signature

package
v2.2.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 16, 2024 License: Apache-2.0 Imports: 27 Imported by: 5

Documentation

Overview

Package signature provides implementations of the Signer and Verifier primitives.

To sign data using Tink you can use ECDSA, ED25519 or RSA-SSA-PKCS1 key templates.

Example 
package main

import (
	"bytes"
	"fmt"
	"log"

	"github.com/tink-crypto/tink-go/v2/insecurecleartextkeyset"
	"github.com/tink-crypto/tink-go/v2/keyset"
	"github.com/tink-crypto/tink-go/v2/signature"
)

func main() {
	// A private keyset created with
	// "tinkey create-keyset --key-template=ECDSA_P256 --out private_keyset.cfg".
	// Note that this keyset has the secret key information in cleartext.
	privateJSONKeyset := `{
		"key": [{
			"keyData": {
					"keyMaterialType":
							"ASYMMETRIC_PRIVATE",
					"typeUrl":
							"type.googleapis.com/google.crypto.tink.EcdsaPrivateKey",
					"value":
							"EkwSBggDEAIYAhogEiSZ9u2nDtvZuDgWgGsVTIZ5/V08N4ycUspTX0RYRrkiIHpEwHxQd1bImkyMvV2bqtUbgMh5uPSTdnUEGrPXdt56GiEA3iUi+CRN71qy0fOCK66xAW/IvFyjOGtxjppRhSFUneo="
			},
			"keyId": 611814836,
			"outputPrefixType": "TINK",
			"status": "ENABLED"
		}],
		"primaryKeyId": 611814836
	}`

	// The corresponding public keyset created with
	// "tinkey create-public-keyset --in private_keyset.cfg"
	publicJSONKeyset := `{
      "key": [{
          "keyData": {
              "keyMaterialType":
                  "ASYMMETRIC_PUBLIC",
              "typeUrl":
                  "type.googleapis.com/google.crypto.tink.EcdsaPublicKey",
              "value":
                  "EgYIAxACGAIaIBIkmfbtpw7b2bg4FoBrFUyGef1dPDeMnFLKU19EWEa5IiB6RMB8UHdWyJpMjL1dm6rVG4DIebj0k3Z1BBqz13beeg=="
          },
          "keyId": 611814836,
          "outputPrefixType": "TINK",
          "status": "ENABLED"
      }],
      "primaryKeyId": 611814836
  }`

	// Create a keyset handle from the cleartext private keyset in the previous
	// step. The keyset handle provides abstract access to the underlying keyset to
	// limit the access of the raw key material. WARNING: In practice,
	// it is unlikely you will want to use a insecurecleartextkeyset, as it implies
	// that your key material is passed in cleartext, which is a security risk.
	// Consider encrypting it with a remote key in Cloud KMS, AWS KMS or HashiCorp Vault.
	// See https://github.com/google/tink/blob/master/docs/GOLANG-HOWTO.md#storing-and-loading-existing-keysets.
	privateKeysetHandle, err := insecurecleartextkeyset.Read(
		keyset.NewJSONReader(bytes.NewBufferString(privateJSONKeyset)))
	if err != nil {
		log.Fatal(err)
	}

	// Retrieve the Signer primitive from privateKeysetHandle.
	signer, err := signature.NewSigner(privateKeysetHandle)
	if err != nil {
		log.Fatal(err)
	}

	// Use the primitive to sign a message. In this case, the primary key of the
	// keyset will be used (which is also the only key in this example).
	data := []byte("data")
	sig, err := signer.Sign(data)
	if err != nil {
		log.Fatal(err)
	}

	// Create a keyset handle from the keyset containing the public key. Because the
	// public keyset does not contain any secrets, we can use [keyset.ReadWithNoSecrets].
	publicKeysetHandle, err := keyset.ReadWithNoSecrets(
		keyset.NewJSONReader(bytes.NewBufferString(publicJSONKeyset)))
	if err != nil {
		log.Fatal(err)
	}

	// Retrieve the Verifier primitive from publicKeysetHandle.
	verifier, err := signature.NewVerifier(publicKeysetHandle)
	if err != nil {
		log.Fatal(err)
	}

	if err = verifier.Verify(sig, data); err != nil {
		log.Fatal(err)
	}
	fmt.Printf("sig is valid")
}

Output:

sig is valid

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

func ECDSAP256KeyTemplate 

func ECDSAP256KeyTemplate() *tinkpb.KeyTemplate

ECDSAP256KeyTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:

  • Hash function: SHA256
  • Curve: NIST P-256
  • Signature encoding: DER
  • Output prefix type: TINK

func ECDSAP256KeyWithoutPrefixTemplate 

func ECDSAP256KeyWithoutPrefixTemplate() *tinkpb.KeyTemplate

ECDSAP256KeyWithoutPrefixTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:

  • Hash function: SHA256
  • Curve: NIST P-256
  • Signature encoding: DER
  • Output prefix type: RAW

Note that this template uses a different encoding than ESDSA_P256_RAW in Tinkey.

func ECDSAP256RawKeyTemplate 

func ECDSAP256RawKeyTemplate() *tinkpb.KeyTemplate

ECDSAP256RawKeyTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:

  • Hash function: SHA256
  • Curve: NIST P-256
  • Signature encoding: IEEE_P1363
  • Output prefix type: RAW

func ECDSAP384KeyWithoutPrefixTemplate 

func ECDSAP384KeyWithoutPrefixTemplate() *tinkpb.KeyTemplate

ECDSAP384KeyWithoutPrefixTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:

  • Hash function: SHA512
  • Curve: NIST P-384
  • Signature encoding: DER
  • Output prefix type: RAW

func ECDSAP384SHA384KeyTemplate 

func ECDSAP384SHA384KeyTemplate() *tinkpb.KeyTemplate

ECDSAP384SHA384KeyTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:

  • Hash function: SHA384
  • Curve: NIST P-384
  • Signature encoding: DER
  • Output prefix type: TINK

func ECDSAP384SHA384KeyWithoutPrefixTemplate 

func ECDSAP384SHA384KeyWithoutPrefixTemplate() *tinkpb.KeyTemplate

ECDSAP384SHA384KeyWithoutPrefixTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:

  • Hash function: SHA384
  • Curve: NIST P-384
  • Signature encoding: DER
  • Output prefix type: RAW

func ECDSAP384SHA512KeyTemplate 

func ECDSAP384SHA512KeyTemplate() *tinkpb.KeyTemplate

ECDSAP384SHA512KeyTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:

  • Hash function: SHA512
  • Curve: NIST P-384
  • Signature encoding: DER
  • Output prefix type: TINK

func ECDSAP521KeyTemplate 

func ECDSAP521KeyTemplate() *tinkpb.KeyTemplate

ECDSAP521KeyTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:

  • Hash function: SHA512
  • Curve: NIST P-521
  • Signature encoding: DER
  • Output prefix type: TINK

func ECDSAP521KeyWithoutPrefixTemplate 

func ECDSAP521KeyWithoutPrefixTemplate() *tinkpb.KeyTemplate

ECDSAP521KeyWithoutPrefixTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:

  • Hash function: SHA512
  • Curve: NIST P-521
  • Signature encoding: DER
  • Output prefix type: RAW

func ED25519KeyTemplate 

func ED25519KeyTemplate() *tinkpb.KeyTemplate

ED25519KeyTemplate is a KeyTemplate that generates a new ED25519 private key.

func ED25519KeyWithoutPrefixTemplate 

func ED25519KeyWithoutPrefixTemplate() *tinkpb.KeyTemplate

ED25519KeyWithoutPrefixTemplate is a KeyTemplate that generates a new ED25519 private key.

func NewSigner 

func NewSigner(handle *keyset.Handle) (tink.Signer, error)

NewSigner returns a Signer primitive from the given keyset handle.

func NewVerifier 

func NewVerifier(handle *keyset.Handle) (tink.Verifier, error)

NewVerifier returns a Verifier primitive from the given keyset handle.

func RSA_SSA_PKCS1_3072_SHA256_F4_Key_Template 

func RSA_SSA_PKCS1_3072_SHA256_F4_Key_Template() *tinkpb.KeyTemplate

RSA_SSA_PKCS1_3072_SHA256_F4_Key_Template is a KeyTemplate that generates a new RSA SSA PKCS1 private key with the following parameters:

  • Modulus size in bits: 3072.
  • Hash function: SHA256.
  • Public Exponent: 65537 (aka F4).
  • OutputPrefixType: TINK

func RSA_SSA_PKCS1_3072_SHA256_F4_RAW_Key_Template 

func RSA_SSA_PKCS1_3072_SHA256_F4_RAW_Key_Template() *tinkpb.KeyTemplate

RSA_SSA_PKCS1_3072_SHA256_F4_RAW_Key_Template is a KeyTemplate that generates a new RSA SSA PKCS1 private key with the following parameters:

  • Modulus size in bits: 3072.
  • Hash function: SHA256.
  • Public Exponent: 65537 (aka F4).
  • OutputPrefixType: RAW

func RSA_SSA_PKCS1_4096_SHA512_F4_Key_Template 

func RSA_SSA_PKCS1_4096_SHA512_F4_Key_Template() *tinkpb.KeyTemplate

RSA_SSA_PKCS1_4096_SHA512_F4_Key_Template is a KeyTemplate that generates a new RSA SSA PKCS1 private key with the following parameters:

  • Modulus size in bits: 4096.
  • Hash function: SHA512.
  • Public Exponent: 65537 (aka F4).
  • OutputPrefixType: TINK

func RSA_SSA_PKCS1_4096_SHA512_F4_RAW_Key_Template 

func RSA_SSA_PKCS1_4096_SHA512_F4_RAW_Key_Template() *tinkpb.KeyTemplate

RSA_SSA_PKCS1_4096_SHA512_F4_RAW_Key_Template is a KeyTemplate that generates a new RSA SSA PKCS1 private key with the following parameters:

  • Modulus size in bits: 4096.
  • Hash function: SHA512.
  • Public Exponent: 65537 (aka F4).
  • OutputPrefixType: RAW

func RSA_SSA_PSS_3072_SHA256_32_F4_Key_Template 

func RSA_SSA_PSS_3072_SHA256_32_F4_Key_Template() *tinkpb.KeyTemplate

RSA_SSA_PSS_3072_SHA256_32_F4_Key_Template is a KeyTemplate that generates a new RSA SSA PSS private key with the following parameters:

  • Modulus size in bits: 3072.
  • Signature hash: SHA256.
  • MGF1 hash: SHA256.
  • Salt length: 32 (i.e., SHA256's output length).
  • Public Exponent: 65537 (aka F4).
  • OutputPrefixType: TINK

func RSA_SSA_PSS_3072_SHA256_32_F4_Raw_Key_Template 

func RSA_SSA_PSS_3072_SHA256_32_F4_Raw_Key_Template() *tinkpb.KeyTemplate

RSA_SSA_PSS_3072_SHA256_32_F4_Raw_Key_Template is a KeyTemplate that generates a new RSA SSA PSS private key with the following parameters:

  • Modulus size in bits: 3072.
  • Signature hash: SHA256.
  • MGF1 hash: SHA256.
  • Salt length: 32 (i.e., SHA256's output length).
  • Public Exponent: 65537 (aka F4).
  • OutputPrefixType: RAW

func RSA_SSA_PSS_4096_SHA512_64_F4_Key_Template 

func RSA_SSA_PSS_4096_SHA512_64_F4_Key_Template() *tinkpb.KeyTemplate

RSA_SSA_PSS_4096_SHA512_64_F4_Key_Template is a KeyTemplate that generates a new RSA SSA PSS private key with the following parameters:

  • Modulus size in bits: 4096.
  • Signature hash: SHA512.
  • MGF1 hash: SHA512.
  • Salt length: 64 (i.e., SHA512's output length).
  • Public Exponent: 65537 (aka F4).
  • OutputPrefixType: TINK

func RSA_SSA_PSS_4096_SHA512_64_F4_Raw_Key_Template 

func RSA_SSA_PSS_4096_SHA512_64_F4_Raw_Key_Template() *tinkpb.KeyTemplate

RSA_SSA_PSS_4096_SHA512_64_F4_Raw_Key_Template is a KeyTemplate that generates a new RSA SSA PSS private key with the following parameters:

  • Modulus size in bits: 4096.
  • Signature hash: SHA512.
  • MGF1 hash: SHA512.
  • Salt length: 64 (i.e., SHA512's output length).
  • Public Exponent: 65537 (aka F4).
  • OutputPrefixType: RAW

Types

This section is empty.

Source Files

View all Source files

Directories

Path Synopsis
Package subtle provides subtle implementations of the digital signature primitive.
 Package subtle provides subtle implementations of the digital signature primitive.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.