package crypto
import "github.com/google/trillian/crypto"
Package crypto provides signing functionality for Trillian.
Index ¶
- func SignatureAlgorithm(k gocrypto.PublicKey) sigpb.DigitallySigned_SignatureAlgorithm
- func Verify(pub crypto.PublicKey, hasher crypto.Hash, data, sig []byte) error
- func VerifySignedLogRoot(pub crypto.PublicKey, hash crypto.Hash, r *trillian.SignedLogRoot) (*types.LogRootV1, error)
- func VerifySignedMapRoot(pub crypto.PublicKey, hash crypto.Hash, smr *trillian.SignedMapRoot) (*types.MapRootV1, error)
- type Signer
- func NewSHA256Signer(signer crypto.Signer) *Signer
- func NewSigner(keyID int64, signer crypto.Signer, hash crypto.Hash) *Signer
- func (s *Signer) Public() crypto.PublicKey
- func (s *Signer) Sign(data []byte) ([]byte, error)
- func (s *Signer) SignLogRoot(r *types.LogRootV1) (*trillian.SignedLogRoot, error)
- func (s *Signer) SignMapRoot(r *types.MapRootV1) (*trillian.SignedMapRoot, error)
Functions ¶
func SignatureAlgorithm ¶
func SignatureAlgorithm(k gocrypto.PublicKey) sigpb.DigitallySigned_SignatureAlgorithm
SignatureAlgorithm returns the algorithm used for this public key. Only ECDSA and RSA keys are supported. Other key types will return sigpb.DigitallySigned_ANONYMOUS.
func Verify ¶
Verify cryptographically verifies the output of Signer.
func VerifySignedLogRoot ¶
func VerifySignedLogRoot(pub crypto.PublicKey, hash crypto.Hash, r *trillian.SignedLogRoot) (*types.LogRootV1, error)
VerifySignedLogRoot verifies the SignedLogRoot and returns its contents.
func VerifySignedMapRoot ¶
func VerifySignedMapRoot(pub crypto.PublicKey, hash crypto.Hash, smr *trillian.SignedMapRoot) (*types.MapRootV1, error)
VerifySignedMapRoot verifies the signature on the SignedMapRoot. VerifySignedMapRoot returns MapRootV1 to encourage safe API use. It should be the only function available to clients that returns MapRootV1.
Types ¶
type Signer ¶
type Signer struct {
KeyHint []byte
// If Hash is noHash (zero), the signer expects to be given the full message not a hashed digest.
Hash crypto.Hash
Signer crypto.Signer
}
Signer is responsible for signing log-related data and producing the appropriate application specific signature objects.
func NewSHA256Signer ¶
NewSHA256Signer creates a new SHA256 based Signer and a KeyID of 0. TODO(gbelvin): remove
func NewSigner ¶
NewSigner returns a new signer. The signer will set the KeyHint field, when available, with KeyID.
func (*Signer) Public ¶
Public returns the public key that can verify signatures produced by s.
func (*Signer) Sign ¶
Sign obtains a signature over the input data; this typically (but not always) involves first hashing the input data.
func (*Signer) SignLogRoot ¶
SignLogRoot returns a complete SignedLogRoot (including signature).
func (*Signer) SignMapRoot ¶
SignMapRoot hashes and signs the supplied (to-be) SignedMapRoot and returns a signature.
Source Files ¶
signatures.go signer.go verifier.go
Directories ¶
| Path | Synopsis |
|---|---|
| crypto/keys | Package keys provides access to public and private keys for signing and verification of signatures. |
| crypto/keys/der | |
| crypto/keys/der/proto | Package proto registers a DER keys.ProtoHandler using keys.RegisterHandler. |
| crypto/keyspb | |
| crypto/keys/pem | |
| crypto/keys/pem/proto | Package proto registers a PEM keys.ProtoHandler using keys.RegisterHandler. |
| crypto/keys/pkcs11 | Package pkcs11 provides access to private keys using a PKCS#11 interface. |
| crypto/keys/pkcs11/proto | Package proto registers a PKCS#11 keys.ProtoHandler using keys.RegisterHandler. |
| crypto/keys/testonly | Package testonly contains code and data that should only be used by tests. |
| crypto/sigpb |
- Version
- v1.3.4
- Published
- Oct 23, 2019
- Platform
- js/wasm
- Imports
- 13 packages
- Last checked
- 6 hours ago –
Tools for package owners.