/cc @agl

I ran into this oddness during BoringCrypto work too. It does seem like there should be a

package ecdsa
func VerifyBytes(pub *PublicKey, hash, sig []byte) bool

to match ecdsa.PrivateKey.Sign. It would be tempting to add SignBytes that returns []byte instead of two big.Int, but that name doesn't seem right. So maybe instead:

package ecdsa
func SignASN1(io.Reader, priv *PrivateKey, hash []byte) (sig []byte, err error)
func VerifyASN1(pub *PublicKey, hash, sig []byte) bool

?

@agl, I'm happy to write these if you sign off (ha) on the names.

This came up during @katiehockman's work on Wycheproof tests, and it seems like a good idea, it looks like we are forcing everyone to use encoding/asn1 when they just want to deal with ECDSA. I'm in favor of adding these APIs.

Based on the discussion above, this seems like a likely accept.

Leaving open for a week for final comments.

Exposing a public signature interface with big-ints was dumb(*). The interface should always have been byte-based.

(* happy to use strong language here because it was my screw-up.)

No change in consensus (agl strongly agrees!), so accepting.

Great, thanks! I have a change ready for this, so I'll pass it along shortly (though it won't go in until 1.15)

I wonder if there should be a crypto.Verifier interface which is symmetric with crypto.Signer, which public key types should implement?

Change https://golang.org/cl/217940 mentions this issue: crypto/ecdsa: add SignASN1, VerifyASN1

Glad to have found this. I'm trying to discover whether the SignASN1 returns DER or BER by default (translating work from a JS lib). Perhaps this could be part of the docs?

@FiloSottile Honestly I'm not sure where there repo for the docs would live. Looked around but nothing leaps out to me.

The docs are right in the code!

https://github.com/golang/go/blob/master/src/crypto/ecdsa/ecdsa.go#L285

@FiloSottile Ah nice. Quite new to go community.

Here is the PR: #41521

@FiloSottile Sadly I now have a round trip through legal. :P