sign

Documentation

Overview

Package sign signs small messages using public-key cryptography.

Sign uses Ed25519 to sign messages. The length of messages is not hidden. Messages should be small because: 1. The whole message needs to be held in memory to be processed. 2. Using large messages pressures implementations on small machines to process plaintext without verifying the signature. This is very dangerous, and this API discourages it, but a protocol that uses excessive message sizes might present some implementations with no other choice. 3. Performance may be improved by working with messages that fit into data caches. Thus large amounts of data should be chunked so that each message is small.

This package is not interoperable with the current release of NaCl (https://nacl.cr.yp.to/sign.html), which does not support Ed25519 yet. However, it is compatible with the NaCl fork libsodium (https://www.libsodium.org), as well as TweetNaCl (https://tweetnacl.cr.yp.to/).

Index

• Constants
• func GenerateKey(rand io.Reader) (publicKey *[32]byte, privateKey *[64]byte, err error)
• func Open(out, signedMessage []byte, publicKey *[32]byte) ([]byte, bool)
• func Sign(out, message []byte, privateKey *[64]byte) []byte

Constants

const Overhead = 64

Overhead is the number of bytes of overhead when signing a message.

Functions

func GenerateKey

func GenerateKey(rand io.Reader) (publicKey *[32]byte, privateKey *[64]byte, err error)

GenerateKey generates a new public/private key pair suitable for use with Sign and Open.

func Open

func Open(out, signedMessage []byte, publicKey *[32]byte) ([]byte, bool)

Open verifies a signed message produced by Sign and appends the message to out, which must not overlap the signed message. The output will be Overhead bytes smaller than the signed message.

func Sign

func Sign(out, message []byte, privateKey *[64]byte) []byte

Sign appends a signed copy of message to out, which will be Overhead bytes longer than the original and must not overlap it.