如何使用NaCl签署大型文件？

Given the sign capability from Go NaCl library (https://github.com/golang/crypto/tree/master/nacl/sign), how to sign a file, especially, a very large file as big as more than 1GB? Most of the internet search results are all about signing a slice or small array of bytes.

I can think of 2 ways:

Loop through the file and stream in a block manner (e.g. 16k each time), then feed it into the sign function. The streamed output are concatenated into a signature certificate. For verification, it is done reversely.
Use SHA(X) to generate the shasum of the file and then sign the shasum output.

写回答
好问题 0 提建议
追加酬金
关注问题
分享
邀请回答
编辑收藏删除结题
收藏举报

2条回答默认最新

关注

码龄粉丝数原力等级 --

被采纳

被点赞

采纳率
dongmi1221 2019-04-07 22:05
关注
For signing very large files (multiple gigabytes and up), the problem of using a standard signing function is often runtime and fragility. For very large files (or just slow disks) it could perhaps take hours or more just to serially read the full file from start to end.

In such cases, you want a way to process the file in parallel. One of the common ways to do this which is suitable for cryptographic signatures is Merkle tree hashes. They allow you to split the large file into smaller chunks, hash them in parallel (producing "leaf hashes"), and then further hash those hashes in a tree structure to produce a root hash which represents the full file.

Once you have calculated this Merkle tree root hash, you can sign this root hash. It then becomes possible to use the signed Merkle tree root hash to verify all of the file chunks in parallel, as well as verifying their order (based on the positions of the leaf hashes in the tree structure).

本回答被题主选为最佳回答 , 对您是否有帮助呢?

解决无用
评论打赏
分享
举报

评论

按下Enter换行，Ctrl+Enter发表内容

查看更多回答(1条)

报告相同问题？

关注问题

如何使用NaCl签署大型文件？
2019-04-07 01:02

回答 2 已采纳 For signing very large files (multiple gigabytes and up), the problem of using a standard signing
如何在Go中加密大型文件/字节流？
2018-03-29 01:16

回答 2 已采纳 As you've already discovered from your research, there isn't much of an elegant solution for authe
Python运行中磁盘空间变小 pygame python 开发语言
2022-10-18 23:14

回答 1 已采纳不知道题主是不是用的pycharm,它运行完程序后会在安装盘产生大量缓存文件，如果是删除C:\Users\15839\AppData\Local\JetBrains\PyCharm2020.2\cac
TLS协议分析 (八) 实现与开源项目
2021-09-09 09:56

OpenIM的博客没有历史包袱的项目，强烈建议使用 libsodium/NaCL。这篇文章介绍了NaCL和openssl相比的各方面改进 ...
在Go中为接口类型分配<nil>为什么有效？
2014-05-01 18:40

回答 2 已采纳 It is always dicey when you ask questions like "why does the compiler consider it legal…" The answ
为什么这两个golang整数转换函数给出不同的结果？
2014-07-11 22:01

回答 2 已采纳 This is an educated guess, but int type can be 64bit or 32bit depending on the platform, on my sys
加密聊天中的“运行时错误：切片范围超出范围”
2018-08-19 16:42

回答 1 已采纳 For no apparent reason, you hope that len(input.Bytes()) >= 24. When it is not: panic: runtime
Go 相关的框架，库和软件的精选清单
2020-07-03 09:37

baobaodqh的博客概述这是一个Go 相关的框架，库和软件的精选清单，引用自 awesome-go项目，并翻译补充而来这是...EasyMIDI -EasyMidi是一个简单可靠的库，用于处理标准Midi文件（SMF）。 flac支持FLAC流的Native Go FLAC编码器/...
声明和定义中的不同函数参数类型
2018-01-26 05:14

回答 1 已采纳 The runtime package function is: //go:linkname startTimer time.startTimer func startTimer(t *time
Balanced Chemical Equations less
2017-10-25 14:17

回答 1 已采纳 https://www.nowcoder.com/questionTerminal/782f92d16fc1488f8f11afe1eeb6ef78
Golang：HTML页面和GO通讯 html javascript
2015-01-28 15:42

回答 4 已采纳 You can use websockets (WebSocket@Wikipedia). Here are 2 implementations: golang.org/x/net/webso
精选的 Go 框架，库和软件的精选清单
2020-05-09 11:24

思月行云的博客 goConfig- 将结构解析为输入，并使用命令行，环境变量和配置文件中的参数填充此结构的字段。 godotenv -Ruby 的 dotenv 库的 Go 端口（从加载环境变量.env）。 gofigure Go 应用程序的配置。 missing / jconf- ...
在生产中服务Go Webapps nginx
2014-01-26 23:40

回答 1 已采纳 Your question outlines your tradeoffs pretty well. I can't tell you for certain which you should
TLS协议分析与现代加密通信协议设计
2019-09-06 12:14

庚庚911的博客 5.6 libsodium/NaCL 5.7 Tox.im 5.8 CurveCP 5.9 tcpcrypt 5.10 noise 5.11 tcpcrypt 5.12 netflix MSL 5.13 Amazon KMS 密钥管理服务白皮书六. TLS协议给我们的启发 -- 现代加密通信协议设计七. 附录...
Go框架，库和软件的精选列表
2019-05-05 15:55

思月行云的博客 - 将结构解析为输入，并使用命令行，环境变量和配置文件中的参数填充此结构的字段。 godotenv - Ruby的dotenv库的端口（从中加载环境变量 .env ）。 gofigure - 简化应用程序配置。 gone / jconf ...
Tendermint: Byzantine Fault Tolerance in the Age of Blockchains
2018-09-19 21:22

任小浪的博客然而，自问世以来，Raft 已经被广泛采纳，尤其是在开源社区，几乎被每种主流语言所实现，并且在主要项目作为骨干使用，包括 CoreOs 分布式 Linux 发行版，以及开源时间序列数据库，InfluxDB。 Raft 从 Paxos 来的...
TLS协议分析------
2017-06-07 15:03

zhangliang_571的博客 6. libsodium/NaCL 7. Tox.im 8. CurveCP 9. tcpcrypt 10.noise 11.tcpcrypt 12. netflix MSL 12.Amazon KMS 密钥管理服务白皮书六. TLS协议给我们的启发 -- 现代加密通信协议设计七. 附录：密码学基础...
TLS协议分析
2017-03-29 10:48

etc9527的博客 6. libsodium/NaCL 7. Tox.im 8. CurveCP 9. tcpcrypt 10.noise 11.tcpcrypt 12. netflix MSL 12.Amazon KMS 密钥管理服务白皮书六. TLS协议给我们的启发 -- 现代加密通信协议设计七. 附录：密码学基础...
没有解决我的问题, 去提问

悬赏问题

¥15 微信会员卡等级和折扣规则
¥15 微信公众平台自制会员卡可以通过收款码收款码收款进行自动积分吗
¥15 随身WiFi网络灯亮但是没有网络，如何解决？
¥15 gdf格式的脑电数据如何处理matlab
¥20 重新写的代码替换了之后运行hbuliderx就这样了
¥100 监控抖音用户作品更新可以微信公众号提醒
¥15 UE5 如何可以不渲染HDRIBackdrop背景
¥70 2048小游戏毕设项目
¥20 mysql架构，按照姓名分表
¥15 MATLAB实现区间[a,b]上的Gauss-Legendre积分

如何使用NaCl签署大型文件？

2条回答 默认 最新

悬赏问题

2条回答默认最新