ed25519

  4 分钟阅读  

原文:https://pkg.go.dev/crypto/ed25519@go1.23.0

Package ed25519 implements the Ed25519 signature algorithm. See https://ed25519.cr.yp.to/.

​ ed25519 包实现了 Ed25519 签名算法。请参阅 https://ed25519.cr.yp.to/

These functions are also compatible with the “Ed25519” function defined in RFC 8032. However, unlike RFC 8032’s formulation, this package’s private key representation includes a public key suffix to make multiple signing operations with the same key more efficient. This package refers to the RFC 8032 private key as the “seed”.

​ 这些函数还与 RFC 8032 中定义的“Ed25519”函数兼容。但是,与 RFC 8032 的表述不同,此包的私钥表示包含一个公钥后缀,以便使用同一密钥进行多次签名操作更有效率。此包将 RFC 8032 私钥称为“种子”。

Example (Ed25519ctx)

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20

pub, priv, err := GenerateKey(nil)
if err != nil {
	log.Fatal(err)
}

msg := []byte("The quick brown fox jumps over the lazy dog")

sig, err := priv.Sign(nil, msg, &Options{
	Context: "Example_ed25519ctx",
})
if err != nil {
	log.Fatal(err)
}

if err := VerifyWithOptions(pub, msg, sig, &Options{
	Context: "Example_ed25519ctx",
}); err != nil {
	log.Fatal("invalid signature")
}
Output:

常量

View Source

 1
 2
 3
 4
 5
 6
 7
 8
 9
10

const (
	// PublicKeySize is the size, in bytes, of public keys as used in this package.
	PublicKeySize = 32
	// PrivateKeySize is the size, in bytes, of private keys as used in this package.
	PrivateKeySize = 64
	// SignatureSize is the size, in bytes, of signatures generated and verified by this package.
	SignatureSize = 64
	// SeedSize is the size, in bytes, of private key seeds. These are the private key representations used by RFC 8032.
	SeedSize = 32
)

变量

This section is empty.

函数

func GenerateKey

1

func GenerateKey(rand io.Reader) (PublicKey, PrivateKey, error)

GenerateKey generates a public/private key pair using entropy from rand. If rand is nil, crypto/rand.Reader will be used.

​ GenerateKey 使用 rand 中的熵生成公钥/私钥对。如果 rand 为 nil,则将使用 crypto/rand.Reader。

func Sign

1

func Sign(privateKey PrivateKey, message []byte) []byte

Sign signs the message with privateKey and returns a signature. It will panic if len(privateKey) is not PrivateKeySize.

​ Sign 使用 privateKey 对消息进行签名并返回签名。如果 len(privateKey) 不是 PrivateKeySize,它将引发 panic。

func Verify

1

func Verify(publicKey PublicKey, message, sig []byte) bool

Verify reports whether sig is a valid signature of message by publicKey. It will panic if len(publicKey) is not PublicKeySize.

​ Verify 报告 sig 是否是 publicKey 对消息的有效签名。如果 len(publicKey) 不是 PublicKeySize,它将引发 panic。

func VerifyWithOptions <- go1.20

1

func VerifyWithOptions(publicKey PublicKey, message, sig []byte, opts *Options) error

VerifyWithOptions reports whether sig is a valid signature of message by publicKey. A valid signature is indicated by returning a nil error. It will panic if len(publicKey) is not PublicKeySize.

​ VerifyWithOptions 报告 sig 是否是 publicKey 对 message 的有效签名。有效签名通过返回 nil 错误来指示。如果 len(publicKey) 不是 PublicKeySize,它将引发 panic。

If opts.Hash is crypto.SHA512, the pre-hashed variant Ed25519ph is used and message is expected to be a SHA-512 hash, otherwise opts.Hash must be crypto.Hash(0) and the message must not be hashed, as Ed25519 performs two passes over messages to be signed.

​ 如果 opts.Hash 是 crypto.SHA512,则使用预哈希变体 Ed25519ph,并且 message 预计是 SHA-512 哈希,否则 opts.Hash 必须是 crypto.Hash(0),并且 message 不得被哈希,因为 Ed25519 对要签名的消息执行两遍。

类型

type Options <- go1.20

1
2
3
4
5
6
7
8

type Options struct {
	// Hash can be zero for regular Ed25519, or crypto.SHA512 for Ed25519ph.
	Hash crypto.Hash

	// Context, if not empty, selects Ed25519ctx or provides the context string
	// for Ed25519ph. It can be at most 255 bytes in length.
	Context string
}

Options can be used with PrivateKey.Sign or VerifyWithOptions to select Ed25519 variants.

​ Options 可与 PrivateKey.Sign 或 VerifyWithOptions 一起使用以选择 Ed25519 变体。

(*Options) HashFunc <- go1.20

1

func (o *Options) HashFunc() crypto.Hash

HashFunc returns o.Hash.

​ HashFunc 返回 o.Hash。

type PrivateKey

1

type PrivateKey []byte

PrivateKey is the type of Ed25519 private keys. It implements crypto.Signer.

​ PrivateKey 是 Ed25519 私钥的类型。它实现了 crypto.Signer。

func NewKeyFromSeed

1

func NewKeyFromSeed(seed []byte) PrivateKey

NewKeyFromSeed calculates a private key from a seed. It will panic if len(seed) is not SeedSize. This function is provided for interoperability with RFC 8032. RFC 8032’s private keys correspond to seeds in this package.

​ NewKeyFromSeed 从种子计算私钥。如果 len(seed) 不是 SeedSize,它将引发 panic。提供此函数是为了与 RFC 8032 互操作。RFC 8032 的私钥对应于此包中的种子。

(PrivateKey) Equal <- go1.15

1

func (priv PrivateKey) Equal(x crypto.PrivateKey) bool

Equal reports whether priv and x have the same value.

​ Equal 报告 priv 和 x 是否具有相同的值。

(PrivateKey) Public

1

func (priv PrivateKey) Public() crypto.PublicKey

Public returns the PublicKey corresponding to priv.

​ Public 返回与 priv 对应的公钥。

(PrivateKey) Seed

1

func (priv PrivateKey) Seed() []byte

Seed returns the private key seed corresponding to priv. It is provided for interoperability with RFC 8032. RFC 8032’s private keys correspond to seeds in this package.

​ Seed 返回与 priv 对应的私钥种子。它用于与rfc8032的互操作性。rfc8032的私钥对应于此包中的种子。

(PrivateKey) Sign

1

func (priv PrivateKey) Sign(rand io.Reader, message []byte, opts crypto.SignerOpts) (signature []byte, err error)

Sign signs the given message with priv. rand is ignored.

​ Sign 使用 priv 对给定的消息签名。

If opts.HashFunc() is crypto.SHA512, the pre-hashed variant Ed25519ph is used and message is expected to be a SHA-512 hash, otherwise opts.HashFunc() must be crypto.Hash(0) and the message must not be hashed, as Ed25519 performs two passes over messages to be signed.

​ 如果 opts.Hash() 为 512,则使用预哈希 Ed25519ph,并且消息应为 SHA-512 哈希,否则 opts.Hash() 必须为 Hash(0),并且消息不能被哈希,因为 Ed25519 对要签名的消息执行两次哈希。

A value of type Options can be used as opts, or crypto.Hash(0) or crypto.SHA512 directly to select plain Ed25519 or Ed25519ph, respectively.

​ 可以将类型为的Options值用作 opts,或直接使用 or.Hash(0)或 or.512 分别选择纯 Ed25519或 Ed25519ph。

type PublicKey

1

type PublicKey []byte

PublicKey is the type of Ed25519 public keys.

​ PublicKey 是 Ed25519 公钥的类型。

(PublicKey) Equal <- go1.15

1

func (pub PublicKey) Equal(x crypto.PublicKey) bool

Equal reports whether pub and x have the same value.

​ Equal 报告 pub 和 x 是否具有相同的值。

最后修改 October 10, 2024: 更新 (a4b8f85)