Asymmetric encryption algorithm has RSA, ECDSA, the difficulty of factoring the maximal integer to determine the reliability of RSA algorithm, ECDSA Elliptic curve encryption algorithm, is based on the elliptic equation formula, so security is higher than RSA.
here said to use ECDSA to do signature and check, do not say the principle;
Golang package ECDSA currently only with the private key encryption, public key checksum, there is no decryption link, so the current can be applied to digital signature;
The following is encapsulation:
/** creates a public and private key with a random key random key is at least 36 bits */func Getecdsakey (Randkey string) (*ECDSA. Privatekey, ECDSA. PublicKey, error) {var err error var PRK *ecdsa. Privatekey var puk ecdsa. PublicKey var curve elliptic. Curve lenth: = Len (randkey) if Lenth < 224/8 {err =errors. New ("The private key length is too short, at least 36 bits!") ") return Prk,puk,err} if lenth > 521/8 + 8 {curve = elliptic. P521 ()}else if lenth > 384/8 + 8 {curve = elliptic. P384 ()}else if lenth > 256/8 + 8 {curve = elliptic. P256 ()}else if lenth > 224/8 + 8 {curve = elliptic. P224 ()} PRK, err = ECDSA. GenerateKey (curve,strings. Newreader (Randkey)) if err! = Nil {return PRK, PUK, err} PUK = PRK. PublicKey return PRK, PUK, err}/** to text encryption, text must be a hash value, such as MD5, SHA1 and so on using the private key PRK use random entropy to enhance encryption security, security relies on this entropy, randsign Returns the result of the encryption, with the result of serialization of the digital certificate R, s, and then using hex to convert to string */func sign (text []byte,randsign STRING,PRK *ECDSA. Privatekey) (string, error) {R, S, err: = ECDsA.sign (Strings. Newreader (randsign), PRK, text) if err! = Nil {return "", err} RT, Err: = R.marshaltext () if err! = N Il {return "", err} st, err: = S.marshaltext () if err! = Nil {return "", err} var b bytes . Buffer w: = gzip. Newwriter (&b) Defer w.close () _, Err = W.write ([]byte (+ string (RT) + "+" + string (ST))) if err! = Nil { Return "", Err} w.flush () return hex. Encodetostring (B.bytes ()), nil}/** certificate decomposition is decoded by hex, divided into digital certificates r,s */func getsign (Signature string) (Rint, Sint Big. Int, err Error) {byterun, err: = Hex. Decodestring (signature) If err! = Nil {err = errors. New ("Decrypt error," + Err. Error ()) return} r, err: = gzip. Newreader (bytes. Newbuffer (Byterun)) if err! = Nil {err = errors. New ("Decode error," +err. Error ()) return} defer R.close () BUF: = Make ([]byte, 1024x768) count, err: = R.read (BUF) if err! = Nil {FMT. Println ("decode =", err) Err = errors. New ("Decode read error," + Err.) Error ()) return} rs: = Strings. Split (String (Buf[:count]), "+") If Len (rs)! = 2 {err = errors. New ("decode fail") return} err = Rint. Unmarshaltext ([]byte (Rs[0])) if err! = Nil {err = errors. New ("Decrypt rint fail," + Err. Error ()) return} err = Sint. Unmarshaltext ([]byte (Rs[1])) if err! = Nil {err = errors. New ("Decrypt Sint fail," + Err. Error ()) return} return}/** Verify that the text content is consistent with the signature using public key checksum signature and text content */func Verify (text []byte, signature string, K EY ECDSA. PublicKey) (bool, error) {rint, Sint, err: =getsign (signature) If err! = Nil {return false, err} res Ult: = Ecdsa. Verify (&key,text,&rint,&sint) return result, nil}/** hash encryption using MD5 encryption */func hashtext (text, salt string ) ([]byte) {md5inst: = MD5. New () Md5inst.write ([]byte (text)) Result: = Md5inst.sum ([]byte (salt)) return Result}func main () {//random entropy, for addingSecure randsign: = "20180619zafes"//random key for creating public and private keys randkey: = "fb0f7279c18d4394594fc9714797c9680335a320"//Create Public key And the private key PRK, PUK, err: = Getecdsakey (Randkey) if err! = Nil {fmt. PRINTLN (ERR)}//hash encryption uses the salt salt used by MD5: = "131ILZAW"//plaintext text to be encrypted: = "Hlloaefaefaefaefaefaefaefhelloaefa Efaefaefaefaefaefhelloaefaefaefaefaefaefaef "//TEXT1: =" Hlloaefaefaefaefaefaefaefhelloaefaefaefaefaefaefaefhelloaefaefaefaefaefaefaef1 "//hash value htext: = Hashtext (Text, SALT)//htext1: = Hashtext (text1,salt)//hash value encoded output FMT. Println (Hex. Encodetostring (Htext))//hash value is signed with result, err: = sign (HTEXT,RANDSIGN,PRK) if err! = Nil {fmt. PRINTLN (ERR)}//Signed Output FMT. PRINTLN (Result)//signature with hash value to verify tmp, ERR: = Verify (Htext,result,puk) fmt. PRINTLN (TMP)}
Use for reference ...