`package `**ecdsa**
Import Path
crypto/ecdsa* (on go.dev)*
Dependency Relation
imports 19 packages, and imported by 2 packages
Involved Source Files
Package ecdsa implements the Elliptic Curve Digital Signature Algorithm, as
defined in FIPS 186-4 and SEC 1, Version 2.0.
Signatures generated by this package are not deterministic, but entropy is
mixed with the private key and the message, achieving the same level of
security in case of randomness source failure.
Operations involving private keys are implemented using constant-time
algorithms, as long as an [elliptic.Curve] returned by [elliptic.P224],
[elliptic.P256], [elliptic.P384], or [elliptic.P521] is used.
ecdsa_legacy.go
ecdsa_noasm.go
notboring.go
Code Examples
package main
import (
"crypto/ecdsa"
"crypto/elliptic"
"crypto/rand"
"crypto/sha256"
"fmt"
)
func main() {
privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
if err != nil {
panic(err)
}
msg := "hello, world"
hash := sha256.Sum256([]byte(msg))
sig, err := ecdsa.SignASN1(rand.Reader, privateKey, hash[:])
if err != nil {
panic(err)
}
fmt.Printf("signature: %x\n", sig)
valid := ecdsa.VerifyASN1(&privateKey.PublicKey, hash[:], sig)
fmt.Println("signature verified:", valid)
}
Package-Level Type Names* (total 2)*
PrivateKey represents an ECDSA private key.
D **big.Int*
PublicKey *PublicKey*
PublicKey.Curve *elliptic.Curve*
PublicKey.X **big.Int*
PublicKey.Y **big.Int*
Add returns the sum of (x1,y1) and (x2,y2).
Deprecated: this is a low-level unsafe API.
Double returns 2*(x,y).
Deprecated: this is a low-level unsafe API.
ECDH returns k as a [ecdh.PrivateKey]. It returns an error if the key is
invalid according to the definition of [ecdh.Curve.NewPrivateKey], or if the
Curve is not supported by [crypto/ecdh].
Equal reports whether priv and x have the same value.
See [PublicKey.Equal] for details on how Curve is compared.
IsOnCurve reports whether the given (x,y) lies on the curve.
Deprecated: this is a low-level unsafe API. For ECDH, use the crypto/ecdh
package. The NewPublicKey methods of NIST curves in crypto/ecdh accept
the same encoding as the Unmarshal function, and perform on-curve checks.
Params returns the parameters for the curve.
Public returns the public key corresponding to priv.
ScalarBaseMult returns k*G, where G is the base point of the group
and k is an integer in big-endian form.
Deprecated: this is a low-level unsafe API. For ECDH, use the crypto/ecdh
package. Most uses of ScalarBaseMult can be replaced by a call to the
PrivateKey.PublicKey method in crypto/ecdh.
ScalarMult returns k*(x,y) where k is an integer in big-endian form.
Deprecated: this is a low-level unsafe API. For ECDH, use the crypto/ecdh
package. Most uses of ScalarMult can be replaced by a call to the ECDH
methods of NIST curves in crypto/ecdh.
Sign signs digest with priv, reading randomness from rand. The opts argument
is not currently used but, in keeping with the crypto.Signer interface,
should be the hash function used to digest the message.
This method implements crypto.Signer, which is an interface to support keys
where the private part is kept in, for example, a hardware module. Common
uses can use the [SignASN1] function in this package directly.
*PrivateKey : crypto.Signer
PrivateKey : crypto/elliptic.Curve
func GenerateKey(c elliptic.Curve, rand io.Reader) (***PrivateKey**, error)
func crypto/x509.ParseECPrivateKey(der []byte) (***PrivateKey**, error)
func Sign(rand io.Reader, priv ***PrivateKey**, hash []byte) (r, s *big.Int, err error)
func SignASN1(rand io.Reader, priv ***PrivateKey**, hash []byte) ([]byte, error)
func crypto/x509.MarshalECPrivateKey(key ***PrivateKey**) ([]byte, error)
PublicKey represents an ECDSA public key.
Curve *elliptic.Curve*
X **big.Int*
Y **big.Int*
Add returns the sum of (x1,y1) and (x2,y2).
Deprecated: this is a low-level unsafe API.
Double returns 2*(x,y).
Deprecated: this is a low-level unsafe API.
ECDH returns k as a [ecdh.PublicKey]. It returns an error if the key is
invalid according to the definition of [ecdh.Curve.NewPublicKey], or if the
Curve is not supported by crypto/ecdh.
Equal reports whether pub and x have the same value.
Two keys are only considered to have the same value if they have the same Curve value.
Note that for example [elliptic.P256] and elliptic.P256().Params() are different
values, as the latter is a generic not constant time implementation.
IsOnCurve reports whether the given (x,y) lies on the curve.
Deprecated: this is a low-level unsafe API. For ECDH, use the crypto/ecdh
package. The NewPublicKey methods of NIST curves in crypto/ecdh accept
the same encoding as the Unmarshal function, and perform on-curve checks.
Params returns the parameters for the curve.
ScalarBaseMult returns k*G, where G is the base point of the group
and k is an integer in big-endian form.
Deprecated: this is a low-level unsafe API. For ECDH, use the crypto/ecdh
package. Most uses of ScalarBaseMult can be replaced by a call to the
PrivateKey.PublicKey method in crypto/ecdh.
ScalarMult returns k*(x,y) where k is an integer in big-endian form.
Deprecated: this is a low-level unsafe API. For ECDH, use the crypto/ecdh
package. Most uses of ScalarMult can be replaced by a call to the ECDH
methods of NIST curves in crypto/ecdh.
PublicKey : crypto/elliptic.Curve
func Verify(pub ***PublicKey**, hash []byte, r, s *big.Int) bool
func VerifyASN1(pub ***PublicKey**, hash, sig []byte) bool
Package-Level Functions* (total 5)*
GenerateKey generates a new ECDSA private key for the specified curve.
Most applications should use [crypto/rand.Reader] as rand. Note that the
returned key does not depend deterministically on the bytes read from rand,
and may change between calls and/or between versions.
Sign signs a hash (which should be the result of hashing a larger message)
using the private key, priv. If the hash is longer than the bit-length of the
private key's curve order, the hash will be truncated to that length. It
returns the signature as a pair of integers. Most applications should use
[SignASN1] instead of dealing directly with r, s.
SignASN1 signs a hash (which should be the result of hashing a larger message)
using the private key, priv. If the hash is longer than the bit-length of the
private key's curve order, the hash will be truncated to that length. It
returns the ASN.1 encoded signature.
The signature is randomized. Most applications should use [crypto/rand.Reader]
as rand. Note that the returned signature does not depend deterministically on
the bytes read from rand, and may change between calls and/or between versions.
Verify verifies the signature in r, s of hash using the public key, pub. Its
return value records whether the signature is valid. Most applications should
use VerifyASN1 instead of dealing directly with r, s.
The inputs are not considered confidential, and may leak through timing side
channels, or if an attacker has control of part of the inputs.
VerifyASN1 verifies the ASN.1 encoded signature, sig, of hash using the
public key, pub. Its return value records whether the signature is valid.
The inputs are not considered confidential, and may leak through timing side
channels, or if an attacker has control of part of the inputs.

The pages are generated with Golds v0.6.9-preview. (GOOS=linux GOARCH=amd64)
Golds is a Go 101 project developed by Tapir Liu.
PR and bug reports are welcome and can be submitted to the issue list.
Please follow @Go100and1 (reachable from the left QR code) to get the latest news of Golds. |