package ecdsa

Import Path
	crypto/ecdsa (on golang.org and go.dev)

Dependency Relation
	imports 11 packages, and imported by 2 packages


Involved Source Files

	
		Package ecdsa implements the Elliptic Curve Digital Signature Algorithm, as
		defined in FIPS 186-3.

		This implementation derives the nonce from an AES-CTR CSPRNG keyed by:

		SHA2-512(priv.D || entropy || hash)[:32]

		The CSPRNG key is indifferentiable from a random oracle as shown in
		[Coron], the AES-CTR stream is indifferentiable from a random oracle
		under standard cryptographic assumptions (see [Larsson] for examples).

		References:
		  [Coron]
		    https://cs.nyu.edu/~dodis/ps/merkle.pdf
		  [Larsson]
		    https://web.archive.org/web/20040719170906/https://www.nada.kth.se/kurser/kth/2D1441/semteo03/lecturenotes/assump.pdf

	      ecdsa_noasm.go


Code Examples

	
		package main
		
		import (
			"crypto/ecdsa"
			"crypto/elliptic"
			"crypto/rand"
			"crypto/sha256"
			"fmt"
		)
		
		func main() {
			privateKey, err := ecdsa.GenerateKey(elliptic.P256(), rand.Reader)
			if err != nil {
				panic(err)
			}
		
			msg := "hello, world"
			hash := sha256.Sum256([]byte(msg))
		
			sig, err := ecdsa.SignASN1(rand.Reader, privateKey, hash[:])
			if err != nil {
				panic(err)
			}
			fmt.Printf("signature: %x\n", sig)
		
			valid := ecdsa.VerifyASN1(&privateKey.PublicKey, hash[:], sig)
			fmt.Println("signature verified:", valid)
		}




Package-Level Type Names (total 2)


	/* sort by:  |  */
	
		PrivateKey represents an ECDSA private key.

		
			D *big.Int
			PublicKey PublicKey
			PublicKey.Curve elliptic.Curve
			PublicKey.X *big.Int
			PublicKey.Y *big.Int
		
			
				Add returns the sum of (x1,y1) and (x2,y2)

			
				Double returns 2*(x,y)

			
				Equal reports whether priv and x have the same value.

				See PublicKey.Equal for details on how Curve is compared.

			
				IsOnCurve reports whether the given (x,y) lies on the curve.

			
				Params returns the parameters for the curve.

			
				Public returns the public key corresponding to priv.

			
				ScalarBaseMult returns k*G, where G is the base point of the group
				and k is an integer in big-endian form.

			
				ScalarMult returns k*(Bx,By) where k is a number in big-endian form.

			
				Sign signs digest with priv, reading randomness from rand. The opts argument
				is not currently used but, in keeping with the crypto.Signer interface,
				should be the hash function used to digest the message.

				This method implements crypto.Signer, which is an interface to support keys
				where the private part is kept in, for example, a hardware module. Common
				uses should use the Sign function in this package directly.

		
			*T : crypto.Signer
			 T : crypto/elliptic.Curve
		
			func GenerateKey(c elliptic.Curve, rand io.Reader) (*PrivateKey, error)
			func crypto/x509.ParseECPrivateKey(der []byte) (*PrivateKey, error)
		
			func Sign(rand io.Reader, priv *PrivateKey, hash []byte) (r, s *big.Int, err error)
			func SignASN1(rand io.Reader, priv *PrivateKey, hash []byte) ([]byte, error)
			func crypto/x509.MarshalECPrivateKey(key *PrivateKey) ([]byte, error)


	
		PublicKey represents an ECDSA public key.

		
			Curve elliptic.Curve
			X *big.Int
			Y *big.Int
		
			
				Add returns the sum of (x1,y1) and (x2,y2)

			
				Double returns 2*(x,y)

			
				Equal reports whether pub and x have the same value.

				Two keys are only considered to have the same value if they have the same Curve value.
				Note that for example elliptic.P256() and elliptic.P256().Params() are different
				values, as the latter is a generic not constant time implementation.

			
				IsOnCurve reports whether the given (x,y) lies on the curve.

			
				Params returns the parameters for the curve.

			
				ScalarBaseMult returns k*G, where G is the base point of the group
				and k is an integer in big-endian form.

			
				ScalarMult returns k*(Bx,By) where k is a number in big-endian form.

		
			 T : crypto/elliptic.Curve
		
			func Verify(pub *PublicKey, hash []byte, r, s *big.Int) bool
			func VerifyASN1(pub *PublicKey, hash, sig []byte) bool




Package-Level Functions (total 5)


	
		GenerateKey generates a public and private key pair.


	
		Sign signs a hash (which should be the result of hashing a larger message)
		using the private key, priv. If the hash is longer than the bit-length of the
		private key's curve order, the hash will be truncated to that length. It
		returns the signature as a pair of integers. The security of the private key
		depends on the entropy of rand.


	
		SignASN1 signs a hash (which should be the result of hashing a larger message)
		using the private key, priv. If the hash is longer than the bit-length of the
		private key's curve order, the hash will be truncated to that length. It
		returns the ASN.1 encoded signature. The security of the private key
		depends on the entropy of rand.


	
		Verify verifies the signature in r, s of hash using the public key, pub. Its
		return value records whether the signature is valid.


	
		VerifyASN1 verifies the ASN.1 encoded signature, sig, of hash using the
		public key, pub. Its return value records whether the signature is valid.