Digital Signatures
Digital Signature algorithms has similar purposes that MAC but comes with some tradeoffs such as them provides additional security feature (Non-repudiation) with cost in the performance. You can read a great explanation about the differences with MAC here.
Example signing string using rsassa-pss+sha256:
(require '[buddy.core.keys :as keys])
(require '[buddy.core.dsa :as dsa])
;; Read private key
(def privkey (keys/private-key "test/_files/privkey.3des.rsa.pem" "secret"))
;; Make signature
(def signature (dsa/sign "foo" {:key privkey :alg :rsassa-pss+sha256}))
;; Now signature contains a byte[] with signature of "foo" string
Example verifying signature:
;; Read public key
(def pubkey (keys/public-key "test/_files/pubkey.3des.rsa.pem"))
;; Make verification
(dsa/verify "foo" signature {:key pubkey :alg :rsassa-pss+sha256})
;; => true
Here is a table with complete list of supported algorithms and its variants:
Algorithm name | :alg keyword value |
---|---|
RSASSA-PSS | :rsassa-pss+sha256 , :rsassa-pss+sha384 , :rsassa-pss+sha512 |
RSASSA-PKCS 1.5 | :rsassa-pkcs15+sha256 , :rsassa-pkcs15+sha384 , :rsassa-pkcs15+sha512 |
ECDSA | :ecdsa+sha256 , :ecdsa+sha384 , :ecdsa+sha512 |
NOTE: ECDSA algorithm requires EC type of asymentric key pair.