Mirage_crypto_ec.Dsa
Digital signature algorithm.
priv_of_octets buf
decodes a private key from the buffer buf
. If the provided data is invalid, an error is returned.
val priv_to_octets : priv -> string
priv_to_octets p
encode the private key p
to a buffer.
pub_of_octets buf
decodes a public key from the buffer buf
. If the provided data is invalid, an error is returned.
val pub_to_octets : ?compress:bool -> pub -> string
pub_to_octets ~compress p
encodes the public key p
into a buffer. If compress
is provided and true
(default false
), the compressed representation is returned.
val generate : ?g:Mirage_crypto_rng.g -> unit -> priv * pub
generate ~g ()
generates a key pair.
val sign : key:priv -> ?k:string -> string -> string * string
sign ~key ~k digest
signs the message digest
using the private key
. The digest
is not processed further - it should be the hash of the message to sign. If k
is not provided, it is computed using the deterministic construction from RFC 6979. The result is a pair of r
and s
.
Warning: there are attacks that recover the private key from a power and timing analysis of the RFC 6979 computation of k
- thus it is advised to provide a good nonce (k
) explicitly, which is independent of key and digest.
val verify : key:pub -> (string * string) -> string -> bool
verify ~key (r, s) digest
verifies the signature r, s
on the message digest
with the public key
. The return value is true
if verification was successful, false
otherwise. If the message has more bits than the group order, the result is false.
K_gen
can be instantiated over a hashing module to obtain an RFC6979 compliant k
-generator for that hash.
module Precompute : sig ... end
Operations to precompute useful data meant to be hardcoded in mirage-crypto-ec
before compilation