TIL: Asymmetric Cryptography in Go

I’ve been implementing a feature at work that involves asymmetric cryptography. It has been a pretty fun exercise in stitching together Go APIs while reading about best practices.

Here’s a few things I’ve learned over the last couple of days:

  • Go’s cryptography isn’t FIPS compliant.

  • Go has an implementation of ECDSA (Elliptic Curve Digital Signature Algorithm), but it doesn’t have any elliptic curve asymmetric encryption algorithms.

    • The best asymmetric algorithm that Go has is RSA

  • Go has an implementation of PEM (Privacy Enhanced Mail) data encoding which can be used to encode public/private in a familiar format. You’ve probably seen this format with SSH keys:

    -----BEGIN PUBLIC KEY-----
MIIEpAIBAAKCAQEAuOuUOwNRMbqc0jMEVTOyKuVUu0bk0zD5iwIggBHpDhV58DSJ
SK7OFIFHVMy6FKg2B3Y50srfVJ45OE9Vsb9hfErUNA/PB5meHGEI+yPKeni4GAfy
<and so on>
-----END PUBLIC KEY-----

  • The legacy PEM format has support for plaintext headers like so:

    -----BEGIN PUBLIC KEY-----
Data: Some value I don't mind being plaintext

MIIEpAIBAAKCAQEAuOuUOwNRMbqc0jMEVTOyKuVUu0bk0zD5iwIggBHpDhV58DSJ
SK7OFIFHVMy6FKg2B3Y50srfVJ45OE9Vsb9hfErUNA/PB5meHGEI+yPKeni4GAfy
<and so on>
-----END PUBLIC KEY-----
    • The newer RFC eplicitly doesn’t support headers, though:

      Unlike legacy PEM encoding RFC1421, OpenPGP ASCII armor, and the OpenSSH key file format, textual encoding does not define or permit headers to be encoded alongside the data.

  • Go’s APIs for encrypting, decrypting, signing, and verifying data are quite pleasant to use!

  • When signing data, Go will first have you run that data through a hash algorithm (e.g. SHA256). This actually makes quite a bit of sense, and it helps me better understand why secure hashing is important for cryptography.

  • OWASP (Open Worldwide Application Security Project) has a great section on encryption algorithms which can help guide those less familiar with the specifics of encryption.

  • There are a few algorithms for signing and encryption data with RSA. Go implements PKCS1v15 and OAEP for encryption, and PKCS1v15 and PSS for signing.

While I’m generally not a huge fan of Go, I do think the standard library has some nice packages, and the encryption library is definitely one of them.

Recent posts from blogs that I like

Naturalists: Sorolla and Zorn

Around 1890, two aspiring painters passed through a phase of Naturalism: in Spain, Joaquín Sorolla, and in Sweden, Anders Zorn, both on their way to become masters.

via The Eclectic Light Company

Moving away from Tailwind, and learning to structure my CSS

Hello! 8 years ago, I wrote excitedly about discovering Tailwind. At that time I really had no idea how to structure my CSS code and given the choice between a pile of complete chaos and Tailwind, I was really happy to choose Tailwind. It helped me make a lot of tiny sites! I spent the last week or ...

via Julia Evans

Add an LLM policy for rust-lang/rust

No comment on this PR may mention the following topics: Long-term social or economic impact of LLMs The environmental impact of LLMs Anything to do with the copyright status of LLM output Moral judgements about people who use LLMs We have asked the moderation team to help us enforce these rules. – A...

via Drew DeVault
Live in Seattle? Let's grab coffee!
github rss email