如何在golang中签署curve25519密钥?
[英]How do I sign a curve25519 key in golang?
问题描述
I am trying to implement the X3DH algorithm from Signal in Go.
我正在尝试从 Go 中的 Signal 实现 X3DH 算法。 However, I got stuck on how to sign the Public Signed PreKey.但是,我在如何签署 Public Signed PreKey 上陷入了困境。
Per the specifications it is supposed to be an X25519 key.根据规范,它应该是 X25519 密钥。 In looking at previous implementations on Github they generated a [32]byte key from the curve25519 package and then converted it to an ed25519 key and then signed it.在查看 Github 上的先前实现时,他们从curve25519 package 生成了一个[32]byte密钥,然后将其转换为ed25519密钥,然后对其进行签名。
However, the packages they used for the conversion are deprecated ( github.com/agl/ed25519 ).但是,他们用于转换的软件包已被弃用( github.com/agl/ed25519 )。 Therefore, I either need to be able to convert the keys to ed25519 so I can sign them with the current ed25519 package ( golang.org/x/crypto/25519 ) or implement a sign and verify function for curve25519 keys.因此,我需要能够将密钥转换为ed25519以便我可以使用当前的ed25519 package ( golang.org/x/crypto/25519 ) 对它们进行签名,或者对密钥实施签名并验证curve25519 。
2 个解决方案
解决方案1
0 已采纳 2020-06-26 15:07:49
Ed25519 keys can be converted to X25519 keys easily, the twisted Edwards curve used by Ed25519 and the Montgomery curve used by X25519 are birationally equivalent. Ed25519键可以轻松转换为X25519键,Ed25519 使用的扭曲爱德华兹曲线和Ed25519使用的蒙哥马利曲线是X25519 birationally等价的。
Points on the Edwards curve are usually referred to as ( x, y ), while points on the Montgomery curve are usually referred to as ( u, v ).爱德华兹曲线上的点通常称为 ( x, y ),而蒙哥马利曲线上的点通常称为 ( u, v )。
You don't need a library to do the conversion, it's really simple...您不需要库来进行转换,它真的很简单......
(u, v) = ((1+y)/(1-y), sqrt(-486664)*u/x)
(x, y) = (sqrt(-486664)*u/v, (u-1)/(u+1))
Here is a great blog by Filippo Valsorda, the Golang security lead at Google, discussing this topic.这是 Google 的 Golang 安全主管 Filippo Valsorda 撰写的一篇很棒的博客,讨论了这个话题。
解决方案2
0 2020-06-28 08:22:44
This takes in a public curve25519 key and converts it to an ed25519 public key.这需要一个公共的curve25519 密钥并将其转换为一个ed25519 的公共密钥。 I did not write this code but appears to be doing what Woodstock above is stating.我没有编写此代码,但似乎正在做上面伍德斯托克所说的事情。 Further information would be welcomed:欢迎提供更多信息:
func Verify(publicKey [32]byte, message []byte, signature *[64]byte) bool {
publicKey[31] &= 0x7F
/* Convert the Curve25519 public key into an Ed25519 public key. In
particular, convert Curve25519's "montgomery" x-coordinate into an
Ed25519 "edwards" y-coordinate:
ed_y = (mont_x - 1) / (mont_x + 1)
NOTE: mont_x=-1 is converted to ed_y=0 since fe_invert is mod-exp
Then move the sign bit into the pubkey from the signature.
*/
var edY, one, montX, montXMinusOne, montXPlusOne FieldElement
FeFromBytes(&montX, &publicKey)
FeOne(&one)
FeSub(&montXMinusOne, &montX, &one)
FeAdd(&montXPlusOne, &montX, &one)
FeInvert(&montXPlusOne, &montXPlusOne)
FeMul(&edY, &montXMinusOne, &montXPlusOne)
var A_ed [32]byte
FeToBytes(&A_ed, &edY)
A_ed[31] |= signature[63] & 0x80
signature[63] &= 0x7F
var sig = make([]byte, 64)
var aed = make([]byte, 32)
copy(sig, signature[:])
copy(aed, A_ed[:])
return ed25519.Verify(aed, message, sig)
This uses functions from "golang.org/x/crypto/ed25519/internal"这使用“golang.org/x/crypto/ed25519/internal”中的函数
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.