signing

package
v0.0.0-...-2920ad6 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jan 1, 2023 License: MIT Imports: 12 Imported by: 2

Documentation

Overview

Package messaging for signing and encryption of messages

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func CreateECDSAKeys

func CreateECDSAKeys() *ecdsa.PrivateKey

CreateECDSAKeys creates a asymmetric key set Returns a private key that contains its associated public key

func CreateEcdsaSignature

func CreateEcdsaSignature(payload []byte, privateKey *ecdsa.PrivateKey) string

CreateEcdsaSignature creates a ECDSA256 signature from the payload using the provided private key This returns a base64url encoded signature

payload to create the signature for
privateKey used to sign. The receiver must have the public key to verify the signature

func CreateJWSSignature

func CreateJWSSignature(payload []byte, privateKey *ecdsa.PrivateKey) (string, error)

CreateJWSSignature signs the payload using JSE ES256 and return the JSE compact serialized message

payload to create the signature for and serialize
privateKey used to sign. The received must have the public key to verify

This returns the JSE compact serialized message

func DecryptMessage

func DecryptMessage(serialized string, privateKey *ecdsa.PrivateKey) (message string, isEncrypted bool, err error)

DecryptMessage deserializes and decrypts the message using JWE This returns the decrypted message, or the input message if the message was not encrypted

func EncryptMessage

func EncryptMessage(message string, publicKey *ecdsa.PublicKey) (serialized string, err error)

EncryptMessage encrypts and serializes the message using JWE

func SignAndEncrypt

func SignAndEncrypt(payload []byte, myPrivateKey *ecdsa.PrivateKey, publicKey *ecdsa.PublicKey) (message string, err error)

Encrypt signs and encrypts the payload This returns the JWS signed and JWE encrypted message

func VerifyEcdsaSignature

func VerifyEcdsaSignature(payload []byte, signatureB64urlEncoded string, publicKey *ecdsa.PublicKey) error

VerifyEcdsaSignature the payload using the base64url encoded signature and public key payload is any raw data signatureB64urlEncoded is the ecdsa 256 URL encoded signature Intended for signing an object like the publisher identity. Use VerifyJWSMessage for verifying JWS signed messages.

func VerifyJWSMessage

func VerifyJWSMessage(message string, publicKey *ecdsa.PublicKey) (payload string, err error)

VerifyJWSMessage verifies a signed message and returns its payload The message is a JWS encoded string. The public key of the sender is needed to verify the message.

Intended for testing, as the application uses VerifySenderJWSSignature instead.

func VerifySenderJWSSignature

func VerifySenderJWSSignature(rawMessage string, object interface{}, getPublicKey func(address string) *ecdsa.PublicKey) (isSigned bool, err error)

VerifySenderJWSSignature verifies if a message is JWS signed. If signed then the signature is verified using the 'Sender' or 'Address' attributes to determine the public key to verify with. To verify correctly, the sender has to be a known publisher and verified with the DSS.

object MUST be a pointer to the type otherwise unmarshal fails.

getPublicKey is a lookup function for providing the public key from the given sender address.

it should only provide a public key if the publisher is known and verified by the DSS, or
if this zone does not use a DSS (publisher are protected through message bus ACLs)
If not provided then signature verification will succeed.

The rawMessage is json unmarshalled into the given object.

This returns a flag if the message was signed and if so, an error if the verification failed

Types

type ECDSASignature

type ECDSASignature struct {
	R, S *big.Int
}

ECDSASignature ...

type MessageSignatureEnvelope

type MessageSignatureEnvelope struct {
	Sender    string `json:"sender"`    // sender clientID
	Signature []byte `json:"signature"` // base64 encoded signature
	Payload   []byte `json:"payload"`   // base64 encoded payload
}

!!! THIS CODE IS NOT YET IN USE !!! The message envelope is used if a message is signed

type MessageSigner

type MessageSigner struct {
	// GetPublicKey when available is used in message to verify signature
	GetPublicKey func(address string) *ecdsa.PublicKey // must be a variable
	// contains filtered or unexported fields
}

MessageSigner for signing and verifying of signed and encrypted messages using ECDSA

func (*MessageSigner) DecodeMessage

func (signer *MessageSigner) DecodeMessage(rawMessage string, object interface{}) (isEncrypted bool, isSigned bool, err error)

DecodeMessage decrypts the message and verifies the sender signature. The sender and signer of the message is contained the message 'sender' field. If the Sender field is missing then the 'address' field is used as sender.

rawMessage contains the encryped and signed message
object must hold the expected message type to decode the json message

func (*MessageSigner) VerifySignedMessage

func (signer *MessageSigner) VerifySignedMessage(rawMessage string, object interface{}) (isSigned bool, err error)

VerifySignedMessage parses and verifies the message signature as per standard, the sender and signer of the message is in the message 'Sender' field. If the Sender field is missing then the 'address' field contains the publisher.

rawMessage contains the signed message
object must hold the expected message type to decode the json message

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL