9 // Implements the RSA family of signing methods signing methods
10 // Expects *rsa.PrivateKey for signing and *rsa.PublicKey for validation
11 type SigningMethodRSA struct {
16 // Specific instances for RS256 and company
18 SigningMethodRS256 *SigningMethodRSA
19 SigningMethodRS384 *SigningMethodRSA
20 SigningMethodRS512 *SigningMethodRSA
25 SigningMethodRS256 = &SigningMethodRSA{"RS256", crypto.SHA256}
26 RegisterSigningMethod(SigningMethodRS256.Alg(), func() SigningMethod {
27 return SigningMethodRS256
31 SigningMethodRS384 = &SigningMethodRSA{"RS384", crypto.SHA384}
32 RegisterSigningMethod(SigningMethodRS384.Alg(), func() SigningMethod {
33 return SigningMethodRS384
37 SigningMethodRS512 = &SigningMethodRSA{"RS512", crypto.SHA512}
38 RegisterSigningMethod(SigningMethodRS512.Alg(), func() SigningMethod {
39 return SigningMethodRS512
43 func (m *SigningMethodRSA) Alg() string {
47 // Implements the Verify method from SigningMethod
48 // For this signing method, must be an *rsa.PublicKey structure.
49 func (m *SigningMethodRSA) Verify(signingString, signature string, key interface{}) error {
52 // Decode the signature
54 if sig, err = DecodeSegment(signature); err != nil {
58 var rsaKey *rsa.PublicKey
61 if rsaKey, ok = key.(*rsa.PublicKey); !ok {
62 return ErrInvalidKeyType
66 if !m.Hash.Available() {
67 return ErrHashUnavailable
69 hasher := m.Hash.New()
70 hasher.Write([]byte(signingString))
72 // Verify the signature
73 return rsa.VerifyPKCS1v15(rsaKey, m.Hash, hasher.Sum(nil), sig)
76 // Implements the Sign method from SigningMethod
77 // For this signing method, must be an *rsa.PrivateKey structure.
78 func (m *SigningMethodRSA) Sign(signingString string, key interface{}) (string, error) {
79 var rsaKey *rsa.PrivateKey
82 // Validate type of key
83 if rsaKey, ok = key.(*rsa.PrivateKey); !ok {
84 return "", ErrInvalidKey
88 if !m.Hash.Available() {
89 return "", ErrHashUnavailable
92 hasher := m.Hash.New()
93 hasher.Write([]byte(signingString))
95 // Sign the string and return the encoded bytes
96 if sigBytes, err := rsa.SignPKCS1v15(rand.Reader, rsaKey, m.Hash, hasher.Sum(nil)); err == nil {
97 return EncodeSegment(sigBytes), nil