Digital Signatures

Digital Signature algorithms has similar purposes that MAC but comes with some tradeoffs such as them provides additional security feature (Non-repudiation) with cost in the performance. You can read a great explanation about the differences with MAC here.

Example signing string using rsassa-pss+sha256:

(require '[buddy.core.keys :as keys])
(require '[buddy.core.dsa :as dsa])

;; Read private key
(def privkey (keys/private-key "test/_files/privkey.3des.rsa.pem" "secret"))

;; Make signature
(def signature (dsa/sign "foo" {:key privkey :alg :rsassa-pss+sha256}))

;; Now signature contains a byte[] with signature of "foo" string

Example verifying signature:

;; Read public key
(def pubkey (keys/public-key "test/_files/pubkey.3des.rsa.pem"))

;; Make verification
(dsa/verify "foo" signature {:key pubkey :alg :rsassa-pss+sha256})
;; => true

Here is a table with complete list of supported algorithms and its variants:

Algorithm name	`:alg` keyword value
RSASSA-PSS	`:rsassa-pss+sha256`, `:rsassa-pss+sha384`, `:rsassa-pss+sha512`
RSASSA-PKCS 1.5	`:rsassa-pkcs15+sha256`, `:rsassa-pkcs15+sha384`, `:rsassa-pkcs15+sha512`
ECDSA	`:ecdsa+sha256`, `:ecdsa+sha384`, `:ecdsa+sha512`

NOTE: ECDSA algorithm requires EC type of asymentric key pair.

Generated by Codox with RDash UI theme

buddy-core 1.7.1

Project

Topics

Namespaces

Digital Signatures