crypto

package
v0.0.11 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 29, 2026 License: Apache-2.0, MIT Imports: 13 Imported by: 1

Documentation

Overview

Package crypto provides cryptographic operations for the AT Protocol, including P-256 and K-256 (secp256k1) key pairs, signing, verification, and did:key encoding.

Index

Examples

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type K256PrivateKey 

type K256PrivateKey struct {
	// contains filtered or unexported fields
}

K256PrivateKey is a secp256k1 (K-256) private key.

func GenerateK256 

func GenerateK256() (*K256PrivateKey, error)

GenerateK256 creates a new random K-256 key pair.

func ParsePrivateK256 

func ParsePrivateK256(raw []byte) (*K256PrivateKey, error)

ParsePrivateK256 parses a K-256 private key from a raw 32-byte scalar.

func (*K256PrivateKey) Bytes 

func (k *K256PrivateKey) Bytes() []byte

Bytes returns the raw 32-byte scalar of the private key.

func (*K256PrivateKey) HashAndSign 

func (k *K256PrivateKey) HashAndSign(content []byte) ([]byte, error)

HashAndSign computes SHA-256 of content and signs with low-S normalization.

func (*K256PrivateKey) PublicKey 

func (k *K256PrivateKey) PublicKey() PublicKey

PublicKey returns the corresponding K-256 public key.

type K256PublicKey 

type K256PublicKey struct {
	// contains filtered or unexported fields
}

K256PublicKey is a secp256k1 (K-256) public key.

func ParsePublicBytesK256 

func ParsePublicBytesK256(raw []byte) (*K256PublicKey, error)

ParsePublicBytesK256 parses a compressed SEC1 K-256 public key (33 bytes).

func (*K256PublicKey) Bytes 

func (k *K256PublicKey) Bytes() []byte

Bytes returns the compressed SEC1 public key (33 bytes).

func (*K256PublicKey) DIDKey 

func (k *K256PublicKey) DIDKey() string

DIDKey returns the did:key string for this K-256 public key.

func (*K256PublicKey) Equal 

func (k *K256PublicKey) Equal(other PublicKey) bool

Equal reports whether two K-256 public keys are identical.

func (*K256PublicKey) HashAndVerify 

func (k *K256PublicKey) HashAndVerify(content, sig []byte) error

HashAndVerify computes SHA-256 and verifies the signature, rejecting high-S.

func (*K256PublicKey) HashAndVerifyLenient 

func (k *K256PublicKey) HashAndVerifyLenient(content, sig []byte) error

HashAndVerifyLenient is like K256PublicKey.HashAndVerify but accepts high-S signatures.

func (*K256PublicKey) Multibase 

func (k *K256PublicKey) Multibase() string

Multibase returns the z-prefixed base58btc multicodec encoding.

type P256PrivateKey 

type P256PrivateKey struct {
	// contains filtered or unexported fields
}

P256PrivateKey is a P-256 private key.

func GenerateP256 

func GenerateP256() (*P256PrivateKey, error)

GenerateP256 creates a new random P-256 key pair.

Example 
package main

import (
	"fmt"
	"strings"

	"github.com/jcalabro/atmos/crypto"
)

func main() {
	priv, err := crypto.GenerateP256()
	if err != nil {
		panic(err)
	}
	pub := priv.PublicKey()

	// Sign and verify.
	msg := []byte("hello atproto")
	sig, err := priv.HashAndSign(msg)
	if err != nil {
		panic(err)
	}
	err = pub.HashAndVerify(msg, sig)
	fmt.Println(err)
	fmt.Println(strings.HasPrefix(pub.DIDKey(), "did:key:z"))
}

Output:
<nil>
true

func ParsePrivateP256 

func ParsePrivateP256(raw []byte) (*P256PrivateKey, error)

ParsePrivateP256 parses a P-256 private key from a raw 32-byte scalar.

func (*P256PrivateKey) Bytes 

func (k *P256PrivateKey) Bytes() []byte

Bytes returns the raw 32-byte private key scalar.

func (*P256PrivateKey) HashAndSign 

func (k *P256PrivateKey) HashAndSign(content []byte) ([]byte, error)

HashAndSign computes SHA-256 of content and signs with low-S normalization.

func (*P256PrivateKey) PublicKey 

func (k *P256PrivateKey) PublicKey() PublicKey

PublicKey returns the corresponding P-256 public key.

type P256PublicKey 

type P256PublicKey struct {
	// contains filtered or unexported fields
}

P256PublicKey is a P-256 public key.

func ParsePublicBytesP256 

func ParsePublicBytesP256(compressed []byte) (*P256PublicKey, error)

ParsePublicBytesP256 parses a compressed SEC1 P-256 public key (33 bytes).

func (*P256PublicKey) Bytes 

func (k *P256PublicKey) Bytes() []byte

Bytes returns the compressed SEC1 public key (33 bytes).

func (*P256PublicKey) DIDKey 

func (k *P256PublicKey) DIDKey() string

DIDKey returns the did:key string for this P-256 public key.

func (*P256PublicKey) Equal 

func (k *P256PublicKey) Equal(other PublicKey) bool

Equal reports whether two P-256 public keys are identical.

func (*P256PublicKey) HashAndVerify 

func (k *P256PublicKey) HashAndVerify(content, sig []byte) error

HashAndVerify computes SHA-256 and verifies the signature, rejecting high-S.

func (*P256PublicKey) HashAndVerifyLenient 

func (k *P256PublicKey) HashAndVerifyLenient(content, sig []byte) error

HashAndVerifyLenient is like P256PublicKey.HashAndVerify but accepts high-S signatures.

func (*P256PublicKey) Multibase 

func (k *P256PublicKey) Multibase() string

Multibase returns the z-prefixed base58btc multicodec encoding.

func (*P256PublicKey) UncompressedBytes 

func (k *P256PublicKey) UncompressedBytes() []byte

UncompressedBytes returns the uncompressed SEC1 encoding of the public key: 0x04 || X (32 bytes) || Y (32 bytes) = 65 bytes total. This is useful for extracting the X and Y coordinates for JWK serialization.

type PrivateKey 

type PrivateKey interface {
	// PublicKey returns the corresponding public key.
	PublicKey() PublicKey
	// HashAndSign computes SHA-256 of content and signs it (low-S normalized).
	// Returns a 64-byte compact [R || S] signature.
	HashAndSign(content []byte) ([]byte, error)
}

PrivateKey can sign data.

type PublicKey 

type PublicKey interface {
	// Bytes returns the compressed SEC1 public key (33 bytes).
	Bytes() []byte
	// HashAndVerify computes SHA-256 of content and verifies the signature.
	// Rejects non-low-S signatures.
	HashAndVerify(content, sig []byte) error
	// HashAndVerifyLenient is like HashAndVerify but accepts high-S signatures.
	// Used for JWT verification compatibility.
	HashAndVerifyLenient(content, sig []byte) error
	// DIDKey returns the did:key string representation.
	DIDKey() string
	// Multibase returns the z-prefixed base58btc multicodec encoding.
	Multibase() string
	// Equal returns true if the other key is identical.
	Equal(other PublicKey) bool
}

PublicKey can verify signatures and be serialized.

func ParsePublicDIDKey 

func ParsePublicDIDKey(s string) (PublicKey, error)

ParsePublicDIDKey parses a did:key string and returns the public key.

func ParsePublicMultibase 

func ParsePublicMultibase(s string) (PublicKey, error)

ParsePublicMultibase parses a z-prefixed base58btc multicodec public key.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.