1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
|
// Copyright (c) 2021 Andreas Auernhammer. All rights reserved.
// Use of this source code is governed by a license that can be
// found in the LICENSE file.
package minisign_test
import (
"crypto/rand"
"fmt"
"io"
"strconv"
"strings"
"github.com/aead/minisign"
)
func ExampleGenerateKey() {
// Generate a new minisign private / public key pair.
publicKey, privateKey, err := minisign.GenerateKey(rand.Reader)
if err != nil {
panic(err) // TODO: error handling
}
// Sign a message with the private key
message := []byte("Hello Gopher!")
signature := minisign.Sign(privateKey, message)
// Verify the signature with the public key and
// print the message if the signature is valid.
if minisign.Verify(publicKey, message, signature) {
fmt.Println(string(message))
}
// Output: Hello Gopher!
}
func ExampleEncryptKey() {
// Generate a new minisign private / public key pair.
// We don't care about the public key in this example.
_, privateKey, err := minisign.GenerateKey(rand.Reader)
if err != nil {
panic(err) // TODO: error handling
}
const password = "correct horse battery staple"
// Encrypt the private key with the password
encryptedKey, err := minisign.EncryptKey(password, privateKey)
if err != nil {
panic(err) // TODO: error handling
}
// Then, decrypt the encrypted key with the password again
decryptedKey, err := minisign.DecryptKey(password, encryptedKey)
if err != nil {
panic(err) // TODO: error handling
}
// Now, both private keys should be identical
fmt.Println(privateKey.Equal(decryptedKey))
// Output: true
}
func ExampleDecryptKey() {
const (
rawPrivateKey = "RWRTY0IyorAWr/1gdweGki6ua7GpmoPqS+7rMBSmBy6hedA53dAAABAAAAAAAAAAAAIAAAAAwfmyB6qIIW2eGNiQaFzgs1oi52iN8cRHBPRupc9TVdfAeJvlPdvzu3TfA2DHTW2PZi98uihcr5sEB5fefFml2d0xBk72ZOGNJpOTsn95eHgEH/qUfzQZ018JfiVwWf8pNpdgNFX8ROs="
password = "correct horse battery staple"
)
// Decrypt the raw private key with the password
privateKey, err := minisign.DecryptKey(password, []byte(rawPrivateKey))
if err != nil {
panic(err) // TODO: error handling
}
// Print the key ID as upper-case hex string
fmt.Println("Private Key", strings.ToUpper(strconv.FormatUint(privateKey.ID(), 16)))
// Output: Private Key A345BDA18A33D06
}
func ExampleSign() {
const (
rawPrivateKey = "RWRTY0IyorAWr/1gdweGki6ua7GpmoPqS+7rMBSmBy6hedA53dAAABAAAAAAAAAAAAIAAAAAwfmyB6qIIW2eGNiQaFzgs1oi52iN8cRHBPRupc9TVdfAeJvlPdvzu3TfA2DHTW2PZi98uihcr5sEB5fefFml2d0xBk72ZOGNJpOTsn95eHgEH/qUfzQZ018JfiVwWf8pNpdgNFX8ROs="
password = "correct horse battery staple"
)
// Decrypt the raw private key with the password
privateKey, err := minisign.DecryptKey(password, []byte(rawPrivateKey))
if err != nil {
panic(err) // TODO: error handling
}
// Sign a message with the private key
message := []byte("Hello Gopher!")
signature := minisign.Sign(privateKey, message)
fmt.Println(string(signature))
}
func ExampleSignWithComments() {
const (
rawPrivateKey = "RWRTY0IyorAWr/1gdweGki6ua7GpmoPqS+7rMBSmBy6hedA53dAAABAAAAAAAAAAAAIAAAAAwfmyB6qIIW2eGNiQaFzgs1oi52iN8cRHBPRupc9TVdfAeJvlPdvzu3TfA2DHTW2PZi98uihcr5sEB5fefFml2d0xBk72ZOGNJpOTsn95eHgEH/qUfzQZ018JfiVwWf8pNpdgNFX8ROs="
password = "correct horse battery staple"
)
// Decrypt the raw private key with the password
privateKey, err := minisign.DecryptKey(password, []byte(rawPrivateKey))
if err != nil {
panic(err) // TODO: error handling
}
// Sign a message with comments with the private key
const (
trustedComment = "This comment is signed and can be trusted"
untrustedComment = "This comment is not signed and just informational"
)
message := []byte("Hello Gopher!")
signature := minisign.SignWithComments(privateKey, message, trustedComment, untrustedComment)
fmt.Println(string(signature))
// Output: untrusted comment: This comment is not signed and just informational
// RWQGPaMY2ls0CmMflCAP5J/MpaXmt+3+UoT1vRSPRjXO6w0KNtpkcQe3TxQ35kAwhjFVB6CEYYrHZmMvWjXRutefRHicRUiAJwQ=
// trusted comment: This comment is signed and can be trusted
// /jXXGSI/q3MhrZ5PKzL221/qC+JFVpgilf9su6AcTtMffw+9ShYt5LjU2RG1M/EspIoEv4xxK/36TeCQBgHbBw==
}
func ExampleVerify() {
const rawPublicKey = "RWQGPaMY2ls0CkF/83ls7D+IU25w3jeYczwo3s451zDlnrJJwOdt2ro8"
var (
message = []byte("Hello Gopher!")
signature = []byte(`untrusted comment: signature from private key: A345BDA18A33D06
RWQGPaMY2ls0CmMflCAP5J/MpaXmt+3+UoT1vRSPRjXO6w0KNtpkcQe3TxQ35kAwhjFVB6CEYYrHZmMvWjXRutefRHicRUiAJwQ=
trusted comment: timestamp:1600100266
2x/lxCqL+PHoT4I9Wc8PHmoNBtohgmFdWwPBON55Y2P0ttpBHgr4OFldr/Hq7nDcBGt5SBs2XjtMnxjVs6byBg==`)
)
var publicKey minisign.PublicKey
if err := publicKey.UnmarshalText([]byte(rawPublicKey)); err != nil {
panic(err) // TODO: error handling
}
if minisign.Verify(publicKey, message, signature) {
fmt.Println(string(message))
}
// Output: Hello Gopher!
}
func ExampleReader() {
// Generate a new minisign public / private key pair.
publicKey, privateKey, err := minisign.GenerateKey(rand.Reader)
if err != nil {
panic(err) // TODO: error handling
}
const Message = "Hello Gopher!"
// Sign a data stream after processing it. (Here, we just discard it)
reader := minisign.NewReader(strings.NewReader(Message))
if _, err := io.Copy(io.Discard, reader); err != nil {
panic(err) // TODO: error handling
}
signature := reader.Sign(privateKey)
// Read a data stream and then verify its authenticity with
// the public key.
reader = minisign.NewReader(strings.NewReader(Message))
message, err := io.ReadAll(reader)
if err != nil {
panic(err) // TODO: error handling
}
if reader.Verify(publicKey, signature) {
fmt.Println(string(message))
}
// Output: Hello Gopher!
}
|
