Documentation ¶
Overview ¶
Package messaging for signing and encryption of messages
Index ¶
- func CreateECDSAKeys() *ecdsa.PrivateKey
- func CreateEcdsaSignature(payload []byte, privateKey *ecdsa.PrivateKey) string
- func CreateJWSSignature(payload []byte, privateKey *ecdsa.PrivateKey) (string, error)
- func DecryptMessage(serialized string, privateKey *ecdsa.PrivateKey) (message string, isEncrypted bool, err error)
- func EncryptMessage(message string, publicKey *ecdsa.PublicKey) (serialized string, err error)
- func SignAndEncrypt(payload []byte, myPrivateKey *ecdsa.PrivateKey, publicKey *ecdsa.PublicKey) (message string, err error)
- func VerifyEcdsaSignature(payload []byte, signatureB64urlEncoded string, publicKey *ecdsa.PublicKey) error
- func VerifyJWSMessage(message string, publicKey *ecdsa.PublicKey) (payload string, err error)
- func VerifySenderJWSSignature(rawMessage string, object interface{}, ...) (isSigned bool, err error)
- type ECDSASignature
- type MessageSignatureEnvelope
- type MessageSigner
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func CreateECDSAKeys ¶
func CreateECDSAKeys() *ecdsa.PrivateKey
CreateECDSAKeys creates a asymmetric key set Returns a private key that contains its associated public key
func CreateEcdsaSignature ¶
func CreateEcdsaSignature(payload []byte, privateKey *ecdsa.PrivateKey) string
CreateEcdsaSignature creates a ECDSA256 signature from the payload using the provided private key This returns a base64url encoded signature
payload to create the signature for privateKey used to sign. The receiver must have the public key to verify the signature
func CreateJWSSignature ¶
func CreateJWSSignature(payload []byte, privateKey *ecdsa.PrivateKey) (string, error)
CreateJWSSignature signs the payload using JSE ES256 and return the JSE compact serialized message
payload to create the signature for and serialize privateKey used to sign. The received must have the public key to verify
This returns the JSE compact serialized message
func DecryptMessage ¶
func DecryptMessage(serialized string, privateKey *ecdsa.PrivateKey) (message string, isEncrypted bool, err error)
DecryptMessage deserializes and decrypts the message using JWE This returns the decrypted message, or the input message if the message was not encrypted
func EncryptMessage ¶
EncryptMessage encrypts and serializes the message using JWE
func SignAndEncrypt ¶
func SignAndEncrypt(payload []byte, myPrivateKey *ecdsa.PrivateKey, publicKey *ecdsa.PublicKey) (message string, err error)
Encrypt signs and encrypts the payload This returns the JWS signed and JWE encrypted message
func VerifyEcdsaSignature ¶
func VerifyEcdsaSignature(payload []byte, signatureB64urlEncoded string, publicKey *ecdsa.PublicKey) error
VerifyEcdsaSignature the payload using the base64url encoded signature and public key payload is any raw data signatureB64urlEncoded is the ecdsa 256 URL encoded signature Intended for signing an object like the publisher identity. Use VerifyJWSMessage for verifying JWS signed messages.
func VerifyJWSMessage ¶
VerifyJWSMessage verifies a signed message and returns its payload The message is a JWS encoded string. The public key of the sender is needed to verify the message.
Intended for testing, as the application uses VerifySenderJWSSignature instead.
func VerifySenderJWSSignature ¶
func VerifySenderJWSSignature(rawMessage string, object interface{}, getPublicKey func(address string) *ecdsa.PublicKey) (isSigned bool, err error)
VerifySenderJWSSignature verifies if a message is JWS signed. If signed then the signature is verified using the 'Sender' or 'Address' attributes to determine the public key to verify with. To verify correctly, the sender has to be a known publisher and verified with the DSS.
object MUST be a pointer to the type otherwise unmarshal fails.
getPublicKey is a lookup function for providing the public key from the given sender address.
it should only provide a public key if the publisher is known and verified by the DSS, or if this zone does not use a DSS (publisher are protected through message bus ACLs) If not provided then signature verification will succeed.
The rawMessage is json unmarshalled into the given object.
This returns a flag if the message was signed and if so, an error if the verification failed
Types ¶
type MessageSignatureEnvelope ¶
type MessageSignatureEnvelope struct { Sender string `json:"sender"` // sender clientID Signature []byte `json:"signature"` // base64 encoded signature Payload []byte `json:"payload"` // base64 encoded payload }
!!! THIS CODE IS NOT YET IN USE !!! The message envelope is used if a message is signed
type MessageSigner ¶
type MessageSigner struct { // GetPublicKey when available is used in message to verify signature GetPublicKey func(address string) *ecdsa.PublicKey // must be a variable // contains filtered or unexported fields }
MessageSigner for signing and verifying of signed and encrypted messages using ECDSA
func (*MessageSigner) DecodeMessage ¶
func (signer *MessageSigner) DecodeMessage(rawMessage string, object interface{}) (isEncrypted bool, isSigned bool, err error)
DecodeMessage decrypts the message and verifies the sender signature. The sender and signer of the message is contained the message 'sender' field. If the Sender field is missing then the 'address' field is used as sender.
rawMessage contains the encryped and signed message object must hold the expected message type to decode the json message
func (*MessageSigner) VerifySignedMessage ¶
func (signer *MessageSigner) VerifySignedMessage(rawMessage string, object interface{}) (isSigned bool, err error)
VerifySignedMessage parses and verifies the message signature as per standard, the sender and signer of the message is in the message 'Sender' field. If the Sender field is missing then the 'address' field contains the publisher.
rawMessage contains the signed message object must hold the expected message type to decode the json message