package ecdsa

Import Path
	crypto/ecdsa (on go.dev)

Dependency Relation
	imports 17 packages, and imported by 2 packages

Involved Source Files

	  d ecdsa.go
		Package ecdsa implements the Elliptic Curve Digital Signature Algorithm, as
		defined in [FIPS 186-5].
		
		Signatures generated by this package are not deterministic, but entropy is
		mixed with the private key and the message, achieving the same level of
		security in case of randomness source failure.
		
		Operations involving private keys are implemented using constant-time
		algorithms, as long as an [elliptic.Curve] returned by [elliptic.P224],
		[elliptic.P256], [elliptic.P384], or [elliptic.P521] is used.

	    ecdsa_legacy.go
	    notboring.go
Code Examples

	
		package main
		
		import (
			"crypto/ecdsa"
			"crypto/elliptic"
			"crypto/rand"
			"crypto/sha256"
			"fmt"
		)
		
		func main() {
			privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
			if err != nil {
				panic(err)
			}
		
			msg := "hello, world"
			hash := sha256.Sum256([]byte(msg))
		
			sig, err := ecdsa.SignASN1(rand.Reader, privateKey, hash[:])
			if err != nil {
				panic(err)
			}
			fmt.Printf("signature: %x\n", sig)
		
			valid := ecdsa.VerifyASN1(&privateKey.PublicKey, hash[:], sig)
			fmt.Println("signature verified:", valid)
		}


Package-Level Type Names (total 2)

	/* sort by: alphabet | popularity */
	 type PrivateKey (struct)
		PrivateKey represents an ECDSA private key.


		Fields (total 5)
			D *big.Int
			PublicKey PublicKey
			PublicKey.Curve elliptic.Curve
			PublicKey.X *big.Int
			PublicKey.Y *big.Int
		Methods (total 10)
			( PrivateKey) Add(x1, y1, x2, y2 *big.Int) (x, y *big.Int)
				Add returns the sum of (x1,y1) and (x2,y2).
				
				Deprecated: this is a low-level unsafe API.

			( PrivateKey) Double(x1, y1 *big.Int) (x, y *big.Int)
				Double returns 2*(x,y).
				
				Deprecated: this is a low-level unsafe API.

			(*PrivateKey) ECDH() (*ecdh.PrivateKey, error)
				ECDH returns k as a [ecdh.PrivateKey]. It returns an error if the key is
				invalid according to the definition of [ecdh.Curve.NewPrivateKey], or if the
				Curve is not supported by [crypto/ecdh].

			(*PrivateKey) Equal(x crypto.PrivateKey) bool
				Equal reports whether priv and x have the same value.
				
				See [PublicKey.Equal] for details on how Curve is compared.

			( PrivateKey) IsOnCurve(x, y *big.Int) bool
				IsOnCurve reports whether the given (x,y) lies on the curve.
				
				Deprecated: this is a low-level unsafe API. For ECDH, use the crypto/ecdh
				package. The NewPublicKey methods of NIST curves in crypto/ecdh accept
				the same encoding as the Unmarshal function, and perform on-curve checks.

			( PrivateKey) Params() *elliptic.CurveParams
				Params returns the parameters for the curve.

			(*PrivateKey) Public() crypto.PublicKey
				Public returns the public key corresponding to priv.

			( PrivateKey) ScalarBaseMult(k []byte) (x, y *big.Int)
				ScalarBaseMult returns k*G, where G is the base point of the group
				and k is an integer in big-endian form.
				
				Deprecated: this is a low-level unsafe API. For ECDH, use the crypto/ecdh
				package. Most uses of ScalarBaseMult can be replaced by a call to the
				PrivateKey.PublicKey method in crypto/ecdh.

			( PrivateKey) ScalarMult(x1, y1 *big.Int, k []byte) (x, y *big.Int)
				ScalarMult returns k*(x,y) where k is an integer in big-endian form.
				
				Deprecated: this is a low-level unsafe API. For ECDH, use the crypto/ecdh
				package. Most uses of ScalarMult can be replaced by a call to the ECDH
				methods of NIST curves in crypto/ecdh.

			(*PrivateKey) Sign(rand io.Reader, digest []byte, opts crypto.SignerOpts) ([]byte, error)
				Sign signs a hash (which should be the result of hashing a larger message
				with opts.HashFunc()) using the private key, priv. If the hash is longer than
				the bit-length of the private key's curve order, the hash will be truncated
				to that length. It returns the ASN.1 encoded signature, like [SignASN1].
				
				If rand is not nil, the signature is randomized. Most applications should use
				[crypto/rand.Reader] as rand. Note that the returned signature does not
				depend deterministically on the bytes read from rand, and may change between
				calls and/or between versions.
				
				If rand is nil, Sign will produce a deterministic signature according to RFC
				6979. When producing a deterministic signature, opts.HashFunc() must be the
				function used to produce digest and priv.Curve must be one of
				[elliptic.P224], [elliptic.P256], [elliptic.P384], or [elliptic.P521].

		Implements (at least 2)
			*PrivateKey : crypto.Signer
			 PrivateKey : crypto/elliptic.Curve
		As Outputs Of (at least 2)
			func GenerateKey(c elliptic.Curve, rand io.Reader) (*PrivateKey, error)
			func crypto/x509.ParseECPrivateKey(der []byte) (*PrivateKey, error)
		As Inputs Of (at least 3)
			func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err error)
			func SignASN1(rand io.Reader, priv *PrivateKey, hash []byte) ([]byte, error)
			func crypto/x509.MarshalECPrivateKey(key *PrivateKey) ([]byte, error)

	 type PublicKey (struct)
		PublicKey represents an ECDSA public key.

		Fields (total 3)
			Curve elliptic.Curve
			X *big.Int
			Y *big.Int
		Methods (total 8)
			( PublicKey) Add(x1, y1, x2, y2 *big.Int) (x, y *big.Int)
				Add returns the sum of (x1,y1) and (x2,y2).
				
				Deprecated: this is a low-level unsafe API.

			( PublicKey) Double(x1, y1 *big.Int) (x, y *big.Int)
				Double returns 2*(x,y).
				
				Deprecated: this is a low-level unsafe API.

			(*PublicKey) ECDH() (*ecdh.PublicKey, error)
				ECDH returns k as a [ecdh.PublicKey]. It returns an error if the key is
				invalid according to the definition of [ecdh.Curve.NewPublicKey], or if the
				Curve is not supported by crypto/ecdh.

			(*PublicKey) Equal(x crypto.PublicKey) bool
				Equal reports whether pub and x have the same value.
				
				Two keys are only considered to have the same value if they have the same Curve value.
				Note that for example [elliptic.P256] and elliptic.P256().Params() are different
				values, as the latter is a generic not constant time implementation.

			( PublicKey) IsOnCurve(x, y *big.Int) bool
				IsOnCurve reports whether the given (x,y) lies on the curve.
				
				Deprecated: this is a low-level unsafe API. For ECDH, use the crypto/ecdh
				package. The NewPublicKey methods of NIST curves in crypto/ecdh accept
				the same encoding as the Unmarshal function, and perform on-curve checks.

			( PublicKey) Params() *elliptic.CurveParams
				Params returns the parameters for the curve.

			( PublicKey) ScalarBaseMult(k []byte) (x, y *big.Int)
				ScalarBaseMult returns k*G, where G is the base point of the group
				and k is an integer in big-endian form.
				
				Deprecated: this is a low-level unsafe API. For ECDH, use the crypto/ecdh
				package. Most uses of ScalarBaseMult can be replaced by a call to the
				PrivateKey.PublicKey method in crypto/ecdh.

			( PublicKey) ScalarMult(x1, y1 *big.Int, k []byte) (x, y *big.Int)
				ScalarMult returns k*(x,y) where k is an integer in big-endian form.
				
				Deprecated: this is a low-level unsafe API. For ECDH, use the crypto/ecdh
				package. Most uses of ScalarMult can be replaced by a call to the ECDH
				methods of NIST curves in crypto/ecdh.

		Implements (at least one exported)
			 PublicKey : crypto/elliptic.Curve
		As Inputs Of (at least 2)
			func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool
			func VerifyASN1(pub *PublicKey, hash, sig []byte) bool


Package-Level Functions (total 5)

	 func GenerateKey(c elliptic.Curve, rand io.Reader) (*PrivateKey, error)
		GenerateKey generates a new ECDSA private key for the specified curve.
		
		Most applications should use [crypto/rand.Reader] as rand. Note that the
		returned key does not depend deterministically on the bytes read from rand,
		and may change between calls and/or between versions.

	 func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err error)
		Sign signs a hash (which should be the result of hashing a larger message)
		using the private key, priv. If the hash is longer than the bit-length of the
		private key's curve order, the hash will be truncated to that length. It
		returns the signature as a pair of integers. Most applications should use
		[SignASN1] instead of dealing directly with r, s.

	 func SignASN1(rand io.Reader, priv *PrivateKey, hash []byte) ([]byte, error)
		SignASN1 signs a hash (which should be the result of hashing a larger message)
		using the private key, priv. If the hash is longer than the bit-length of the
		private key's curve order, the hash will be truncated to that length. It
		returns the ASN.1 encoded signature.
		
		The signature is randomized. Most applications should use [crypto/rand.Reader]
		as rand. Note that the returned signature does not depend deterministically on
		the bytes read from rand, and may change between calls and/or between versions.

	 func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool
		Verify verifies the signature in r, s of hash using the public key, pub. Its
		return value records whether the signature is valid. Most applications should
		use VerifyASN1 instead of dealing directly with r, s.
		
		The inputs are not considered confidential, and may leak through timing side
		channels, or if an attacker has control of part of the inputs.

	 func VerifyASN1(pub *PublicKey, hash, sig []byte) bool
		VerifyASN1 verifies the ASN.1 encoded signature, sig, of hash using the
		public key, pub. Its return value records whether the signature is valid.
		
		The inputs are not considered confidential, and may leak through timing side
		channels, or if an attacker has control of part of the inputs.

The pages are generated with Golds v0.7.6-preview. (GOOS=linux GOARCH=amd64)
Golds is a Go 101 project developed by Tapir Liu.
PR and bug reports are welcome and can be submitted to the issue list.
Please follow @zigo_101 (reachable from the left QR code) to get the latest news of Golds.