ZBLOG

注册 原创投稿

golang HS,RS,ES,ED签名与验证

作者:golang云原生栏目:公开2023-07-06 03:121601

在Golang中,我们可以使用第三方库来进行HS、RS、ES和ED签名与验证。

  1. HS(HMAC-SHA)签名与验证

对于HS签名算法,我们可以使用crypto/hmac包生成签名,并使用常规的字符串比较来验证签名。下面是示例代码:

  1. package main
  3. import (
  4.     "crypto/hmac"
  5.     "crypto/sha256"
  6.     "encoding/base64"
  7.     "fmt"
  8. )
  10. func generateHMAC(key []byte, data []byte) ([]byte, error) {
  11.     h := hmac.New(sha256.New, key)
  12.     _, err := h.Write(data)
  13.     if err != nil {
  14.         return nil, err
  15.     }
  16.     
  17.     return h.Sum(nil), nil
  18. }
  20. func verifyHMAC(key []byte, data []byte, signature []byte) bool {
  21.     generatedSig, _ := generateHMAC(key, data)
  22.     
  23.     return hmac.Equal(signature, generatedSig)
  24. }
  26. func main() {
  27. 	key := []byte("mykey")
  28. 	data := []byte("hello world")
  29. 	
  30. 	// 签名数据
  31. 	signature, err := generateHMAC(key, data)
  32. 	if err != nil {
  33. 	    panic(err)
  34. 	}
  35. 	fmt.Println(base64.StdEncoding.EncodeToString(signature))
  36. 	
  37. 	// 验证签名
  38. 	isValid := verifyHMAC(key, data, signature)
  39. 	fmt.Println(isValid)
  40. }

在上面的代码中,我们使用了crypto/hmac包生成了一个sha256哈希值的HMAC-SHA签名,并将其编码为base64字符串输出。然后我们又定义了一个函数用于验证该签名是否有效。

  1. RS(RSA)签名与验证

对于RS签名算法,我们可以使用crypto/rsa包生成签名,并使用x509标准库验证签名。下面是示例代码:

  1. package main
  3. import (
  4.     "crypto/rand"
  5. 	"crypto/rsa"
  6. 	"crypto/sha256"
  7. 	"crypto/x509"
  8. 	"encoding/base64"
  9. 	"encoding/pem"
  10. 	"fmt"
  11. )
  13. func generateRSASignature(privateKey *rsa.PrivateKey, data []byte) ([]byte, error) {
  14. 	hashed := sha256.Sum256(data)
  15. 	return rsa.SignPKCS1v15(rand.Reader, privateKey, crypto.SHA256, hashed[:])
  16. }
  18. func verifyRSASignature(publicKey *rsa.PublicKey, data []byte, signature []byte) bool {
  19. 	hashed := sha256.Sum256(data)
  20. 	err := rsa.VerifyPKCS1v15(publicKey, crypto.SHA256, hashed[:], signature)
  21. 	
  22. 	return err == nil
  23. }
  25. func main() {
  26. 	privatePEM := `
  27. -----BEGIN RSA PRIVATE KEY-----
  28. MIIEpAIBAAKCAQEAvhyMBkTq8V2LgDlH0iS+F5+5IzJmWivNQ6atRyU7vgBnpLsX
  29. f1SoC4sz7hDhZ4Pey3BQaOfevQwHcNNmFj6XpYVnU6qNTBV85Cv5GK0d0mXliYb9
  30. dPGDEc+yTD3XC78FJ/kwcrpSKqIFrMdTsl9eKtMUkizPnzS/WuErxagZqXh7IY04
  31. 9SPNz92sfDmQDD+pqWcaAE09fRsLiZdR8WXJl+CZRXY8xTfZcCJGkhYX2tq5C3hW
  32. 4jB/75i50aeKw5L8sQa9YBbno8XnSlxjOkD0Oo1mH+PRezFyUd7v6gKFZElBWwM+
  33. I3/xKbUVkFGRW+f2u34VqRkiNlTNUeVQTWHgqwIDAQABAoIBAQCNKsbzJwpE3kAq
  34. 90oc6nUUGAxV99t/s9AJvZJtS1rSaIme/Pp/gmdVRDWX/LArwkxBhTN28jlMrMAO
  35. COxZLGzkaxwbeZEp+8LVWtfnbl+yr0MPkkpljmFuCKlr/+ltEKTkLu/i3M10EVbj
  36. in/YZZe47Tk8vKddbhRL4OdQ/Cpcp4gDOhpFPhPC0nVKPLF05TVoejoTtBwSGARL
  37. dm/mSCs4OUYayfGibVGPHh7PrvnkmMtG/GVIaet6IVSJxz98IJHVsmRIbHKAB26M
  38. 5++rHYiKr2ypndtQDMXiZ/zgr15uxPB59RgTZHjTXzlDJlvfiTmVMYi/RYlkHNig
  39. dPFv9vjxAoGBAOwllGEld+shcvRM/qNgTjKgu6sfpoFPlwo30lnmqDpIZPW78+xP
  40. 44JPiykoyckSD+MVjia91ER43Wy14vfptzGX7qN2Qpb6dWJpKtY9h8xPZ4+siGkC
  41. 3L2Iws1wubVUvFzHb7C0yOc/aX+bBf5fRPcgTxzTQlnWgkZYu7bZjS/lAoGBAMmm
  42. nGMqwEowDp3sVqExTYlTrSpEVTgc6e1py4zyr7RmOwhL+oGtSENNrnWclxzO8A5i
  43. +p88XZZNzrONaPfi/Vrs50jQmM3vxdZVmTug0Xn/38rlMX06hIH/RBHx/g/HzYPA
  44. JU71H45VtFDIqMZQ57GRJbQLToNgY2xsaBe6mbqxAoGBAKO5DBA9geUMpwzvMsf/
  45. XL1cqENwYLmSPrcWyIaRXe/NhuHPMAvpukNBFTT5dqfJDAmpPPVOlKcVOfckqcTm
  46. yEwmavLc+QUhLPAn2NnPbyto+hNTKYy5J4CmaGJ9ijrTIrFZDGPTOsDdvl41ZeR6
  47. V37vHlmOk8Saq67/nVBfNoXJAoGBAJKhMH8xbtzIfFnWzsRwFJS65YehysUNmjyx
  48. dddl5n3NXB0T5ixfgz1TDg/D3CUfhcxCRFL10iBvm9gFCYjhCWhAXpLsnELFeRL0
  49. KkJ3twz1b0GKyCpKqP9cT4dHsUy2sXN9z7Phk9+OJ/PoVzz8vQrF5EKZl0kLmteS
  50. a26u6MjBAoGBAJTKR/7wUvNAGlzSPxIyZXrrS4ixRsP1tQfYKK3SueipRLURDnMF
  51. a8FZphmnoWLDhHNK4htWJaqUTA90itEiRXMMduVgvywqpB5cshwjQMye+Tt+2gNr
  52. IXYxzyFLvWhBaGT/+RRNM8OcgzOEEhiL/UtsKzjCMFdCXjwM/xscFDNG
  53. -----END RSA PRIVATE KEY-----
  54. `
  55. 	
  56. 	publicPEM := `
  57. -----BEGIN PUBLIC KEY-----
  58. MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAvhyMBkTq8V2LgDlH0iS+
  59. F5+5IzJmWivNQ6atRyU7vgBnpLsXf1SoC4sz7hDhZ4Pey3BQaOfevQwHcNNmFj6X
  60. pYVnU6qNTBV85Cv5GK0d0mXliYb9dPGDEc+yTD3XC78FJ/kwcrpSKqIFrMdTsl9e
  61. KtMUkizPnzS/WuErxagZqXh7IY049SPNz92sfDmQDD+pqWcaAE09fRsLiZdR8WXJ
  62. l+CZRXY8xTfZcCJGkhYX2tq5C3hW4jB/75i50aeKw5L8sQa9YBbno8XnSlxjOkD0
  63. Oo1mH+PRezFyUd7v6gKFZElBWwM+I3/xKbUVkFGRW+f2u34VqRkiNlTNUeVQTWHg
  64. qwIDAQAB
  65. -----END PUBLIC KEY-----
  66. `
  67. 	
  68. 	privateBlock, _ := pem.Decode([]byte(privatePEM))
  69. 	if privateBlock == nil {
  70. 	    panic("failed to decode private key")
  71. 	}
  72. 	
  73. 	privateKey, err := x509.ParsePKCS1PrivateKey(privateBlock.Bytes)
  74. 	if err != nil {
  75. 	    panic(err)
  76. 	}
  77. 	
  78. 	publicBlock, _ := pem.Decode([]byte(publicPEM))
  79. 	if publicBlock == nil {
  80. 	    panic("failed to decode public key")
  81. 	}
  82. 	
  83. 	publicKeyInterface, err := x509.ParsePKIXPublicKey(publicBlock.Bytes)
  84. 	if err != nil {
  85. 	    panic(err)
  86. 	}
  87. 	
  88. 	publicKey, ok := publicKeyInterface.(*rsa.PublicKey)
  89. 	if !ok {
  90. 	    panic("public key is not of type *rsa.PublicKey")
  91. 	}
  93. 	data := []byte("hello world")
  95. 	// 签名数据
  96. 	signature, err := generateRSASignature(privateKey, data)
  97. 	if err != nil {
  98. 	    panic(err)
  99. 	}
  100. 	fmt.Println(base64.StdEncoding.EncodeToString(signature))
  102. 	// 验证签名
  103. 	isValid := verifyRSASignature(publicKey, data, signature)
  104. 	fmt.Println(isValid)

在上面的代码中,我们使用了crypto/rsa包生成了一个SHA256哈希值的RSA签名,并将其编码为base64字符串输出。然后我们又定义了一个函数用于验证该签名是否有效。

  1. ES(ECDSA)签名与验证

对于ES签名算法,我们可以使用crypto/ecdsa包生成签名,并使用x509标准库验证签名。下面是示例代码:

”` package main

import (

  1. "crypto/ecdsa"
  2. "crypto/elliptic"
  3. "crypto/rand"
  4. "crypto/sha256"
  5. "encoding/base64"
  6. "encoding/pem"
  7. "fmt"

)

func generateECDSASignature(privateKey *ecdsa.PrivateKey, data []byte) ([]byte, error) {

  1. hashed := sha256.Sum256(data)
  2. return ecdsa.SignASN1(rand.Reader, privateKey, hashed[:])

}

func verifyECDSASignature(publicKey *ecdsa.PublicKey, data []byte, signature []byte) bool {

  1. hashed := sha256.Sum256(data)
  2. return ecdsa.VerifyASN1(publicKey, hashed[:], signature)

}

func main() {

  1. privatePEM := `

—–BEGIN EC PRIVATE KEY—– MHcCAQEEIPKQEZgH4u/rT6lQy7VxxTm2UyA+9Zwmp3M+bIq0V8BSoAoGCCqGSM49 AwEHoUQDQgAE5XbNzP5Otnp4oPGt/lJwCvLjpsnWd9FgrqiLkex7aRaeizHHT+9W EBmt4fOPZiAtzS6nI4eFYNOlgoYkkUG/hw== —–END EC PRIVATE KEY—– `

  1. publicPEM := `

—–BEGIN PUBLIC KEY—– MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE5XbNzP5Otnp4oPGt/lJwCvLjpsnW d9FgrqiLkex7aRaeizHHT+9WEBmt4fOPZiAtzS6nI4eFYNOlgoYkkUG/hw== —–END PUBLIC KEY—– `

  1. privateBlock, _ := pem.Decode([]byte(privatePEM))
  2. if privateBlock == nil {
  3. 	panic("failed to decode private key")
  4. }
  6. privateKey, err := x509.ParseECPrivateKey(privateBlock.Bytes)
  7. if err != nil {
  8. 	panic(err)
  9. }
  11. publicBlock, _ := pem.Decode([]byte(publicPEM))
  12. if publicBlock == nil {
  13. 	panic("failed to decode public key")
  14. }
  16. publicKeyInterface, err := x509.ParsePKIXPublicKey(publicBlock.Bytes)
  17. if err != nil {
  18. 	panic(err)
  19. }
  21. publicKey, ok

本站部分文章来源于网络,版权归原作者所有,如有侵权请联系站长删除。
转载请注明出处:https://golang.0voice.com/?id=6560

golang云原生 golang云原生 管理员
分享:
扫描分享到社交APP
上一篇
下一篇

相关推荐

发表列表
游客 游客
此处应有掌声~
评论列表

还没有评论,快来说点什么吧~

golang云原生

golang云原生

  • 22687文章
  • 0评论
  • 2粉丝
  • 0被赞
最近发布
热门排行
热评文章
猜您喜欢
热门标签
Copyright ©2022    湖南零声信息科技有限公司    版权所有     湘ICP备18009867号-1          证照中心 

联系我们

在线咨询: 点击这里给我发消息

微信号:3007537140

上班时间: 10:30-22:30

关注我们
x

注册

已经有帐号?
简单注册快人一步