I need to sign a message for submission to a remote service (over a websocket). To do this, I need to structure a private key based on an integer (my user id) and a passphrase (a base64 encoded string)., hashed using SHA224. I'm using golang, and crypto/ecdsa for this with accompanying packages for byte encoding etc.
Here's the documentation I have:
Signatures use an Elliptic Curve Digital Signature Algorithm (ECDSA)
encoded message containing: user ID, Server Nonce, Client Node and
Private key. Private keys are generated hashing your user ID and your
password with SHA224.
Here's my func:
func NewKey(userId int64, pass string) (prKey ecdsa.PrivateKey) {
buf := new(bytes.Buffer)
binary.Write(buf, binary.BigEndian, userId)
passArr := []byte(pass)
sha := sha256.New224()
sha.Write(buf.Bytes())
sha.Write(passArr)
sum := sha.Sum(nil)
var in int64
reader := bytes.NewReader(sum)
err := binary.Read(reader, binary.BigEndian, &in)
if err != nil {
log.Fatal(err)
}
prKey.D = big.NewInt(in)
prKey.PublicKey.Curve = elliptic.P224()
return prKey
}
My intent with this func is that it:
Hashes the userId and pass correctly in a []byte
using SHA224.
Reads that into an int64
which is then used as the private key
Constructs an instance of ecdsa.PrivateKey
and corresponding ecdsa.PublicKey
correctly
Returns said key for use in ecdsa.Sign()
function calls
I then sign another message which consists of a userId (integer), and two nonces.
Here's how I sign my message:
key := NewKey(userId, pass) // the above func
msg := sha256.New224().Sum([]byte(userId + srNonce + clNonce))
r, s, err := ecdsa.Sign(rand.Reader, &key, msg)
sig := []string{enc(r.String()), enc(s.String())}
Questions:
Is my NewKey
func correct?
The r
and s
components are very large - presumably because I'm using int64
. Could this be an issue?
Is the line sha256.New224().Sum([]byte(userId + pass))
"correct" for hasing those two items?
How can I create my private key correctly (assuming it's wrong) and subsequently sign the message?
I'm very new to ECDSA and have basic crypto knowledge in general.