Sign and Verify with Go
Contents
func GetSignature(encodedPriKey, rawMsg string) (string, error) {
rawPriKey, err := base64.StdEncoding.DecodeString(encodedPriKey)
if err != nil {
return "", err
}
// key
block, _ := pem.Decode(rawPriKey)
if block == nil {
return "", errors.New("ssh: no key found")
}
priKey, err := x509.ParsePKCS1PrivateKey(block.Bytes)
if err != nil {
return "", err
}
// msg
sha := sha256.New()
sha.Write([]byte(rawMsg))
msg := sha.Sum(nil)
signature, err := rsa.SignPSS(rand.Reader, priKey, crypto.SHA256, msg, nil)
if err != nil {
return "", err
}
rawSignature := base64.StdEncoding.EncodeToString(signature)
return rawSignature, nil
}
func VerifySignature(encodedPubKey, rawSignature, rawMsg string) bool {
rawPubKey, err := base64.StdEncoding.DecodeString(encodedPubKey)
if err != nil {
return false
}
// key
block, _ := pem.Decode(rawPubKey)
if block == nil {
return false
}
pubKey, err := x509.ParsePKCS1PublicKey(block.Bytes)
if err != nil {
return false
}
// signature
signature, err := base64.StdEncoding.DecodeString(rawSignature)
if err != nil {
return false
}
// msg
sha := sha256.New()
sha.Write([]byte(rawMsg))
msg := sha.Sum(nil)
if err = rsa.VerifyPSS(pubKey, crypto.SHA256, msg, signature, nil); err != nil {
return false
}
return true
}