-
Notifications
You must be signed in to change notification settings - Fork 17.7k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
crypto/ecdsa: add SignASN1, VerifyASN1 #20544
Comments
/cc @agl |
I ran into this oddness during BoringCrypto work too. It does seem like there should be a
to match ecdsa.PrivateKey.Sign. It would be tempting to add SignBytes that returns []byte instead of two big.Int, but that name doesn't seem right. So maybe instead:
? @agl, I'm happy to write these if you sign off (ha) on the names. |
This came up during @katiehockman's work on Wycheproof tests, and it seems like a good idea, it looks like we are forcing everyone to use encoding/asn1 when they just want to deal with ECDSA. I'm in favor of adding these APIs. |
Based on the discussion above, this seems like a likely accept. Leaving open for a week for final comments. |
Exposing a public signature interface with big-ints was dumb(*). The interface should always have been byte-based. (* happy to use strong language here because it was my screw-up.) |
No change in consensus (agl strongly agrees!), so accepting. |
Great, thanks! I have a change ready for this, so I'll pass it along shortly (though it won't go in until 1.15) |
I wonder if there should be a |
Change https://golang.org/cl/217940 mentions this issue: |
Glad to have found this. I'm trying to discover whether the SignASN1 returns DER or BER by default (translating work from a JS lib). Perhaps this could be part of the docs? |
It's DER. I'd be happy to take a PR to replace "ASN.1" with "ASN.1 DER" in
the docs of both functions!
…On Mon, Sep 21, 2020 at 9:40 AM SaulEntersekt ***@***.***> wrote:
Glad to have found this. I'm trying to discover whether the SignASN1
returns DER or BER by default (translating work from a JS lib). Perhaps
this could be part of the docs?
—
You are receiving this because you commented.
Reply to this email directly, view it on GitHub
<#20544 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAJLETSVGIL6EDZWSRPJPN3SG37QPANCNFSM4DNRJO6Q>
.
|
@FiloSottile Honestly I'm not sure where there repo for the docs would live. Looked around but nothing leaps out to me. |
The docs are right in the code! https://github.com/golang/go/blob/master/src/crypto/ecdsa/ecdsa.go#L285 |
@FiloSottile Ah nice. Quite new to go community. Here is the PR: #41521 |
Thank you, and welcome!
You'll need to make the CLA bot happy for us to merge it, but it's
something you only have to do once!
…On Mon, Sep 21, 2020 at 2:26 PM SaulEntersekt ***@***.***> wrote:
@FiloSottile <https://github.com/FiloSottile> Ah nice. Quite new to go
community.
Here is the PR: #41521 <#41521>
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub
<#20544 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AAJLETSZGIU55UNZZXYXAN3SG5BARANCNFSM4DNRJO6Q>
.
|
@FiloSottile Sadly I now have a round trip through legal. :P |
The
crypto.Signer
implementation provided by crypto.ecdsa encodes its signature into bytes using the ASN.1 format that's used by TLS, but it doesn't provide a matching verification routine that takes a[]byte
instead of a pair ofbig.Int
s. It's straightforward to implement one, and both crypto.tls and crypto.x509 have done so, but it seems silly to make every consumer independently implement a standardized signature format.The text was updated successfully, but these errors were encountered: