deprecated: Use NewSigner.

func NewVerifier 

func NewVerifier(h *keyset.Handle) (tink.Verifier, error)

NewVerifier returns a Verifier primitive from the given keyset handle.

func NewVerifierWithKeyManager deprecated 

func NewVerifierWithKeyManager(h *keyset.Handle, km registry.KeyManager) (tink.Verifier, error)

NewVerifierWithKeyManager returns a Verifier primitive from the given keyset handle and custom key manager.

Deprecated: Use NewVerifier.

func RSA_SSA_PKCS1_3072_SHA256_F4_Key_Template added in v1.7.0 

func RSA_SSA_PKCS1_3072_SHA256_F4_Key_Template() *tinkpb.KeyTemplate

RSA_SSA_PKCS1_3072_SHA256_F4_Key_Template is a KeyTemplate that generates a new RSA SSA PKCS1 private key with the following parameters:

  • Modulus size in bits: 3072.
  • Hash function: SHA256.
  • Public Exponent: 65537 (aka F4).
  • OutputPrefixType: TINK

func RSA_SSA_PKCS1_3072_SHA256_F4_RAW_Key_Template added in v1.7.0 

func RSA_SSA_PKCS1_3072_SHA256_F4_RAW_Key_Template() *tinkpb.KeyTemplate

RSA_SSA_PKCS1_3072_SHA256_F4_RAW_Key_Template is a KeyTemplate that generates a new RSA SSA PKCS1 private key with the following parameters:

  • Modulus size in bits: 3072.
  • Hash function: SHA256.
  • Public Exponent: 65537 (aka F4).
  • OutputPrefixType: RAW

func RSA_SSA_PKCS1_4096_SHA512_F4_Key_Template added in v1.7.0 

func RSA_SSA_PKCS1_4096_SHA512_F4_Key_Template() *tinkpb.KeyTemplate

RSA_SSA_PKCS1_4096_SHA512_F4_Key_Template is a KeyTemplate that generates a new RSA SSA PKCS1 private key with the following parameters:

  • Modulus size in bits: 4096.
  • Hash function: SHA512.
  • Public Exponent: 65537 (aka F4).
  • OutputPrefixType: TINK

func RSA_SSA_PKCS1_4096_SHA512_F4_RAW_Key_Template added in v1.7.0 

func RSA_SSA_PKCS1_4096_SHA512_F4_RAW_Key_Template() *tinkpb.KeyTemplate

RSA_SSA_PKCS1_4096_SHA512_F4_RAW_Key_Template is a KeyTemplate that generates a new RSA SSA PKCS1 private key with the following parameters:

  • Modulus size in bits: 4096.
  • Hash function: SHA512.
  • Public Exponent: 65537 (aka F4).
  • OutputPrefixType: RAW

Types

This section is empty.

Source Files

View all Source files

Directories

Path Synopsis
Package internal implements digital signatures.
 Package internal implements digital signatures.
Package subtle provides subtle implementations of the digital signature primitive.
 Package subtle provides subtle implementations of the digital signature primitive.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.