crypto

package

v0.5.9 Latest Latest Go to latest Published: May 21, 2026 License: BSD-2-Clause Imports: 9 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/SUNET/vc

Links

Open Source Insights

Documentation ¶

Overview ¶

Package crypto provides cryptographic interfaces and utilities for VC 2.0 Data Integrity proofs.

Index ¶

func DecodeIEEEP1363(signature []byte, curve elliptic.Curve) (*big.Int, *big.Int, error)
type ECDSAKeyWrapper
- func NewECDSAKeyWrapper(key *ecdsa.PrivateKey) *ECDSAKeyWrapper
type EdDSAKeyWrapper
- func NewEdDSAKeyWrapper(key ed25519.PrivateKey) *EdDSAKeyWrapper
type PKISignerWrapper
- func NewPKISignerWrapper(signer pki.RawSigner) *PKISignerWrapper
type VCSigner

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

func DecodeIEEEP1363 ¶

func DecodeIEEEP1363(signature []byte, curve elliptic.Curve) (*big.Int, *big.Int, error)

DecodeIEEEP1363 decodes an IEEE P1363 format ECDSA signature to (r, s) big integers. Useful for verification routines.

Types ¶

type ECDSAKeyWrapper ¶

type ECDSAKeyWrapper struct {
	// contains filtered or unexported fields
}

ECDSAKeyWrapper wraps an *ecdsa.PrivateKey to implement VCSigner. This provides backward compatibility with existing code that uses raw ECDSA keys.

func NewECDSAKeyWrapper ¶

func NewECDSAKeyWrapper(key *ecdsa.PrivateKey) *ECDSAKeyWrapper

NewECDSAKeyWrapper creates a new VCSigner from an ECDSA private key.

func (*ECDSAKeyWrapper) Algorithm ¶

func (w *ECDSAKeyWrapper) Algorithm() string

Algorithm returns the algorithm identifier (ES256, ES384, ES512).

func (*ECDSAKeyWrapper) PublicKey ¶

func (w *ECDSAKeyWrapper) PublicKey() crypto.PublicKey

PublicKey returns the ECDSA public key.

func (*ECDSAKeyWrapper) SignDigest ¶

func (w *ECDSAKeyWrapper) SignDigest(ctx context.Context, digest []byte) ([]byte, error)

SignDigest signs a pre-computed digest using ECDSA. Returns the signature in IEEE P1363 format (R||S concatenation).

NOTE: The digest length should match the curve's hash size requirement:

P-256 (ES256): 32 bytes (SHA-256)
P-384 (ES384): 48 bytes (SHA-384)
P-521 (ES512): 64 bytes (SHA-512)

If the digest is longer than the curve's bit size, ecdsa.Sign will only use the leftmost bits up to the curve order size. Callers should ensure proper hashing.

type EdDSAKeyWrapper ¶

type EdDSAKeyWrapper struct {
	// contains filtered or unexported fields
}

EdDSAKeyWrapper wraps an ed25519.PrivateKey to implement VCSigner. This provides backward compatibility with existing code that uses raw Ed25519 keys.

func NewEdDSAKeyWrapper ¶

func NewEdDSAKeyWrapper(key ed25519.PrivateKey) *EdDSAKeyWrapper

NewEdDSAKeyWrapper creates a new VCSigner from an Ed25519 private key.

func (*EdDSAKeyWrapper) Algorithm ¶

func (w *EdDSAKeyWrapper) Algorithm() string

Algorithm returns "Ed25519".

func (*EdDSAKeyWrapper) PublicKey ¶

func (w *EdDSAKeyWrapper) PublicKey() crypto.PublicKey

PublicKey returns the Ed25519 public key.

func (*EdDSAKeyWrapper) SignDigest ¶

func (w *EdDSAKeyWrapper) SignDigest(ctx context.Context, digest []byte) ([]byte, error)

SignDigest signs a message using Ed25519. Note: Ed25519 doesn't use pre-hashing in standard mode, so "digest" is actually the full message to be signed (the hash concatenation from Data Integrity proofs).

type PKISignerWrapper ¶

type PKISignerWrapper struct {
	// contains filtered or unexported fields
}

PKISignerWrapper wraps a pki.RawSigner to implement VCSigner. This enables HSM-based signing via the pki package.

func NewPKISignerWrapper ¶

func NewPKISignerWrapper(signer pki.RawSigner) *PKISignerWrapper

NewPKISignerWrapper creates a new VCSigner from a pki.RawSigner. Use this to integrate with the pki package for HSM or managed key support.

func (*PKISignerWrapper) Algorithm ¶

func (w *PKISignerWrapper) Algorithm() string

Algorithm returns the algorithm from the underlying signer.

func (*PKISignerWrapper) PublicKey ¶

func (w *PKISignerWrapper) PublicKey() crypto.PublicKey

PublicKey returns the public key from the underlying signer.

func (*PKISignerWrapper) SignDigest ¶

func (w *PKISignerWrapper) SignDigest(ctx context.Context, digest []byte) ([]byte, error)

SignDigest delegates to the underlying pki.RawSigner.

type VCSigner ¶

type VCSigner interface {
	// SignDigest signs a pre-hashed value without additional hashing.
	// For ECDSA, returns IEEE P1363 format (R||S concatenation).
	// For EdDSA, the digest is the full message to sign (Ed25519 doesn't pre-hash).
	SignDigest(ctx context.Context, digest []byte) ([]byte, error)

	// PublicKey returns the verification key.
	PublicKey() crypto.PublicKey

	// Algorithm returns the cryptographic algorithm identifier (e.g., "ES256", "Ed25519").
	Algorithm() string
}

VCSigner abstracts signing operations for Verifiable Credentials Data Integrity proofs. It supports both raw crypto keys and pki.RawSigner implementations (including HSMs).

The key difference from pki.Signer is that VCSigner operates on pre-computed digests, which is required by Data Integrity cryptosuites where the caller controls the hashing.

Source Files ¶

View all Source files

signer.go

Directories ¶

Path	Synopsis
common
ecdsa
eddsa
jcs Package jcs implements the EdDSA Cryptosuite using JSON Canonicalization Scheme (JCS) as defined in the W3C Data Integrity EdDSA Cryptosuites v1.0 specification.	Package jcs implements the EdDSA Cryptosuite using JSON Canonicalization Scheme (JCS) as defined in the W3C Data Integrity EdDSA Cryptosuites v1.0 specification.

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL