I need to sign a message for submission to a remote service (over a websocket). To do this, I need to structure a private key based on an integer (my user id) and a passphrase (a base64 encoded string)., hashed using SHA224. I'm using golang, and crypto/ecdsa for this with accompanying packages for byte encoding etc.
Here's the documentation I have:
Signatures use an Elliptic Curve Digital Signature Algorithm (ECDSA) encoded message containing: user ID, Server Nonce, Client Node and Private key. Private keys are generated hashing your user ID and your password with SHA224.
Here's my func:
func NewKey(userId int64, pass string) (prKey ecdsa.PrivateKey) {
buf := new(bytes.Buffer)
binary.Write(buf, binary.BigEndian, userId)
passArr := []byte(pass)
sha := sha256.New224()
sha.Write(buf.Bytes())
sha.Write(passArr)
sum := sha.Sum(nil)
var in int64
reader := bytes.NewReader(sum)
err := binary.Read(reader, binary.BigEndian, &in)
if err != nil {
log.Fatal(err)
}
prKey.D = big.NewInt(in)
prKey.PublicKey.Curve = elliptic.P224()
return prKey
}
My intent with this func is that it:
Hashes the userId and pass correctly in a
[]byteusing SHA224.Reads that into an
int64which is then used as the private keyConstructs an instance of
ecdsa.PrivateKeyand correspondingecdsa.PublicKeycorrectlyReturns said key for use in
ecdsa.Sign()function calls
I then sign another message which consists of a userId (integer), and two nonces.
Here's how I sign my message:
key := NewKey(userId, pass) // the above func
msg := sha256.New224().Sum([]byte(userId + srNonce + clNonce))
r, s, err := ecdsa.Sign(rand.Reader, &key, msg)
sig := []string{enc(r.String()), enc(s.String())}
Questions:
Is my
NewKeyfunc correct?The
randscomponents are very large - presumably because I'm usingint64. Could this be an issue?Is the line
sha256.New224().Sum([]byte(userId + pass))"correct" for hasing those two items?How can I create my private key correctly (assuming it's wrong) and subsequently sign the message?
I'm very new to ECDSA and have basic crypto knowledge in general.
