Skip to content

Rsa support #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Sriram137 wants to merge 5 commits into from
Closed

Rsa support #3

Sriram137 wants to merge 5 commits into from

Conversation

@Sriram137
Copy link

@Sriram137 Sriram137 commented Nov 30, 2016

This adds support to sign using Rsa-Sha256 and Rsa-Sha1 algorithms.

@porty
Copy link

porty commented Nov 30, 2016

Good work on adding the RSA-based algorithms! Once you add tests for those algorithms we'll look at merging this.

vektah
vektah reviewed Nov 30, 2016
View reviewed changes
algorithm.go
var (
AlgorithmHmacSha256 = &Algorithm{"hmac-sha256", sha256.New}
AlgorithmHmacSha1 = &Algorithm{"hmac-sha1", sha1.New}
AlgorithmHmacSha256 = &Algorithm{"hmac-sha256", sha256.New, hmacSign}
Copy link
Contributor

@vektah vektah Nov 30, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks like this could use a goimports run over it https://godoc.org/golang.org/x/tools/cmd/goimports

Copy link
Author

@Sriram137 Sriram137 Dec 1, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ran goimports and go fmt again.

algorithm.go Outdated

func parsePrivateKey(pemBytes []byte) (*rsa.PrivateKey, error) {
block, _ := pem.Decode(pemBytes)
println(pemBytes)
Copy link
Contributor

@vektah vektah Nov 30, 2016

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

debug println left in

@Sriram137
Copy link
Author

Sriram137 commented Dec 1, 2016
edited
Loading

Added a few tests. First golang project, so more suggestions are welcome

@ejholmes ejholmes mentioned this pull request Oct 25, 2017
Closed
@ejholmes
Copy link

ejholmes commented Oct 25, 2017

Hey @ElricL, thanks for your work on this! I was just looking for a Go implementation for RSA signature verification.

I think the implementation here has a subtle flaw. The primary advantage of RSA signature verification is that the verifier doesn't need access to the private key to verify the signature, only the public key. However, the way it's implemented in this PR, the verifier needs access to the private key.

When verifying an rsa-sha256 signature, the implementation should be re-generating the sha256 hash of the signing string, then verifying the signature against that using rsa.VerifyPKCS1v15.

I opened a new PR based on this one #11

@Sriram137 Sriram137 closed this Aug 27, 2018
@Sriram137 Sriram137 deleted the rsa_support branch August 27, 2018 21:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@vektah vektah vektah left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Sriram137 @porty @ejholmes @vektah