signing a message with RSA-SHA1

1,549 views
Skip to first unread message

gregworley

unread,
Jan 18, 2011, 8:57:12 PM1/18/11
to golang-nuts
Is there a function that takes a private key and a message and
produces an RSA-SHA1 signature?

In an earlier golang-nuts discussion:
https://groups.google.com/d/msg/golang-nuts/3Di8wKtU_pI/lvw8CnIbpIsJ
peterGo provides:

package main
import (
"fmt"
"crypto/sha1"
)
func main() {
s := sha1.New()
s.Write([]byte("SecretPasskey"))
fmt.Println(s.Sum())
}

I'm not sure how I would use this to digitally sign a message with a
private key.
Thanks

Anthony Martin

unread,
Jan 18, 2011, 11:20:10 PM1/18/11
to gregworley, golang-nuts
gregworley <gr...@worleyworks.com> once said:
> Is there a function that takes a private key and a message and
> produces an RSA-SHA1 signature?

There's no function that wraps all of the
functionally needed to do this but it's
easy enough to write. See the attached file.

Anthony

rsa-sha1.go

James Nurmi

unread,
Jan 18, 2011, 11:18:44 PM1/18/11
to gregworley, golang-nuts
On Tue, Jan 18, 2011 at 5:57 PM, gregworley <gr...@worleyworks.com> wrote:

> I'm not sure how I would use this to digitally sign a message with a
> private key.

Depending on your goals, you might find
https://github.com/abneptis/GoCryptools/blob/master/signer/pkcs15.go useful

> Thanks
>
Cheers,
James

Anthony Martin

unread,
Jan 19, 2011, 12:17:02 AM1/19/11
to gregworley, golang-nuts
Note that there's a typo on line 23 of the
program I sent. The first agument passed to
os.Open should be 'file'.

I'm surprised 8g didn't complain about the
variable being declared and not used.

Anthony

Jessta

unread,
Jan 19, 2011, 12:34:16 AM1/19/11
to Anthony Martin, gregworley, golang-nuts

Go doesn't complaint if you don't use a function parameter.
Functions will often have parameters they don't use because they are
satisfying an interface.

- jessta


--
=====================
http://jessta.id.au

jimmy frasche

unread,
Jan 19, 2011, 12:46:17 AM1/19/11
to Jessta, Anthony Martin, gregworley, golang-nuts
You can use _ for param/return names, though it does not complain if
you do not. I'd prefer it complained, if for no other reason than the
reliable comfort of symmetry.

Anthony Martin

unread,
Jan 19, 2011, 3:19:00 AM1/19/11
to Jessta, gregworley, golang-nuts
Jessta <jes...@jessta.id.au> once said:
> Go doesn't complaint if you don't use a function
> parameter. Functions will often have parameters
> they don't use because they are satisfying an
> interface.

Two identical functions need not have the same
identifier names in their signatures; in fact,
you can leave out the identifier if the function
doesn't use the corresponding parameter.

Relatedly, the identifier of a method receiver
can be omitted if it isn't used inside the
method.

I think it should be an error to give a name to
a function parameter and then not use it.

Anthony

Anthony Martin

unread,
Jan 19, 2011, 3:23:44 AM1/19/11
to Jessta, gregworley, golang-nuts
Anthony Martin <al...@pbrane.org> once said:
> Two identical functions need not have the same
> identifier names in their signatures; in fact,
> you can leave out the identifier if the function
> doesn't use the corresponding parameter.

No, sorry about that. The spec says I'm wrong.

But I still think it should go my way. ;)

Cheers,
Anthony

David Roundy

unread,
Jan 19, 2011, 8:58:17 AM1/19/11
to jimmy frasche, Jessta, Anthony Martin, gregworley, golang-nuts
I can sympathize, but I also appreciate the fact that those parameter
names are an important source of documentation. Even if they aren't
used, the function should do its best do document why they're there,
so people using the function can have a reasonable chance of using it
properly (e.g. so their code will work if the parameter *is* used some
time in the future. Of course, if the compiler ignored parameters
like _permissions (but not "permissions"), that'd perhaps be the best
of both worlds?

David

--
David Roundy

gregworley

unread,
Jan 19, 2011, 3:27:23 PM1/19/11
to golan...@googlegroups.com, gregworley
rsa func SignPKCS1v15(rand io.Reader, priv *PrivateKey, hash PKCS1v15Hash, hashed []byte) (s []byte, err os.Error)
is returning type []uint8 that's a bunch of gobbly goop:
6�z�SG I itd�J�V I��J�I3 ݂��!���
Relevant part of my file:
h := sha1.New()
h.Write([]byte(toSign))
sum := h.Sum()
sig, _ := rsa.SignPKCS1v15(rand.Reader, key, rsa.HashSHA1, sum)
f := bytes.NewBuffer(sig)
g := f.String()
fmt.Printf("The Signed String is: %s\n and is of type:%T\n",g,g)

I've attached the complete file for reference, but what is it that is getting returned, and how do I convert it to text?
What I need is:
Nql641NHEUkUaXQHZINK1FZ~SYeUSo​BJMxjdgqrzIdzV​2gyEXPDNv0p​YdWJkflDKJ3xIu​7lbwRpSkG98NBlgP​i4ZJpRRnVX4kX​AJK6tdNx6FucD​B7OVqzcxkxH​sGFd8VCG1Bk​C-Afh9~lOCMIY​HIaiOB6~5jt9​w2EOwi6sIIqrg_
cfsigner.zip

Miek Gieben

unread,
Jan 19, 2011, 3:30:44 PM1/19/11
to golan...@googlegroups.com
[ Quoting gregworley in "[go-nuts] Re: signing a message wit"... ]

> is returning type []uint8 that's a bunch of gobbly goop:
> 6�z�SG I itd�J�V I��J�I3 ݂��!���
> Relevant part of my file:
>
> What I need is:
>

> Nql641NHEUkUaXQHZINK1FZ~SYeUSo​BJMxjdgqrzIdzV​2gyEXPDNv0p​YdWJkflDKJ3xIu​7lbwRpSkG98NBlgP​i4ZJpRRnVX4kX​AJK6tdNx6FucD​B7OVqzcxkxH​sGFd8VCG1Bk​C-Afh9~lOCMIY​HIaiOB6~5jt9​w2EOwi6sIIqrg_

convert it to base64, see encoding/base64, something ala:

b64 := make([]byte, base64.StdEncoding.EncodedLen(len(b)))
base64.StdEncoding.Encode(b64, b)

grtz Miek

signature.asc

gregworley

unread,
Jan 19, 2011, 8:22:32 PM1/19/11
to golang-nuts
works!
Thanks.
>  signature.asc
> < 1KViewDownload
Reply all
Reply to author
Forward
0 new messages