Documentation ¶
Overview ¶
Package easyecc ties together several other common packages and makes it easy to perform common elliptic key cryptography operations on multiple curves (including secp256k1, used by Bitcoin, see https://en.bitcoin.it/wiki/Secp256k1).
In addition to secp256k1, P-256, P-384 and P-521 are also supported.
These operations include:
-- Creating private keys, in various ways
-- Saving private key to file, possibly passphrase-protected
-- Reading and decrypting private key from file
-- Signing data using the private key and verifying with the public key (ECDSA)
-- Encrypting data using a symmetric encryption key derived from private key/public key pair (ECDH)
See the examples for more information.
Index ¶
- Constants
- Variables
- func Hash160(buf []byte) []byte
- func Hash256(data []byte) []byte
- type EllipticCurve
- type PrivateKey
- func NewPrivateKey(curve EllipticCurve) (*PrivateKey, error)
- func NewPrivateKeyFromFile(fileName string, passphrase string) (*PrivateKey, error)
- func NewPrivateKeyFromJSON(data string) (*PrivateKey, error)
- func NewPrivateKeyFromMnemonic(curve EllipticCurve, mnemonic string) (*PrivateKey, error)
- func NewPrivateKeyFromPassword(curve EllipticCurve, password, salt []byte) *PrivateKey
- func NewPrivateKeyFromSecret(curve EllipticCurve, secret *big.Int) *PrivateKey
- func (pk *PrivateKey) Curve() EllipticCurve
- func (pk *PrivateKey) Decrypt(content []byte, publicKey *PublicKey) ([]byte, error)
- func (pk *PrivateKey) DecryptSymmetric(content []byte) ([]byte, error)
- func (pk *PrivateKey) Encrypt(content []byte, publicKey *PublicKey) ([]byte, error)
- func (pk *PrivateKey) EncryptSymmetric(content []byte) ([]byte, error)
- func (pk *PrivateKey) Equal(other *PrivateKey) bool
- func (pk *PrivateKey) GetECDHEncryptionKey(publicKey *PublicKey) ([]byte, error)
- func (pk *PrivateKey) MarshalToJSON() (string, error)
- func (pk *PrivateKey) Mnemonic() (string, error)
- func (pk *PrivateKey) PublicKey() *PublicKey
- func (pk *PrivateKey) Save(fileName string, passphrase string) error
- func (pk *PrivateKey) Secret() *big.Int
- func (pk *PrivateKey) Sign(hash []byte) (*Signature, error)
- func (pk *PrivateKey) ToECDSA() *ecdsa.PrivateKey
- type PublicKey
- func (pbk *PublicKey) BitcoinAddress() (string, error)
- func (pbk *PublicKey) Bytes() []byte
- func (pbk *PublicKey) CompressedBytes() []byte
- func (pbk *PublicKey) Curve() EllipticCurve
- func (pbk *PublicKey) Equal(other *PublicKey) bool
- func (pbk *PublicKey) EqualSerializedCompressed(other []byte) bool
- func (pbk *PublicKey) EthereumAddress() (string, error)
- func (pbk *PublicKey) ToECDSA() *ecdsa.PublicKey
- func (pbk *PublicKey) X() *big.Int
- func (pbk *PublicKey) Y() *big.Int
- type Signature
Examples ¶
Constants ¶
const ( PBKDF2_ITER = 16384 PBKDF2_SIZE = 32 )
Variables ¶
var ErrDifferentCurves = fmt.Errorf("the keys must use the same curve")
var ErrUnsupportedCurve = fmt.Errorf("the operation is not supported on this curve")
var ErrUnsupportedKeyType = fmt.Errorf("unsupported key type")
Functions ¶
Types ¶
type EllipticCurve ¶
type EllipticCurve int
const ( INVALID_CURVE EllipticCurve = -1 SECP256K1 EllipticCurve = 1 P256 EllipticCurve = 2 P384 EllipticCurve = 3 P521 EllipticCurve = 4 )
func StringToEllipticCurve ¶
func StringToEllipticCurve(s string) EllipticCurve
StringToEllipticCurve converts the elliptic curve name to EllipticCurve. If the name is not recognized, INVALID_CURVE is returned.
func (EllipticCurve) String ¶
func (ec EllipticCurve) String() string
String returns the elliptic curve name as a string.
type PrivateKey ¶
type PrivateKey struct {
// contains filtered or unexported fields
}
PrivateKey represents elliptic cryptography private key.
func NewPrivateKey ¶
func NewPrivateKey(curve EllipticCurve) (*PrivateKey, error)
NewPrivateKey creates a new random private key, given a curve.
func NewPrivateKeyFromFile ¶
func NewPrivateKeyFromFile(fileName string, passphrase string) (*PrivateKey, error)
NewPrivateKeyFromFile loads private key from fileName. If no passphrase is give, the file is assumed to be in JWK format. If passphrase is given, the file is assumed to be in JWE format, containing encrypted JWK key.
func NewPrivateKeyFromJSON ¶
func NewPrivateKeyFromJSON(data string) (*PrivateKey, error)
CreatePrivateKeyFromJSON creates private key from JWK-encoded representation. See https://www.rfc-editor.org/rfc/rfc7517.
func NewPrivateKeyFromMnemonic ¶
func NewPrivateKeyFromMnemonic(curve EllipticCurve, mnemonic string) (*PrivateKey, error)
NewPrivateKeyFromMnemonic creates private key on given curve from a mnemonic phrase. Only SECP256K1 and P256 keys can be created from mnemonic.
func NewPrivateKeyFromPassword ¶
func NewPrivateKeyFromPassword(curve EllipticCurve, password, salt []byte) *PrivateKey
NewPrivateKeyFromPassword creates a private key on the given curve from password using PBKDF2 algorithm. See https://en.wikipedia.org/wiki/PBKDF2.
func NewPrivateKeyFromSecret ¶
func NewPrivateKeyFromSecret(curve EllipticCurve, secret *big.Int) *PrivateKey
NewPrivateKeyFromSecret creates a private key on the given curve from secret.
func (*PrivateKey) Curve ¶
func (pk *PrivateKey) Curve() EllipticCurve
Curve returns the elliptic curve for this public key.
func (*PrivateKey) Decrypt ¶
func (pk *PrivateKey) Decrypt(content []byte, publicKey *PublicKey) ([]byte, error)
func (*PrivateKey) DecryptSymmetric ¶
func (pk *PrivateKey) DecryptSymmetric(content []byte) ([]byte, error)
DecryptSymmetric decrypts the content that was previously encrypted using this private key. Decryption is done using AES-256 with CGM cipher.
func (*PrivateKey) Encrypt ¶
func (pk *PrivateKey) Encrypt(content []byte, publicKey *PublicKey) ([]byte, error)
Example ¶
aliceKey, err := NewPrivateKey(P256) if err != nil { log.Fatal(err) } bobKey, err := NewPrivateKey(P256) if err != nil { log.Fatal(err) } data := "super secret message" encrypted, err := aliceKey.Encrypt([]byte(data), bobKey.PublicKey()) if err != nil { log.Fatal(err) } decrypted, err := bobKey.Decrypt(encrypted, aliceKey.PublicKey()) if err != nil { log.Fatal(err) } fmt.Printf("%s\n", string(decrypted))
Output: super secret message
func (*PrivateKey) EncryptSymmetric ¶
func (pk *PrivateKey) EncryptSymmetric(content []byte) ([]byte, error)
EncryptSymmetric encrypts content using this private key. The same private key must be used for decryption. Encryption is done using AES-256 with CGM cipher. TODO: Use JWE here? The function itself would probably go to deprecated package.
func (*PrivateKey) Equal ¶
func (pk *PrivateKey) Equal(other *PrivateKey) bool
Equal returns true if this key is equal to the other key.
func (*PrivateKey) GetECDHEncryptionKey ¶
func (pk *PrivateKey) GetECDHEncryptionKey(publicKey *PublicKey) ([]byte, error)
GetECDHEncryptionKey returns a shared key that can be used to encrypt data exchanged by two parties, using Elliptic Curve Diffie-Hellman algorithm (ECDH). For Alice and Bob, the key is guaranteed to be the same when it's derived from Alice's private key and Bob's public key or Alice's public key and Bob's private key.
See https://en.wikipedia.org/wiki/Elliptic-curve_Diffie%E2%80%93Hellman.
func (*PrivateKey) MarshalToJSON ¶
func (pk *PrivateKey) MarshalToJSON() (string, error)
MarshalToJSON returns the key JWK representation, see https://www.rfc-editor.org/rfc/rfc7517.
Example ¶
privateKey := NewPrivateKeyFromSecret(P256, big.NewInt(12345)) jwkBytes, err := privateKey.MarshalToJSON() if err != nil { log.Fatal(err) } fmt.Printf("%s\n", jwkBytes) privateKeyCopy, err := NewPrivateKeyFromJSON(jwkBytes) if err != nil { log.Fatal(err) } if privateKey.Equal(privateKeyCopy) { fmt.Printf("keys match!") }
Output: {"kty":"EC","crv":"P-256","x":"Ju/OvQ7p40pmkYfhizqRIrL3M5RbZJzJ+fkh6fna2BI","y":"kCOL3pzHuzMNFQxncE3SWucFUgV0S28xv0BwdFhy0OY","d":"MDk"} keys match!
func (*PrivateKey) Mnemonic ¶
func (pk *PrivateKey) Mnemonic() (string, error)
Mnemonic returns a mnemonic phrase which can be used to recover this private key.
func (*PrivateKey) PublicKey ¶
func (pk *PrivateKey) PublicKey() *PublicKey
PublicKey returns the public key derived from this private key.
func (*PrivateKey) Save ¶
func (pk *PrivateKey) Save(fileName string, passphrase string) error
Save saves the private key to the specified file. If passphrase is empty, the file will contain the key in JWK format. Otherwise, the file will contain encrypted JWK key in JWE format.
func (*PrivateKey) Secret ¶
func (pk *PrivateKey) Secret() *big.Int
Secret returns the private key's secret.
func (*PrivateKey) Sign ¶
func (pk *PrivateKey) Sign(hash []byte) (*Signature, error)
Sign signs (ECDSA) the hash using the private key and returns signature. See https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm.
Example ¶
privateKey := NewPrivateKeyFromSecret(P256, big.NewInt(12345)) data := "super secret message" hash := Hash256([]byte(data)) signature, err := privateKey.Sign(hash) if err != nil { log.Fatal(err) } publicKey := privateKey.PublicKey() success := signature.Verify(publicKey, hash) fmt.Printf("Signature verified: %v\n", success)
Output: Signature verified: true
func (*PrivateKey) ToECDSA ¶
func (pk *PrivateKey) ToECDSA() *ecdsa.PrivateKey
ToECDSA returns this key as crypto/ecdsa private key.
type PublicKey ¶
type PublicKey struct {
// contains filtered or unexported fields
}
PublicKey represents elliptic curve cryptography private key.
func NewPublicKeyFromBytes ¶
func NewPublicKeyFromBytes(curve EllipticCurve, b []byte) (*PublicKey, error)
func NewPublicKeyFromCompressedBytes ¶
func NewPublicKeyFromCompressedBytes(curve EllipticCurve, b []byte) (*PublicKey, error)
func NewPublicKeyFromPoint ¶
NewPublicKeyFromPoint creates a new public key given a point on the curve.
func (*PublicKey) BitcoinAddress ¶
BitcoinAddress returns the Bitcoin address for this public key. Unless the public key is on SECP256K1 curve, ErrUnsupportedCurve is returned.
func (*PublicKey) CompressedBytes ¶
SerializeCompressed returns the private key serialized in SEC compressed format. The result is 33 bytes long.
func (*PublicKey) Curve ¶
func (pbk *PublicKey) Curve() EllipticCurve
Curve returns the elliptic curve for this public key.
func (*PublicKey) EqualSerializedCompressed ¶
EqualSerializedCompressed returns true if this key is equal to the other, given as serialized compressed representation.
func (*PublicKey) EthereumAddress ¶
EthereumAddress returns an Ethereum address for this public key. Unless the public key is on SECP256K1 curve, ErrUnsupportedCurve is returned.
type Signature ¶
Signature represents a cryptographic signature (ECDSA). See https://en.wikipedia.org/wiki/Elliptic_Curve_Digital_Signature_Algorithm