httpsign

Signatures for HTTP requests

MIT License

Stars
3
View Code on GitHub
Ecosystems: Go

httpsign

httpsign provides utilities for creating, encoding, and verifying signatures within HTTP requests. Library provides both the transport to create digital signatures or message authentication codes (MACs), and a middleware to verify such signatures.

Overview

The library provides the following signature algorithms:

The API is based on two interfaces: Signer and Verifier. Signer is essentially a wrapper around the signature algorithm's private key. Because the private key also contains the corresponding public key, Signer can be used for verification as well.

Verifier uses the public key for verification. It is useful in situations where the user only has access to the public key and not the private key.

The HMAC algorithm is an exception, as it uses the same shared secret key for both signing and verification. Therefore, the API provides a single structure, HMAC, for both signing and verification.

Usage

Here is an example using HMAC-SHA-256 algorithm:

sharedKey := []byte("shared-secret")

// Create the Signer using the shared secret key.
sgn, err := hshmac.New(sharedKey, crypto.SHA256)
if err != nil {
	log.Fatal(err)
}

// Create the Transport.
tr := httpsign.NewTransport(sgn)

// Create an HTTP client using our transport to sign outgoing requests.
c := &http.Client{Transport: tr}

// Create the Middleware to verify incoming requests signatures.
m := httpsign.NewMiddleware(sgn)

// Wrap the handler.
var handler http.Handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
	fmt.Fprintln(w, "Hello")
})
handler = m.Handler(handler)

http.Handle("/api/foo", handler)

Here is an example using RSASSA-PKCS1-v1.5 SHA-256 algorithm:

privateKey, err := rsa.GenerateKey(rand.Reader, 2048)
hash := crypto.SHA256

// Create the Signer using the private key.
sgn, err := hsrsa.NewPKCSSigner(privateKey, hash)
if err != nil {
	log.Fatal(err)
}

// Create the Transport.
tr := httpsign.NewTransport(sgn)

// Create an HTTP client using our transport to sign outgoing requests.
c := &http.Client{Transport: tr}

// Create the Middleware to verify incoming requests signatures.
m := httpsign.NewMiddleware(sgn)

// Alternatively, we can explicitly create a Verifier using the public key.
vrf, err := hsrsa.NewPKCSVerifier(&privateKey.PublicKey, hash)
if err != nil {
	log.Fatal(err)
}
m = httpsign.NewMiddleware(vrf)

// Wrap the handler.
var handler http.Handler = http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
	fmt.Fprintln(w, "Hello")
})
handler = m.Handler(handler)

http.Handle("/api/foo", handler)
Package Rankings
Top 6.33% on Proxy.golang.org
Badges
Extracted from project README
CI Go Reference
Related Projects
httpsigver-ap

Go library to sign & verify HTTP signatures, compatible with Mastodon/ActivityPub servers.

13 Sep 2024 3
cap

A collection of authentication Go packages related to OIDC, JWKs, Distributed Claims, LDAP

19 Nov 2020 436
hmac

Validate hmac signatures in Go

18 Feb 2018 28
sshkrb5

Golang library providing GSSAPI middleware for crypto/ssh

31 Dec 2020 4
secret

Provide the interface of symmetric encryption AES/DES/3DES and asymmetric encryption RSA, making ...

08 Oct 2022 6
cosign

Code signing and transparency for containers and binaries

04 Feb 2021 4,410
sshsig

Go library to create/verify armored SSH signatures (https://github.com/openssh/openssh-portable/b...

20 Nov 2021 5
certify

Automatic client and server certificate distribution and maintenance

22 Mar 2018 462
go-hpke-compact

A small and easy to use HPKE implementation in Go.

08 Dec 2020 20
hmacsig

HMAC Signature Validation Middleware (e.g. for GitHub Webhooks)

20 Jul 2018 3
tsig

Golang library to support additional TSIG methods for DNS queries

13 Jan 2018 11
ecc

Golang native implementation of the secp256k1 elliptic curve

25 Feb 2021 24
nacl

Pure Go implementation of the NaCL set of API's

20 Jul 2017 545