README
¶
ECDH
I am not a cryptographer
The simple implementation of an elliptical curve Diffie-Hellman key exchange method.
ECDH can:
- Generate, marshal and unmarshal key pairs
- Encrypt and decrypt messages
- Sign and verify messages
Examples
Generate shared secret, encrypt and decrypt a message
package main
import (
"github.com/noartem/ecdh"
)
func main() {
// generate random Alice key pair
alice, err := ecdh.GenerateKey()
if err != nil { ... }
// generate random Bob key pair
bob, err := ecdh.GenerateKey()
if err != nil { ... }
// shared secret in Alice client
secretAlice, err := alice.GenerateSecret(bob.PublicKey())
if err != nil { ... }
// shared secret in Bob client
secretBob, err := bob.GenerateSecret(alice.PublicKey())
if err != nil { ... }
// always (secretAlice.Secret == secretBob.Secret)
if secretAlice.Secret != secretBob.Secret {
panic("Impossible")
}
// original message writen by Alice
messageAlice := "Hello, Bob!"
// encrypted Alice message
encryptedMessage, err := secretAlice.Encrypt(messageAlice)
if err != nil { ... }
// Bob decrypt message and get original message
messageBob, err := secretBob.Decrypt(encryptedMessage)
if err != nil { ... }
// always (messageBob == messageAlice)
if messageBob != messageAlice {
panic("Impossible")
}
}
Marshal and unmarshal key pairs
package main
import (
"github.com/noartem/ecdh"
)
func main() {
//
// Alice side
//
// generate random Alice key pair
alice, err := ecdh.GenerateKey()
if err != nil { ... }
// Marshal key pair into 2 strings
privateKeyString, publicKeyString := alice.Marshal()
// DO NOT SHARE privateKeyString
// privateKeyString you can store in local storage
saveInLocalStorage(privateKeyString)
// Send publicKeyString to Bob
sendToBob(publicKeyString)
// Unmarshal alice key pair
aliceUnmarshaled, err := ecdh.Unmarshal(privateKey, publicKey)
if err != nil { ... }
// "alice" == "aliceUnmarshaled" (deep compression)
//
// Bob side
//
// generate random Bob key pair
bob, err := ecdh.GenerateKey()
if err != nil { ... }
alicePublicKeyString := getAliceKey()
// unmarshal string from Alice to public key
alicePublic, err := ecdh.UnmarshalPublic(alicePublicKeyString)
if err != nil { ... }
// shared secret in Alice client
sharedSecret, err := bob.GenerateSecret(alicePublic)
if err != nil { ... }
}
Sing and verify a random hash
package main
import (
"fmt"
"github.com/noartem/ecdh"
)
func main() {
//
// Alice side
//
// generate random Alice key pair
alice, err := ecdh.GenerateKey()
if err != nil { ... }
_, publicKeyString := alice.Marshal()
R, S, hash, err := alice.Sign()
if err != nil { ... }
// R, S and hash is public information
sendToBob(publicKeyString, R, S, hash)
aliceUnmarshaled, err := ecdh.Unmarshal(privateKey, publicKey)
if err != nil { ... }
// "alice" == "aliceUnmarshaled" (deep compression)
//
// Bob side
//
// generate random Bob key pair
bob, err := ecdh.GenerateKey()
if err != nil { ... }
alicePublicKeyString, R, S, hash := getAliceKey()
// Verify verify Alice message
messageIsReallyFromAlice, err := bob.Verify(R, S, hash, alicePublicKeyString)
if err != nil { ... }
// Check if message was signed by Alice
if messageIsReallyFromAlice {
fmt.Println("This message was signed by Alice! (and we verified it)")
}
}
Documentation
¶
Index ¶
- func UnmarshalPublic(publicKeyStr string) (ecdsa.PublicKey, error)
- func UnmarshalPublicCustomCurve(curve elliptic.Curve, publicKeyStr string) (ecdsa.PublicKey, error)
- type KeyPair
- func (kp *KeyPair) GenerateSecret(anotherPublicKey ecdsa.PublicKey) (*SharedSecret, error)
- func (kp *KeyPair) Marshal() (privateKey, publicKey string)
- func (kp *KeyPair) PrivateKey() *ecdsa.PrivateKey
- func (kp *KeyPair) PublicKey() ecdsa.PublicKey
- func (kp *KeyPair) Sign() (string, string, string, error)
- func (kp *KeyPair) SignCustomCache(hash []byte) (string, string, error)
- func (kp *KeyPair) Verify(R, S, hash, publicKeyStr string) (bool, error)
- func (kp *KeyPair) VerifyCustomPublic(rStr, sStr, hash string, publicKey ecdsa.PublicKey) (bool, error)
- type SharedSecret
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
func UnmarshalPublic ¶
UnmarshalPublic restore public key from string
Types ¶
type KeyPair ¶
type KeyPair struct {
// contains filtered or unexported fields
}
KeyPair crypto key pair
func GenerateKeyCustomCurve ¶
GenerateKey generate new random key pair by custom curve
func UnmarshalCustomCurve ¶
func UnmarshalCustomCurve(curve elliptic.Curve, privateKeyStr, publicKeyStr string) (*KeyPair, error)
UnmarshalCustomCurve restore key pair from privateKey and publicKey string by custom curve
func (*KeyPair) GenerateSecret ¶
func (kp *KeyPair) GenerateSecret(anotherPublicKey ecdsa.PublicKey) (*SharedSecret, error)
GenerateSecret generate shared secret
func (*KeyPair) PrivateKey ¶
func (kp *KeyPair) PrivateKey() *ecdsa.PrivateKey
PrivateKey return private key from key pair
func (*KeyPair) Sign ¶
Sign sign random generated hash by private key, returns signed hash, raw hash
func (*KeyPair) SignCustomCache ¶
Sign sign hash by private key, returns signed hash
type SharedSecret ¶
type SharedSecret struct {
// contains filtered or unexported fields
}
SharedSecret shared by ECDH secret
func NewSharedSecret ¶
func NewSharedSecret(secret string) (*SharedSecret, error)
NewSharedSecret create new SharedSecret by raw secret
Source Files
Click to show internal directories.
Click to hide internal directories.