package signature

go – github.com/google/tink/go/signature Index | Examples | Files | Directories

package signature

import "github.com/google/tink/go/signature"

Package signature provides implementations of the Signer and Verifier primitives.

To sign data using Tink you can use ECDSA, ED25519 or RSA-SSA-PKCS1 key templates.

Example¶

package main

import (
	"encoding/base64"
	"fmt"
	"log"

	"github.com/google/tink/go/keyset"
	"github.com/google/tink/go/signature"
)

func main() {
	kh, err := keyset.NewHandle(signature.ECDSAP256KeyTemplate()) // Other key templates can also be used.
	if err != nil {
		log.Fatal(err)
	}

	// TODO: save the private keyset to a safe location. DO NOT hardcode it in source code.
	// Consider encrypting it with a remote key in Cloud KMS, AWS KMS or HashiCorp Vault.
	// See https://github.com/google/tink/blob/master/docs/GOLANG-HOWTO.md#storing-and-loading-existing-keysets.

	s, err := signature.NewSigner(kh)
	if err != nil {
		log.Fatal(err)
	}

	msg := []byte("this data needs to be signed")
	sig, err := s.Sign(msg)
	if err != nil {
		log.Fatal(err)
	}

	pubkh, err := kh.Public()
	if err != nil {
		log.Fatal(err)
	}

	// TODO: share the public with the verifier.

	v, err := signature.NewVerifier(pubkh)
	if err != nil {
		log.Fatal(err)
	}

	if err := v.Verify(sig, msg); err != nil {
		log.Fatal(err)
	}

	fmt.Printf("Message: %s\n", msg)
	fmt.Printf("Signature: %s\n", base64.StdEncoding.EncodeToString(sig))
}

Index ¶

func ECDSAP256KeyTemplate() *tinkpb.KeyTemplate
func ECDSAP256KeyWithoutPrefixTemplate() *tinkpb.KeyTemplate
func ECDSAP256RawKeyTemplate() *tinkpb.KeyTemplate
func ECDSAP384KeyTemplate() *tinkpb.KeyTemplate
func ECDSAP384KeyWithoutPrefixTemplate() *tinkpb.KeyTemplate
func ECDSAP384SHA384KeyTemplate() *tinkpb.KeyTemplate
func ECDSAP384SHA512KeyTemplate() *tinkpb.KeyTemplate
func ECDSAP521KeyTemplate() *tinkpb.KeyTemplate
func ECDSAP521KeyWithoutPrefixTemplate() *tinkpb.KeyTemplate
func ED25519KeyTemplate() *tinkpb.KeyTemplate
func ED25519KeyWithoutPrefixTemplate() *tinkpb.KeyTemplate
func NewSigner(h *keyset.Handle) (tink.Signer, error)
func NewSignerWithKeyManager(h *keyset.Handle, km registry.KeyManager) (tink.Signer, error)
func NewVerifier(h *keyset.Handle) (tink.Verifier, error)
func NewVerifierWithKeyManager(h *keyset.Handle, km registry.KeyManager) (tink.Verifier, error)
func RSA_SSA_PKCS1_3072_SHA256_F4_Key_Template() *tinkpb.KeyTemplate
func RSA_SSA_PKCS1_3072_SHA256_F4_RAW_Key_Template() *tinkpb.KeyTemplate
func RSA_SSA_PKCS1_4096_SHA512_F4_Key_Template() *tinkpb.KeyTemplate
func RSA_SSA_PKCS1_4096_SHA512_F4_RAW_Key_Template() *tinkpb.KeyTemplate

Examples ¶

package

Functions ¶

func ECDSAP256KeyTemplate ¶

func ECDSAP256KeyTemplate() *tinkpb.KeyTemplate

ECDSAP256KeyTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:

Hash function: SHA256
Curve: NIST P-256
Signature encoding: DER
Output prefix type: TINK

func ECDSAP256KeyWithoutPrefixTemplate ¶

func ECDSAP256KeyWithoutPrefixTemplate() *tinkpb.KeyTemplate

ECDSAP256KeyWithoutPrefixTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:

Hash function: SHA256
Curve: NIST P-256
Signature encoding: DER
Output prefix type: RAW

Note that this template uses a different encoding than ESDSA_P256_RAW in Tinkey.

func ECDSAP256RawKeyTemplate ¶

func ECDSAP256RawKeyTemplate() *tinkpb.KeyTemplate

ECDSAP256RawKeyTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:

Hash function: SHA256
Curve: NIST P-256
Signature encoding: IEEE_P1363
Output prefix type: RAW

func ECDSAP384KeyTemplate ¶

func ECDSAP384KeyTemplate() *tinkpb.KeyTemplate

ECDSAP384KeyTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:

Hash function: SHA512
Curve: NIST P-384
Signature encoding: DER
Output prefix type: TINK

Deprecated: Use ECDSAP384SHA384KeyTemplate or ECDSAP384SHA512KeyTemplate instead.

func ECDSAP384KeyWithoutPrefixTemplate ¶

func ECDSAP384KeyWithoutPrefixTemplate() *tinkpb.KeyTemplate

ECDSAP384KeyWithoutPrefixTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:

Hash function: SHA512
Curve: NIST P-384
Signature encoding: DER
Output prefix type: RAW

func ECDSAP384SHA384KeyTemplate ¶

func ECDSAP384SHA384KeyTemplate() *tinkpb.KeyTemplate

ECDSAP384SHA384KeyTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:

Hash function: SHA384
Curve: NIST P-384
Signature encoding: DER
Output prefix type: TINK

func ECDSAP384SHA512KeyTemplate ¶

func ECDSAP384SHA512KeyTemplate() *tinkpb.KeyTemplate

ECDSAP384SHA512KeyTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:

Hash function: SHA512
Curve: NIST P-384
Signature encoding: DER
Output prefix type: TINK

func ECDSAP521KeyTemplate ¶

func ECDSAP521KeyTemplate() *tinkpb.KeyTemplate

ECDSAP521KeyTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:

Hash function: SHA512
Curve: NIST P-521
Signature encoding: DER
Output prefix type: TINK

func ECDSAP521KeyWithoutPrefixTemplate ¶

func ECDSAP521KeyWithoutPrefixTemplate() *tinkpb.KeyTemplate

ECDSAP521KeyWithoutPrefixTemplate is a KeyTemplate that generates a new ECDSA private key with the following parameters:

Hash function: SHA512
Curve: NIST P-521
Signature encoding: DER
Output prefix type: TINK

func ED25519KeyTemplate ¶

func ED25519KeyTemplate() *tinkpb.KeyTemplate

ED25519KeyTemplate is a KeyTemplate that generates a new ED25519 private key.

func ED25519KeyWithoutPrefixTemplate ¶

func ED25519KeyWithoutPrefixTemplate() *tinkpb.KeyTemplate

ED25519KeyWithoutPrefixTemplate is a KeyTemplate that generates a new ED25519 private key.

func NewSigner ¶

func NewSigner(h *keyset.Handle) (tink.Signer, error)

NewSigner returns a Signer primitive from the given keyset handle.

func NewSignerWithKeyManager ¶

func NewSignerWithKeyManager(h *keyset.Handle, km registry.KeyManager) (tink.Signer, error)

NewSignerWithKeyManager returns a Signer primitive from the given keyset handle and custom key manager.

Deprecated: Use NewSigner.

func NewVerifier ¶

func NewVerifier(h *keyset.Handle) (tink.Verifier, error)

NewVerifier returns a Verifier primitive from the given keyset handle.

func NewVerifierWithKeyManager ¶

func NewVerifierWithKeyManager(h *keyset.Handle, km registry.KeyManager) (tink.Verifier, error)

NewVerifierWithKeyManager returns a Verifier primitive from the given keyset handle and custom key manager.

Deprecated: Use NewVerifier.

func RSA_SSA_PKCS1_3072_SHA256_F4_Key_Template ¶

func RSA_SSA_PKCS1_3072_SHA256_F4_Key_Template() *tinkpb.KeyTemplate

RSA_SSA_PKCS1_3072_SHA256_F4_Key_Template is a KeyTemplate that generates a new RSA SSA PKCS1 private key with the following parameters:

Modulus size in bits: 3072.
Hash function: SHA256.
Public Exponent: 65537 (aka F4).
OutputPrefixType: TINK

func RSA_SSA_PKCS1_3072_SHA256_F4_RAW_Key_Template ¶

func RSA_SSA_PKCS1_3072_SHA256_F4_RAW_Key_Template() *tinkpb.KeyTemplate

RSA_SSA_PKCS1_3072_SHA256_F4_RAW_Key_Template is a KeyTemplate that generates a new RSA SSA PKCS1 private key with the following parameters:

Modulus size in bits: 3072.
Hash function: SHA256.
Public Exponent: 65537 (aka F4).
OutputPrefixType: RAW

func RSA_SSA_PKCS1_4096_SHA512_F4_Key_Template ¶

func RSA_SSA_PKCS1_4096_SHA512_F4_Key_Template() *tinkpb.KeyTemplate

RSA_SSA_PKCS1_4096_SHA512_F4_Key_Template is a KeyTemplate that generates a new RSA SSA PKCS1 private key with the following parameters:

Modulus size in bits: 4096.
Hash function: SHA512.
Public Exponent: 65537 (aka F4).
OutputPrefixType: TINK

func RSA_SSA_PKCS1_4096_SHA512_F4_RAW_Key_Template ¶

func RSA_SSA_PKCS1_4096_SHA512_F4_RAW_Key_Template() *tinkpb.KeyTemplate

RSA_SSA_PKCS1_4096_SHA512_F4_RAW_Key_Template is a KeyTemplate that generates a new RSA SSA PKCS1 private key with the following parameters:

Modulus size in bits: 4096.
Hash function: SHA512.
Public Exponent: 65537 (aka F4).
OutputPrefixType: RAW

Source Files ¶

ecdsa_signer_key_manager.go ecdsa_verifier_key_manager.go ed25519_signer_key_manager.go ed25519_verifier_key_manager.go proto.go rsa.go rsassapkcs1_signer_key_manager.go rsassapkcs1_verifier_key_manager.go signature.go signature_key_templates.go signer_factory.go verifier_factory.go

Directories ¶

Path	Synopsis
signature/internal	Package internal implements digital signatures.
signature/subtle	Package subtle provides subtle implementations of the digital signature primitive.

Version: v1.7.0 (latest)
Published: Aug 10, 2022
Platform: linux/amd64
Imports: 21 packages
Last checked: 3 months ago –

Tools for package owners.

?	: This menu
/	: Search site
f	: Jump to identifier
g then g	: Go to top of page
g then b	: Go to end of page
G	: Go to end of page
g then i	: Go to index
g then e	: Go to examples