Documentation
¶
Overview ¶
Package signature provides a mechanism for computing public key signatures, which are used to help identify public keys used in sealing TRISA envelopes and select the matching private key pair when a secure envelope is received.
TRISA strongly recommends that sealing/unsealing keys be distinct from identity certificates for improved security and to support differing retirement criteria. Some organizations may choose to use unique sealing/unsealing keys with each unique counterparty.
A PublicKeySignature takes the form of "ALG:base64data" where ALG is one of the valid hashing algorithms used by this package and base64data contains the hash of the key.
Example ¶
package main
import (
"crypto/rand"
"crypto/rsa"
"fmt"
"github.com/trisacrypto/trisa/pkg/trisa/keys/signature"
)
func main() {
// Generate a new RSA key pair
key, _ := rsa.GenerateKey(rand.Reader, 2048)
// Sign the public key
pks, _ := signature.New(&key.PublicKey)
// Make sure the pks matches the original public key
match := signature.Match(pks, &key.PublicKey)
fmt.Printf("%t\n", match)
}
Output: true
Index ¶
Examples ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func New ¶
New creates a public key signature for an *rsa.PublicKey, *ecdsa.PublicKey or ed25519.PublicKey (or any key that can be marshalled by x509.MarshalPKIXPublicKey). It returns the default SHA256 signature that the package recommends for public key identification and matching.
func Sign ¶
Sign creates a public key signature from a public key that can be marshalled as an PKIX public key. It then takes the hash of the marshalled data using the specified signature algorithm and returns a string that concatenates the name of the hashing algorithm with the raw base64 encoded of the hash sum.
Source Files